New issue
Advanced search Search tips

Issue 688739 link

Starred by 1 user
Status: Archived
Owner: ----
Closed: Feb 2018
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

webRequest: add property indicating socket pair information to the event data

Reported by oripka.t...@gmail.com, Feb 4 2017 
UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/55.0.2883.87 Chrome/55.0.2883.87 Safari/537.36

Steps to reproduce the problem:
None of the events available in the chrome.webRequest extension API provides the socket pairs involved in a request as event data.

What is the expected behavior?

What went wrong?
In order to approximately correlate request made by Chrome with encrypted network packets captured on the wire it is necessary to have the socket pair information for a certain request.

The necessary socket pair information would be source and destination IP addresses as well as source and destination ports (UDP or TCP depending on the transport used)

Did this work before? N/A 

Does this work in other browsers? N/A

Chrome version: 55.0.2883.87  Channel: stable
OS Version: 55.0.2883.87
Flash Version:

Comment 1 Deleted

Comment 2 by oripka.t...@gmail.com, Feb 10 2017 

To underline the relevance of this issue I would like to reference the recent article by a couple of security researches (Google employees being one of them) highlighting the dangers of HTTPs interception [1]:

"Antivirus vendors should reconsider intercepting HTTPS."

This means A/V should not run highly privilege software that does MiTM on HTTPs. As an alternative solution it is possible not to mess with HTTPs but then there have to be complete extension APIs in the browsers in order to comprehensively monitor/correlate encrypted network connections.

Knowing the TCP/UDP Ports and Dest/Source IP addresses for a webRequest is on of such properties. Please consider making this information available in browser extensions.

[1] https://zakird.com/papers/https_interception.pdf
Project Member

Comment 3 by sheriffbot@chromium.org, Feb 12 2018

Status: Archived (was: Unconfirmed)
Issue has not been modified or commented on in the last 365 days, please re-open or file a new bug if this is still an issue.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment