• ¡Welcome to the WhatPulse Forums!
Hello There, Guest! Login Register


Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Title: client 3.0 behind sniffing corporate proxy cannot pulse
Threaded Mode
#1
upgraded to the 3.0 client and now i can't pulse get an error dialog that sys "SSL Connection to website failed! this could be our fault, but it could also be a proxy trying to peek into our communication. Please disable the proxy, if that's the case".

obviously i can't disable the proxy (zscaler).

seems like the client may not trust my root certificates maybe?

i tried manually setting the proxy as well, but zscaler uses a redirect auth method so ti's kind of a mess. are there more detailed logs i can look at?
 
Reply
#2
Hi,

Unfortunately, this is expected behaviour when there's a man in the middle between the client and our website. While I know some organisations like to snoop into their employees traffic, there's no work around for this. I suggest using portable mode or pulsing when you're not connected to the corporate network.
 
Reply
#3
(01-06-2021, 11:57 AM)smitmartijn Wrote: Hi,

Unfortunately, this is expected behaviour when there's a man in the middle between the client and our website. While I know some organisations like to snoop into their employees traffic, there's no work around for this. I suggest using portable mode or pulsing when you're not connected to the corporate network.



ok..did something change in v3 from v2...i used to be able to send it through fiddler and it'd work.
 
Reply
#4
I have the same problem due to Zscaler and I'd like to understand more about it. If I can browse secure websites without a problem, how does WhatPulse work differently such that the connection can't be secured?

I can't disable Zscaler, but I do have local administrator access so I can install other certificates and things like that. Or WhatPulse could have another layer of encryption on top of the one being snooped. Kind of like what Chinese people need to access things blocked by the Great Firewall.
 
Reply
#5
The client makes sure the connection is not tampered with, before trusting the website. This is done to prevent people from snooping in and using that to cheat the system (it's happened).

I recommend using portable mode (https://help.whatpulse.org/kb/client/portable-mode) to take your client home with you and pulse there. Or, log off from the corporate VPN before pulsing.
 
Reply
#6
I already understood that much. What I'm trying to get at is, what part of the connection indicates that it's tampered with? Certificates somehow? A particular type of proxy behaviour? I'm trying to narrow down what element I need to look at more closely to see if I can do anything about it.

Even when Zscaler is not authenticated to the corporate network, internet traffic still goes through its proxy. That's what I meant when I said I can't disable it. I will of course look at using portable mode when I realise for sure that there's nothing else I can do. Cool

I still think double encryption is a legitimate solution that you could look into. The snooping app would just see gibberish if the WP client applies its own encryption that no proxy knows about.
 
Reply
#7
I finally stopped procrastinating and used my personal laptop to pulse my work stats. I don't use that laptop for anything else at the moment so it's a little inconvenient to get it out, but it's good to know it works.

One thing I noticed is that I can't browse to www.ssh.com on my work laptop. For a while it was giving the error "Error code: SSL_ERROR_NO_CYPHER_OVERLAP" in Firefox. So I wonder if that means some websites are preventing the same kind of snooping. I guess more websites will eventually adopt the same level of security and Zscaler's methods will become unworkable...
 
Reply
  


Possibly Related Threads…
Thread Author Replies Views Last Post
  Whatpulse client backup: Access is denied. Galaxied 1 60 11-28-2021, 10:31 AM
Last Post: smitmartijn
  Client doesn't always reset unpulsed application data on pulse Robby250 2 154 11-28-2021, 10:26 AM
Last Post: smitmartijn
  Pulse: Error while talking to website Sylverblack 2 319 10-02-2021, 05:20 PM
Last Post: ssnake42069
  Whatpulse client stops tracking keys Sylverblack 0 369 08-04-2021, 04:31 PM
Last Post: Sylverblack
  Discrepancy between overall account uptime in client vs on website + another bug TheIceMage 0 530 05-20-2021, 08:43 PM
Last Post: TheIceMage
  Client 3.0 Window opens on startup despite setting it not to XeaLouS 4 1,948 01-17-2021, 12:08 PM
Last Post: smitmartijn
  Whatpulse Client and Windows 10 (20H2) d3FC0N 3 2,228 12-29-2020, 12:54 PM
Last Post: d3FC0N
  Can't pulse OskarCodes 1 2,140 05-09-2020, 05:34 PM
Last Post: Anonymous2
Question [SOLVED] Manual Pulse-button does not work PeaceFreak 5 3,972 03-13-2020, 04:14 PM
Last Post: PeaceFreak
  Showing incorrect pulse stats Vetselm 1 2,325 02-15-2020, 03:54 PM
Last Post: smitmartijn

Forum Jump:


Browsing: 2 Guest(s)