[Rabbit-dev] Proxy auth error

Sun Jan 23 22:04:06 CET 2011

Hi,

> Ok, now I am a bit confused.
> Is the problem present in the current release?
> Is the problem only with a patched version?
> Do the problem disappear if you run rabbit version X (for some value of X)?

Sorry for confusion and let me explain.

Originally I was using v4.7 when I got the "URI request too long"
issue. To which I have applied patch you have sent me.
So this problem occurs when running with the patch and does not when
running without (just bare v4.7).
Ignore the proxy auth bit, it was my original suspicion which was
misleading. But I am running with proxy auth on - both with and
without the patch.

If you want, I can try running it with the newest version of Rabbit.
Btw - I have just realized there's 4.9, did I miss the announcement?
Does 4.9 have the same patch incorporated?

>> Any preference on how you would like me to do it? tcpdump, wireshark,
>> httpfox, etc.?
>
> Not really, anything will work. If you do tcpdump you want to make sure
> that you get all the content though.

OK, here's what I've done:
1. installed Wireshark (http://www.wireshark.org/). Great tool!
2. cleared browser history
3. entered www.espnstar.com to my URL bar.
4. I was asked for proxy auth where I have entered my credentials
5. most of the site has loaded, and at the end of it the
authentication pop-up came out again (looks like this was coming from
an external resource, e.g. Facebook script that was integrated with
the site or something).
6. launched Wireshark on my local box and started capturing
7. hit the refresh button
8. got the same behaviour as in #5, the only difference is that site
loaded much faster as most of the data was cached. This was later
proved by packet dump containing plenty of HTTP 304s.
9. stopped Wireshark capture session and filtered out all TCP
streams(*) apart from the one that had extra authentication popup
details. It appears that the offending bit actually doesn't come from
the original site conversations (espnstar) but from Facebook and/or
w88.go.com (see dump details).
10. Removed sensitive data from the dump (marked with XXXXXXXXXXX). If
this mailing list doesn't allow attachments, I am happy to put it
somewhere else.

(*) "TCP Streams" in Wireshark, as I understand them, are the
client-server conversations joined into one file. They should be
readable using a simple text editor when exported.

As I mentioned earlier, the same scenario can also happen if step 3 is
done against http://www.itv.com.

If you want, I can run a similar session with non-patched Rabbit v4.7. Or v4.9.

m.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: espn-auth
Type: application/octet-stream
Size: 9012 bytes
Desc: not available
URL: <http://khelekore.org/pipermail/rabbit-dev/attachments/20110123/5d14b32b/attachment.obj>