Can I see the network calls from a Firefox add-on? - firefox

I'd like to see the calls made from a Firefox add-on.
I know it's calling its website's REST API, and I would like to see the requests to better understand the API.
However in the Web Developper Network tab, these calls do not appear. Is there an option to see them ? Whether in dev tools or in about:config ?
Edit: I tried the about:debugging too, but it doesn't seem to capture the requests either. There are some background requests yes, but not the ones I know should be there.
As I don't know if this is generic or specific to the extension I'm looking at I'll detail. I'm trying to look at the requests made by the raindrop.io extension (https://raindrop.io/) that offers an API (https://developer.raindrop.io).
When I click on the extension button, I can create a bookmark for the page. For instance: the one I'm editing right now
This goes through requests to the REST API (at least a POST to https://api.raindrop.io/rest/v1/raindrop). I know because:
I can see similar requests when doing an operation from the website itself
I can send this request via the JS console and make it work
However I do not see this request in the normal Network console, I see no requests from the extensions.
I do not see it either from the debugging one. I see some requests though, but only background GET requests to a /links API that returns the full list of bookmarks. A request is made after I've added my bookmark, but it is clearly not the one that makes the update.
Another way I know the request is being made is that if I try to bookmark something weird (like the debugging tab), the extension displays an error that is the same I get if I manually sent a malformed request to the API.
So these calls happen. But I can't see them anywhere.
Note that the illustration is on this add-on because this is what I'm looking at right now, but I had the issue with others in the past. No way to see the foreground requests of the add-on.

Related

Prevent Google Web Preview bot

I noticed today in the webserver logs that we sometimes get bursts (450 requests in 2 seconds) of requests from a useragent with Google Web Preview. Looking at other stackoverflow it seems this is probably related to the preview functionality on the search page or maybe to the saved/most used links at the bottom of a users chrome tabs.
I've already blocked these particular URLs in the robots.txt, so, it's obviously ignoring that. It seems from this 2010 instant previews page that you can add a nosnippet tag and Google will then not try to fetch the preview. However, it seems that adding nosnippet wouldn't actually stop the request (as they'd still have to fetch the page to parse out the tag).
Short of blocking Google's ip address which I don't want to do, is there a decent way to stop Google hammering the server periodically.
I think you probably did it, but when I get such issue I make a buffer page, and provide link on that page e.g link for admin panel that I don't want to be rendered and use NO Index on that page

Is there any way we can modify Json data coming in the network tab of chrome and see the changes in the web page?

The webpage Template loads data via some json data we get from the endpoint.
I have a Rest Api and a Angular Front end . The Angular app populates the template from the data coming in from the rest api which we can see in the Network Tab of Chrome Developer Tools.
Is there any way we can modify the Rest data in Network tab and see the changes that occurs in the Webpage.
Is that even possible, It might sound a stupid question but i guess this might be a very special tool if there is not much interaction between the Back end and Front end teams.
I am not quite sure if i am able to explain it properly but this was the best i could edit please bear with me thanks
Just a Screen Shot of the type of data in Network tab.
Sample Data Network Tab
It is not possible from chrome's network tab. You have to use BurpSuite for example which is available in Kali linux as a default. With that you can intercept http requests and responses and modify it's payload.
You can get it from here: https://portswigger.net/burp/
No, you're not able to modify XHR data as you can other sources. What I do is just copy the file to my local drive and temporarily modify it's source. I test responses from API's using Postman and it's pretty awesome.
I have to say I'm a little bit afraid for you though. It's not a great idea to be consuming services from external api's from the client side. Are your API keys and passwords hanging out in that client side code somewhere?

How do I get XHR/Ajax resource timing data from window.performance?

When I open the Firefox "network" tab in the developer tools, I'm able to see the timing data from all the requests my page is making, including application/json (XHR) calls. I want to be able to get this timing information programmatically.
In Selenium, I let my page load fully and then ask the window.performance.getEntries() method for all of the resources. It gives me back a ton, including CSS, javascript, etc, but I don't see the calls to our RESTful services that show up in the Firefox window as "json" requests.
Since Firefox shows them in its Network tab in the developer tools, is a way for me to get them programatically? Our app is an angular app that is not using iframes.
I figured out my issue after a day of googling and trying different things. Thanks to this article I discovered that I needed to add Timing-Allow-Origin: * to the response header of all the services.
Once I did that, the timing information started to appear. It's apparently because the services are hosted at a different domain than my client. I don't understand the ramifications of leaving that header in there so I'll make sure it doesn't get deployed to production.

