Using proxy with program which uses LaunchDarkly

[Irmantas Varačinskas]

Hello,

I'm having a little problem when trying to proxy requests among which is GET https://stream.launchdarkly.com/all request (in reality this problem occurs when calling some internal API in the company I work in but this one acts similarly). 

If proxy is turned on then ZAP throws Timeout exception and the request fails without returning what features are turned on. If I turn off the proxy then everything works as expected...

To reproduce this, I cloned https://github.com/launchdarkly/hello-dotnet repository and configured some feature in https://app.launchdarkly.com.

As far as I can see, when application is calling GET https://stream.launchdarkly.com/all, the GET request doesn't finish but just hangs there. This happens with or without ZAP proxy.

Is there some workaround?

Regards,

Irmantas Varačinskas

[hauschu...@gmail.com]

Hi!

When you say "turn off the proxy then everything works" are you talking about an upstream corporate proxy, or ZAP?

[Irmantas Varačinskas]

What I mean is "turn off the System proxy" (doesn't matter if ZAP is on or off)

By the way, If I add url to exclude list then it also works

If that's still not clear what I'm trying to say then let me know :)

[hauschu...@gmail.com]

It sounds like a fairly 'standard' proxy issue, but those can vary a lot in configuration. 

ZAP is proxying other traffic as normal, I assume?

Since it looks like you're using windows, I recommend using Fiddler as a proxy, which will seamlessly integrate itself with whatever your internal network settings are. 

Then, point ZAP to that (usually localhost:8888), then point your browser to ZAP.

Then run your little experiments as before, and you can compare the GET request as sent from the browser directly to fiddler, and the one from ZAP to fiddler and see what/if there are any differences. 

[Irmantas Varačinskas]

Yes, ZAP proxies everything else as usual.

Tried comparing the requests and looks like requests and responses in Fiddler are identical... 

Maybe have any other ideas to check?

[thc...@gmail.com]

Hi.

Did you try increase the connection timeout?
https://github.com/zaproxy/zap-core-help/wiki/HelpUiDialogsOptionsConnection

Best regards.

[Irmantas Varačinskas]

Thanks for suggestion, unfortunately it did not help. 

Timeout is set to 30 seconds and usually program gets feature flags in a second or two (not sure how these features are received but certainly not in http response).

[hauschu...@gmail.com]

This  is your situation so far as I understand it:

OK: Browser --> corporate proxy --> LaunchDarkly 

NOT OK: Browser --> ZAP --> corporate proxy --> LaunchDarkly

OK: Browser --> Fiddler --> corporate proxy --> LaunchDarkly

NOT OK: Browser --> ZAP --> Fiddler --> corporate proxy --> Launch Darkly

Is that correct?

Also, what is the content of your hosts file? (my above diagram is making a few assumptions worth checking on)

[Irmantas Varačinskas]

You are pretty much correct. Just instead of browser, there are some unit tests (or more precisely integration tests) written with .NET

Hosts file has some default value: "{some private ip} {computer name}.mshome.net". I think exact values should not matter :)

[Irmantas Varačinskas]

Some probably related question: does ZAP proxy support Server-Side Events? It looks like LaunchDarkly is using SSE and when ZAP is proxying requests, data from SSE is not received...

Sorry if I'm spamming too much

[hauschu...@gmail.com]

That sounds like it could be an important element of your mystery, and unfortunately a bit out of my area!

I would probably start by slapping Wireshark on it and see if I could see a difference between the 'good' scenario and the 'bad' one!

[thc...@gmail.com]

Not by default, you would have to install Server-Sent Events add-on.

Best regards.