WhatPulse Forums » Support » Client software v » client 3.0 behind sniffing corporate proxy cannot pulse Welcome back, Guest.


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
client 3.0 behind sniffing corporate proxy cannot pulse
01-04-2021, 06:16 PM
Post: #1
client 3.0 behind sniffing corporate proxy cannot pulse
upgraded to the 3.0 client and now i can't pulse get an error dialog that sys "SSL Connection to website failed! this could be our fault, but it could also be a proxy trying to peek into our communication. Please disable the proxy, if that's the case".

obviously i can't disable the proxy (zscaler).

seems like the client may not trust my root certificates maybe?

i tried manually setting the proxy as well, but zscaler uses a redirect auth method so ti's kind of a mess. are there more detailed logs i can look at?
Find all posts by this user
Quote this message in a reply
01-06-2021, 11:57 AM
Post: #2
RE: client 3.0 behind sniffing corporate proxy cannot pulse
Hi,

Unfortunately, this is expected behaviour when there's a man in the middle between the client and our website. While I know some organisations like to snoop into their employees traffic, there's no work around for this. I suggest using portable mode or pulsing when you're not connected to the corporate network.
Visit this user's website Find all posts by this user
Quote this message in a reply
01-21-2021, 10:19 PM
Post: #3
RE: client 3.0 behind sniffing corporate proxy cannot pulse
(01-06-2021 11:57 AM)smitmartijn Wrote:  Hi,

Unfortunately, this is expected behaviour when there's a man in the middle between the client and our website. While I know some organisations like to snoop into their employees traffic, there's no work around for this. I suggest using portable mode or pulsing when you're not connected to the corporate network.



ok..did something change in v3 from v2...i used to be able to send it through fiddler and it'd work.
Find all posts by this user
Quote this message in a reply
01-28-2021, 08:03 AM
Post: #4
RE: client 3.0 behind sniffing corporate proxy cannot pulse
I have the same problem due to Zscaler and I'd like to understand more about it. If I can browse secure websites without a problem, how does WhatPulse work differently such that the connection can't be secured?

I can't disable Zscaler, but I do have local administrator access so I can install other certificates and things like that. Or WhatPulse could have another layer of encryption on top of the one being snooped. Kind of like what Chinese people need to access things blocked by the Great Firewall.

Visit this user's website Find all posts by this user
Quote this message in a reply
02-02-2021, 11:12 AM
Post: #5
RE: client 3.0 behind sniffing corporate proxy cannot pulse
The client makes sure the connection is not tampered with, before trusting the website. This is done to prevent people from snooping in and using that to cheat the system (it's happened).

I recommend using portable mode (https://help.whatpulse.org/kb/client/portable-mode) to take your client home with you and pulse there. Or, log off from the corporate VPN before pulsing.
Visit this user's website Find all posts by this user
Quote this message in a reply
02-04-2021, 04:35 AM
Post: #6
RE: client 3.0 behind sniffing corporate proxy cannot pulse
I already understood that much. What I'm trying to get at is, what part of the connection indicates that it's tampered with? Certificates somehow? A particular type of proxy behaviour? I'm trying to narrow down what element I need to look at more closely to see if I can do anything about it.

Even when Zscaler is not authenticated to the corporate network, internet traffic still goes through its proxy. That's what I meant when I said I can't disable it. I will of course look at using portable mode when I realise for sure that there's nothing else I can do. Cool

I still think double encryption is a legitimate solution that you could look into. The snooping app would just see gibberish if the WP client applies its own encryption that no proxy knows about.

Visit this user's website Find all posts by this user
Quote this message in a reply
06-16-2021, 01:32 AM
Post: #7
RE: client 3.0 behind sniffing corporate proxy cannot pulse
I finally stopped procrastinating and used my personal laptop to pulse my work stats. I don't use that laptop for anything else at the moment so it's a little inconvenient to get it out, but it's good to know it works.

One thing I noticed is that I can't browse to http://www.ssh.com on my work laptop. For a while it was giving the error "Error code: SSL_ERROR_NO_CYPHER_OVERLAP" in Firefox. So I wonder if that means some websites are preventing the same kind of snooping. I guess more websites will eventually adopt the same level of security and Zscaler's methods will become unworkable...

Visit this user's website Find all posts by this user
Quote this message in a reply
Post Reply 


Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  Discrepancy between overall account uptime in client vs on website + another bug TheIceMage 0 254 05-20-2021 08:43 PM
Last Post: TheIceMage
  Client 3.0 Window opens on startup despite setting it not to XeaLouS 4 1,329 01-17-2021 12:08 PM
Last Post: smitmartijn
  Whatpulse Client and Windows 10 (20H2) d3FC0N 3 1,640 12-29-2020 12:54 PM
Last Post: d3FC0N
  Can't pulse OskarCodes 1 1,777 05-09-2020 05:34 PM
Last Post: Anonymous2
Question [SOLVED] Manual Pulse-button does not work PeaceFreak 5 3,243 03-13-2020 04:14 PM
Last Post: PeaceFreak
  Showing incorrect pulse stats Vetselm 1 1,980 02-15-2020 03:54 PM
Last Post: smitmartijn
  Mac client causing latency every ~10 seconds bryandh 10 9,112 03-09-2017 04:50 PM
Last Post: DJLunacy
  [SOLVED] [postmortem] Pulse error: "The specified configuration cannot be used." dgw 4 5,157 03-03-2017 09:54 PM
Last Post: dgw
Information [CLOSED] Mouse distance counter in Windows client. TigraPolosatiy 1 2,788 02-27-2017 05:30 PM
Last Post: smitmartijn
  Client crash on launch (v2.7.1) Sovex66 13 9,437 02-27-2017 09:31 AM
Last Post: Dosphal

Forum Jump:


User(s) browsing this thread: 1 Guest(s)