search

google / tamperchrome

Tamper Dev is an extension that allows you to intercept and edit HTTP/HTTPS requests and responses as they happen without the need of a proxy. Works across all operating systems (including Chrome OS).
https://tamper.dev
Apache License 2.0
4.18k stars 214 forks source link

Automatically set a Public-Key-Pins-Report-Only header with custom report-uri #29

Closed kerberosmansour closed 6 years ago

kerberosmansour commented 6 years ago

As a security engineer I want an extension which automatically adds a Public-Key-Pins-Report-Only header to all sites and for me to provide it a custom report-uri so that I could get alerts when I am being MITM'd without being locked out to sites I care about (hence report only mode).

Can Tamperchrome help?

sh1ftchg commented 6 years ago

As a Security Architect I can tell you no, "these are not the droids you are looking for, move along."

But as a peer in a small community I feel obligated to at least help: refer to https://developer.chrome.com/extensions/getstarted guide. Specifically, look for the API chrome.webRequest.onBeforeSendHeaders(callback), if memory serves.

I'm curious, why you aren't heavily encrypted and tunneling to a known secure network?

sirdarckcat commented 6 years ago

Probably better to use an extension that persistently changes headers. Tamper Chrome currently is only targeted for manual pentesting and debugging.

kerberosmansour commented 6 years ago

Any one you recommend?

On Fri, 10 Nov 2017 at 11:51 am, sirdarckcat notifications@github.com wrote:

Probably better to use an extension that persistently changes headers. Tamper Chrome currently is only targeted for manual pentesting and debugging.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/google/tamperchrome/issues/29#issuecomment-343453877, or mute the thread https://github.com/notifications/unsubscribe-auth/AMz6wngsG4bVC9kdz99qsfq1U5QO0q52ks5s1DijgaJpZM4QKSVu .