Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Proxy Logic modification #12

Open
RaulDoyensec opened this issue Apr 26, 2023 · 0 comments
Open

Proxy Logic modification #12

RaulDoyensec opened this issue Apr 26, 2023 · 0 comments
Assignees
@RaulDoyensec
Labels
enhancement New feature or request

Comments

@RaulDoyensec
Copy link
Collaborator

The proxy only make the requests using the hooked browser if the response is "text/html". that means that for JS, png, etc, it will try to obtain the information and will use the browser in cases in which it has no authorization.

The main reason of this is the use of external resources on websites, if a website is trying to fetch an external JS, we won't be able to obtain it using the hooked browser, and the attacker client won't work correctly.

I would like to modify this logic, The proxy will try to obtain this content using the hooked browser, and if the CORS does not allow us to obtain non "text/html" resources, we will obtain them using normal requests, this will fix possible problems hooking internal web applications.
@RaulDoyensec RaulDoyensec added the enhancement New feature or request label Apr 26, 2023
@RaulDoyensec RaulDoyensec self-assigned this Apr 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@RaulDoyensec RaulDoyensec

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@RaulDoyensec