Comment by samsonradu

Comment by samsonradu 3 days ago

How does it manage to hide the requests to 127.0.0.1 from the network tab?

The requests are not made, because some operating systems prevent this.

If you're on OSX, the permission to "discover on the local network" prevents it from happening ( System Settings -> Privacy & Security -> Local Network -> yourbrowser )

Could also be 'network' permissions on firefox ( Go to Settings > Privacy & Security > Permissions ) which is on a per site level, but iirc that could be set site-wide at some point.

The other browsers likely have similar configs, but this is what I have found.

Reply View 1 reply

snowwrestler 3 days ago

Looks like this is new to MacOS 15 Sequoia, as I don’t see a Local Network option in Sonoma.

Reply View | 0 replies

M95D 3 days ago

I have no ideea. Possibly that's a limitation of Chrome+Firefox developer tools (I get the feeling it's the same code)?

But I found what "burp" is: https://portswigger.net/burp/communitydownload

Reply View 3 replies

culturestate 3 days ago

It seems like they only make the localhost requests on your first visit. If you open devtools in incognito mode (or just clear the cookies) before accessing https://ceac.state.gov/genniv/ you should see those 127.0.0.1 attempts as ERR_CONNECTION_REFUSED in the network tab.
Somewhat more worryingly, Little Snitch doesn't report them at all, though that might just be because they were already blocked at the browser.

Reply View | 0 replies
inferiorhuman 3 days ago

This is what I see.
https://i.imgur.com/lvjg2YQ.png

Reply View | 1 reply
- hoherd 3 days ago
  
  > 400_random_url_with_numbers_403
  That looks so much like test code that was shipped to prod.
  Searches for that string on GH does return results.
  
  Reply View | 0 replies