Skip to content
This repository has been archived by the owner on Jun 28, 2024. It is now read-only.

Unexpected OCSP requests caused by WEC #45

Open
marksweb opened this issue Jan 14, 2021 · 2 comments
Open

Unexpected OCSP requests caused by WEC #45

marksweb opened this issue Jan 14, 2021 · 2 comments

Comments

@marksweb
Copy link

I ran this tool earlier today to generate a report on a domain.

Running a local server since then is showing requests coming from somewhere, which seems rather coincidental.

These are the requests I'm seeing;

[14/Jan/2021 17:03:20] "GET /ocsp-devid01/ME4wTKADAgEAMEUwQzBBMAkGBSsOAwIaBQAEFDOB0e%2FbaLCFIU0u76%2BMSmlkPCpsBBRXF%2B2iz9x8mKEQ4Py%2Bhy0s8uMXVAIIHOTNg61vyxk%3D HTTP/1.1" 302 0
[14/Jan/2021 17:03:20] "GET /ocsp-devid01/ME4wTKADAgEAMEUwQzBBMAkGBSsOAwIaBQAEFDOB0e%2FbaLCFIU0u76%2BMSmlkPCpsBBRXF%2B2iz9x8mKEQ4Py%2Bhy0s8uMXVAIIHOTNg61vyxk%3D HTTP/1.1" 302 0
[14/Jan/2021 17:03:20] "GET /ocsp-devid01/ME4wTKADAgEAMEUwQzBBMAkGBSsOAwIaBQAEFDOB0e%2FbaLCFIU0u76%2BMSmlkPCpsBBRXF%2B2iz9x8mKEQ4Py%2Bhy0s8uMXVAIIHOTNg61vyxk%3D HTTP/1.1" 302 0
[14/Jan/2021 17:03:20] "GET /ocsp-devid01/ME4wTKADAgEAMEUwQzBBMAkGBSsOAwIaBQAEFDOB0e%2FbaLCFIU0u76%2BMSmlkPCpsBBRXF%2B2iz9x8mKEQ4Py%2Bhy0s8uMXVAIIHOTNg61vyxk%3D HTTP/1.1" 302 0
[14/Jan/2021 17:03:20] "GET /ocsp-devid01/ME4wTKADAgEAMEUwQzBBMAkGBSsOAwIaBQAEFDOB0e%2FbaLCFIU0u76%2BMSmlkPCpsBBRXF%2B2iz9x8mKEQ4Py%2Bhy0s8uMXVAIIHOTNg61vyxk%3D HTTP/1.1" 302 0
[14/Jan/2021 17:03:20] "GET /ocsp-devid01/ME4wTKADAgEAMEUwQzBBMAkGBSsOAwIaBQAEFDOB0e%2FbaLCFIU0u76%2BMSmlkPCpsBBRXF%2B2iz9x8mKEQ4Py%2Bhy0s8uMXVAIIHOTNg61vyxk%3D HTTP/1.1" 302 0
[14/Jan/2021 17:03:20] "GET /ocsp-devid01/ME4wTKADAgEAMEUwQzBBMAkGBSsOAwIaBQAEFDOB0e%2FbaLCFIU0u76%2BMSmlkPCpsBBRXF%2B2iz9x8mKEQ4Py%2Bhy0s8uMXVAIIHOTNg61vyxk%3D HTTP/1.1" 302 0

Does this tool start ocspd on macOS and it perhaps didn't stop the process?
@ghost
Copy link

ghost commented Jan 14, 2021

Thank you for sharing. We use the tool mostly with Linux. I have not seen this traffic yet.

The Website Evidence Collector does not integrate ocspd. However, maybe the chromimum compontent launches it in some circumstances.

Can you better describe how you have installed the WEC, the launch options and where precisely you witness this traffic? With which tool?

@ghost ghost changed the title Requests hitting localhost Unexpected OCSP requests caused by WEC Jan 14, 2021
@marksweb
Copy link
Author

Yeah, sorry, some vital details missed there @rriemann-eu

So I installed from github with; npm install --global https://github.com/EU-EDPS/website-evidence-collector/tarball/latest

Then I ran the tool with no args and then with website-evidence-collector --quiet --yaml --no-output

I'm seeing the traffic while I'm running a django runserver (through pycharm) on port 80

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@marksweb