as the article says:
https://docs.telerik.com/fiddler-everywhere/knowledge-base/how-to-capture-nodejs-traffic
is it possible to proxy globaly the traffic to fiddler except for the libraries that use the http module, other libraries that use http module, on the other hand, needs to be proxied explicitly
I need to inspect the traffic generated from a node app, which i don't know what type of library it uses.
i've tryed to proxy globally but i doesn't works
process.env.https_proxy='http://127.0.0.1:8888';
process.env.http_proxy='http://127.0.0.1:8888';
process.env.NODE_TLS_REJECT_UNAUTHORIZED=0;
does it exist a workaround?
Related
I am investigating some background Http requests made by a third party module. I want to route all such requests (I don't know where they are located) through a proxy (Fiddler) configured at the PC level so that I can inspect the payload and responses.
Is there a way to transparently make all network requests in a Node app follow the PC's proxy settings?
Recently i learned about https module in nodejs,
Like How to use it and generating certificate and key for it.
But there is also http module which most of the tutor teaches at beginning.
But the main question is,
when i create back-end server with http module.
and hosted on website like heroku after deploying we get by default https protocol for our website and its secure.
and even same for using https module
so what's the difference/advantage we get by using http/https module on one over another protocol?
does it make difference?
and which module to prefer while writing server code?
When you are running in a hosting environment like heroku that puts you behind a proxy and that proxy handles the https to the outside world for you, then that's all you need. There is no need to use https on your server directly between you and the proxy as it already has https to the outside world via the proxy and you don't need https between your server and the proxy as that's local to the secure network of the hosting facility.
If you are not running behind such a proxy, then you will want your own server to be https.
In order to ensure secure communication with users of your Express.js applications, you can make all traffic to use HTTPS, by forcing a redirect from HTTP.
I have a working node.js express based server (and client) application here that shows RPC over http+websockets. This works perfectly when run locally (using devcontainers) and includes the Dockerfile as well as devcontainer.json. However, when run from a codespace, it fails with the following client-side error messages.
client.js:9 Mixed Content:
The page at 'https://aniongithub-jsonrpc-bidirectional-example-<redacted>-8080.preview.app.github.dev/'
was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint
'ws://aniongithub-jsonrpc-bidirectional-example-<redacted>-8080.preview.app.github.dev/api'.
This request has been blocked; this endpoint must be available over WSS.
(anonymous) # client.js:9
client.js:9 Uncaught DOMException: Failed to construct 'WebSocket':
An insecure WebSocket connection may not be initiated from a page loaded over HTTPS
at 'https://aniongithub-jsonrpc-bidirectional-example-<redacted>-8080.preview.app.github.dev/client.js:9:10'
The documentation here states that By default, GitHub Codespaces forwards ports using HTTP but you can update any port to use HTTPS, as needed. When I check the settings indicated:
it's set to http. What am I missing here? How can I get it to serve my express application over http?
Note: My intention is that when locally cloned and opened in a devcontainer, the code works just as it would if opened in a CodeSpace. This means I need to ensure that the certs generated by CodeSpaces are somehow factored into my local devcontainer process or that I forego authentication altogether. Alternatively, I need to find out if I'm running on CodeSpaces and do different things, which seems messy and shouldn't be the case. Hope this makes my intentions for asking this question clearer!
It turns out that I just couldn't use http for the RPC endpoint when running over https, so the solution was to use location.protocol and ws/wss depending on the current protocol to initialize the client RPC endpoint.
I have a nodeJs application which I want to use sentry in my application. I configured it properly but I want to proxy all my sentry requests. so how can I do this? can I do something like port forwarding, for example, all requests to https://XXXXX#sentry.io go through the specific machine in another host then redirect to sentry.io? how can I do that?
You can configure an HTTP(S) Proxy.
The docs on sentry.io say:
httpProxy
When set a proxy can be configured that should be used for outbound requests. This is also used for HTTPS requests unless a separate https-proxy is configured. Note however that not all SDKs support a separate HTTPS proxy. SDKs will attempt to default to the system-wide configured proxy if possible. For instance, on unix systems, the http_proxy environment variable will be picked up.
There's a dedicated option for https too, if you want different proxies.
I am using the request npm module for making http requests in my program. The default behavior of request seems to be that it will try to use proxy server, when one is defined in environment.
I am testing this in a shared unix server used by multiple developers, who keep changing proxy settings. Further more, I do not need proxy, because I just connect other web services within the lan directly.
So, is there a way to tell the 'request' not to use the proxy option, even though if it is set in environment?
Credit goes to #mh-cbon in the comments. Codifying here to complete the answer.
Either blank out the configured proxies prior to starting nodejs
HTTPS_PROXY="" node script.js
Or use NO_PROXY, to disable proxies for specified patterns (or all)
NO_PROXY="*" node script.js
Alternatively within your node js script, do the above before loading and using of request module.
// Disable proxy from being used by request module
process.env["NO_PROXY"]="";
// Then go on as per normal
const request = require("request")
... do stuff ..