Automating Wi-Fi Authorization with Firefox SDK

I'm trying to make a Firefox addon with the Firefox Add-on SDK and API, and I have some questions about their possibilities before I start using them.
My college's Wi-Fi authorization expires every 30 minutes only to have fun pissing off their students. There are already some autofill addons available on many browsers but it's still destructing to move the mouse pointer onto the "Login" button and click it when there is one second left to turn in a midterm paper. I've heard my friends complaining like this for months and I myself think the thing is actually annoying sometimes, so I decided to develop a Firefox addon that takes charge of the job so that the authorization process will feel not even existing once the addon is activated. (I just want to impress my friends honestly.)
For ease I would like to develop the addon within the Firefox add-on SDK. I found that my addon would be utilizing the page-mod, password and request APIs; page-mod to detect the Wi-Fi service's auto-redirection into their authorization page, password to fill in the page's form by a student ID and password stored in the individual Firefox browser, request to redirect the "Login Successful!" page into the originally given destination.
So I guess it should be possible to achieve my goal with this SDK and APIs, but there are still some questions that I need to ask before I proceed:
Is it possible to pass a callback function to page-mod::PageMod (not as a String or a URL to another JavaScript file)? If not, can it be done using the lower level API?
Is it possible to actually redirect a page in a tab into another page only using high level APIs?
Is it possible to remember the original destination's location (with the request method and contents) and call it in the process of page-mod::PageMod (in order to re-redirect out of the authorization page)? If not, can it be done using the lower level API?
Is it possible to perform the addon's redirection function on inactive (background) tabs where the opened webpages automatically keep connecting to the Internet and get redirected to the authorization page?
Thank you so much for reading and please spare a little bit of your time for me. Thank you again!
Is it possible to pass a callback function to page-mod::PageMod (not as a String or a URL to another JavaScript file)? If not, can it be done using the lower level API?
No, everything that goes through the port is serialized using JSON serialization (See docs). Instead you would probably emit an event from your content script to execute the callback method with parameters you pass it in the module scope and hardcode parts that need to be done in the content script with port event listeners.
Is it possible to actually redirect a page in a tab into another page only using high level APIs?
Totally, if you're in a content script, you can just set window.location, or in your modules you set the location of a tab, see https://developer.mozilla.org/en-US/Add-ons/SDK/High-Level_APIs/tabs#url.
Is it possible to remember the original destination's location (with the request method and contents) and call it in the process of page-mod::PageMod (in order to re-redirect out of the authorization page)? If not, can it be done using the lower level API?
Possible? Yes, depends a lot on how the redirection from the W-LAN works. Generally all the SDK offers you is getting load/ready events for tabs and reading a tab's current URL. So if you get a ready event at the point of the redirect you're fine. If your college login remembers the redirect target using a get parameter in the URL you're fine. If your college doesn't adjust the URL, you're fine. If you really need to dig through the request, you'll have to ge a bit deeper than even what the SDK offers you, but it is possible.
Is it possible to perform the addon's redirection function on inactive (background) tabs where the opened webpages automatically keep connecting to the Internet and get redirected to the authorization page?
JS execution for Add-ons is not paused based on a tabs state.

Automatically resend POST request in browser when navigating using back button

When I click the back button of a browser, a message pops up asking if I want to re-send the request or Try Again. I am trying to find out how to avoid this message displaying when a user navigates back to any page using the browser back button. Basically, I want the browser not to ask for a confirmation before resending the request.
Right now, when testing in Firefox, I get this:
Document Expired
This document is no longer available. The requested document is not available in Firefox's cache. As a security precaution, Firefox does not automatically re-request sensitive documents.Click Try Again to re-request the document from the website.
Sounds like the system you interact with doesn't follow the Post/Redirect/Get pattern.
The client issues a POST request to the server,
the server does something with the data and,
redirects the client to a different URL
which the client uses GET to fetch.
This way the client can reload the last URL or use the back-button and will not use POST again.
See Wikipedia for details.
Add this in the start of PHP codes:
ini_set('session.cache_limiter','public');
session_cache_limiter(false);
With the current Firefox update, to version 29, this has become the default feature when you try to navigate back to pages like search results. It can be disabled under Options/Advanced/Network and check 'Override automatic cache management'. Though your question predates this update, it looks like the same issue.
I found this solution on the Mozilla support forum here: https://support.mozilla.org/en-US/questions/1018237

Resources