chomper icon indicating copy to clipboard operation
chomper copied to clipboard

Published 20 hours ago verified publisher icon aniketpanjwani

Chomper blocks all non-browser https connections

Open mpcoll opened this issue 6 years ago • 3 comments

Hi, thanks for the great program, I really like it. However, I ran in a serious issue when using chomper. Basically, it seems to block any non-browser based program from connecting to remote sites using https.

Specifically, when running a blacklist on standard time-wasting sites (i.e. facebook, twitter; see below), it seems that no https connection can be achieved outside Chrome. Indeed, chomper blocks apps like Github Desktop, InSync (google drive client) and https requests from custon R/python scritpts.

Running wget -p https://www.github.com in a terminal during an active block returns

-2018-05-13 11:32:34--  https://www.github.com/
Resolving www.github.com (www.github.com)... 192.30.253.112, 192.30.253.113
Connecting to www.github.com (www.github.com)|192.30.253.112|:443... connected.
ERROR: cannot verify www.github.com's certificate, issued by ‘O=mitmproxy,CN=mitmproxy’:
  Self-signed certificate encountered.
To connect to www.github.com insecurely, use `--no-check-certificate'.

Here is the active blacklist:

work:

  • block_type:

    • blacklist

  • addresses:

    • facebook.com
    • twitter.com
    • youtube.com
    • twitter.com
    • tumblr.com
    • pinterest.com
    • livejournal.com
    • digg.com
    • stumbleupon.com
    • reddit.com
    • kongregate.com
    • newgrounds.com
    • addictinggames.com
    • hulu.com
    • 9gag.com
    • xkcd.com

  • Chomper commit 5dfa430fdd8f46ecc7cfcc170d54b6c4ec292a03

  • Browser: Chrome

  • Operating System: Linux Mint 18.3

Thank you and please let me know if I any other info might be useful or if I am doing something wrong.

mpcoll avatar May 13 '18 10:05 mpcoll

Hey there - thanks for the well formatted issue.

I agree that this is a problem, and you're not doing anything wrong. I also noticed this as a problem in Issue #25. However, I spent a bit of time doing research, and I couldn't find a way to solve it. Another context in which it's problematic for me is SSHing into an AWS instance while Chomper is on; it just doesn't work.

For now, I just adapt my workflow around when I need to use some of these applications. For example, if I'm coding Python/R and need to make HTTPS connections, I set short blocks of only 10 minutes or so, write the code in those blocks, and then I run the code after the block expires.

However, this is really suboptimal, and the truth is I don't know how to solve the problem. Really sorry about this - if anyone has a solution, I'd greatly appreciate it.

aniketpanjwani avatar May 13 '18 20:05 aniketpanjwani

Hi thanks for the quick reply. I agree it's possible to work around this issue and this is what I intend to do for the time being. With this solved it would truly be the perfect self-control program for Linux! Unfortunately, I'm not sure I have the time/skills needed to help on this but will try to take a look at some point.

Thanks again.

mpcoll avatar May 14 '18 10:05 mpcoll

Is there out-of-the-box solution to this? Maybe buy certificate (not sure about this though) ?

snorkel123 avatar Jun 27 '19 14:06 snorkel123