I have a server running on debian. It runs a scraper using ruby and watir which loads up in a headless fashion. I notice that a site can read the HTTP header my browser passes. How can I hide the HTTP info, or give false info, so a site cannot see my computer operating system?
I figured out a solution. I used x11 forwarding to access chrome from my local computer which has a user interface. It is possible to change the User Agent via dev tools -> network conditions, but this does NOT persist on new sessions. So I installed the first result on google for "plugin change chrome user-agent" and this does the trick.
Related
We're using AppAuth for a macOS application to authenticate Google accounts. This has been working for years, except recently Chrome has started to block all http connections by default. The loopback server in AppAuth is hard-coded to work with http connections only. The following issue also seems to have gone unanswered: https://github.com/openid/AppAuth-iOS/issues/624
What other options do we have for using a https loopback server on macOS for OAuth2 authentication? We need the loopback server to be able to extract parameters Google sends back after authentication. Asking users to switch from Chrome is not desirable.
Interesting - with loopback desktop logins there are two URLs involved:
The URL in the desktop app, which is meant to be HTTP according to OAuth standards, since it runs on end user PCs. Using HTTPS would require the entire user base to host SSL certificates, which is highly impractical. Typically a loopback URL is a value such as http://localhost:8000, where the port number is often calculated at runtime.
The URL used to invoke the system browser is a value such as https://myauthserver/authorize?client_id=xxx&redirect_uri=http://localhost:8000..., and this should be HTTPS of course.
PROBLEM DIAGNOSIS
I'd be very surprised if Google have blocked this if you are using standard desktop logins, since it has been referenced on their Native Apps Page for years.
Are you sure something else is not the cause? One possibility might be lack of a user gesture in the system browser. Is the problem consistent and are there any differences in these cases:
Make Safari Browser the default before login
Make Chrome Browser the default before login
Make Chrome Browser the default before login and clear browser cache
Let me know and I may be able to suggest some next steps ...
We are on a mission to run our acceptance tests from a selenium container running different browsers in their own containers and we have set things up so minimal config changes are necessary when testing on a local machine or a remote one triggered by continuous integration.
The stumbling block I have hit is that the site under test is authorised through windows authentication and the chrome container is effectively running as a different machine, which means that when WebDriver serves up the site it is prompted with a log in box.
So far I have run into dead ends with every technique I have used to get round this.
I can't send the credentials in the uri as many older posts suggest - just doesn't work. I can't use AutoIt to populate the auth window as the window is in a container and that runs in linux. Finally had no joy trying to proxy from one server to test server, for what ever reasons the credentials are not recognised that I set up in the proxy (using for example cntlm proxy tool).
Is this mission impossible or is there any way round this?
I am attempting to write an automation script for a process on a website using PhantomJS. I have done this same type of automation many times before, but I am having trouble with this one particular website that uses Oracle Access Manager.
When I log in with Chrome or any other desktop browser, I have no problems. However, when I try to log in with the headless browser I receive an OAM9 error which is very unspecific "for security reasons"
I have tried changing the user agent string and ignoring bad ssl certificates, I am running out of ideas and my higher ups promised this functionality to someone. Any help would be appreciated.
I have the following problem to solve:
I few months ago I startet a website where you can watch youtube videos which aren't available in your country. Everythings works fine but now I want to offer a new method where I route all the requests directly over my server. Therefore I will later use a custom DNS-Server. Right now I use the hosts file for testing but I have really no idea how i can identify the user. I can promp the user user to login on a website but I will that it works systemwide so if he use a youtube downloader for example it have to work there either and not only in the browser where I could use a session system with cookies. I want a solution where the user can identify himself once in a time like a website or something like this but how can my server detect if this is a user which is logged in or if he is not?
There are several ways that this could be accomplished with varying levels of difficulty.
standard proxy server over https. Your service could simply be a proxy server and then every "client" would update their browser to point to your proxy server. You could also simplify this by using a proxy PAC file (proxy auto config).
An anonomyzing interface. The end user would not be able to use their standard search tools etc, instead they would have to use a web page much like what google translate does.
A browser plugin. There are already firefox plugins which do something similar to this. They change the way that the browser resolves DNS. This may be the best bet for you but would require development work.
An actual install utility that you have your users install on their machines which update the dns servers.
I'm using the AJAX Test Server in Rational Application Developer. I'm posting a form to another host for authentication. That host takes a URL to redirect to after authentication. However, it insists on using HTTPS whenever it sends the 302 response. The low hanging fruit would be to just use HTTPS locally.
Looking at the launch configuration, the AJAX Test Server appears to be a custom Apache HttpCore server. I haven't spotted anything in the configuration guide.
Is there a way to access this test server via HTTPS?
This is for demo and local development purposes; not production.
Speaking from working with WAS (WebSphere Application Server) in RAD, I'm pretty sure the answer would be yes. The server (at least with WAS) has both secure and "unsecure" ports.
What I have noticed is that when the server is built with the install (at least with the newer versions of the products 7.5+), the ports used are different per install. This is to help with not conflicting with other applications that may use those ports.
So https is probably fine. You just may have to use it over port 302 or some other port.
If there is no admin console for viewing your ports, you could always try the Window | Preferences option under your menu items. Sometimes IBM hides server config stuff in there.