Closed kerberosmansour closed 6 years ago
As a Security Architect I can tell you no, "these are not the droids you are looking for, move along."
But as a peer in a small community I feel obligated to at least help: refer to https://developer.chrome.com/extensions/getstarted guide. Specifically, look for the API chrome.webRequest.onBeforeSendHeaders(callback), if memory serves.
I'm curious, why you aren't heavily encrypted and tunneling to a known secure network?
Probably better to use an extension that persistently changes headers. Tamper Chrome currently is only targeted for manual pentesting and debugging.
Any one you recommend?
On Fri, 10 Nov 2017 at 11:51 am, sirdarckcat notifications@github.com wrote:
Probably better to use an extension that persistently changes headers. Tamper Chrome currently is only targeted for manual pentesting and debugging.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/google/tamperchrome/issues/29#issuecomment-343453877, or mute the thread https://github.com/notifications/unsubscribe-auth/AMz6wngsG4bVC9kdz99qsfq1U5QO0q52ks5s1DijgaJpZM4QKSVu .
As a security engineer I want an extension which automatically adds a Public-Key-Pins-Report-Only header to all sites and for me to provide it a custom report-uri so that I could get alerts when I am being MITM'd without being locked out to sites I care about (hence report only mode).
Can Tamperchrome help?