Revision history [back]

I just installed Wireshark 3.4.8, and am trying to trying to diagnose a problem with requests that are going to a URL that is protected by an Oracle OAM webgate, where the request is being made from a webpage that contains Javascript and XMLHttpRequest code. The initial request is going through a CORS proxy ("CORS Anywhere") that I host locally.

For requests that go to OAM-protected URLs, the OAM webgate causes several 302/redirects, and I am using Wireshark to try to capture that information. The initial flow looks like:

1) Browser+Javascript+XHR =====> protected URL (this is non-SSL)

2) OAM webgate sends 302/redirect response =====> browser (the "location:" response header is something like "https://access....", i.e., the 302/redirect is TO a different SSL-enabled URL.

3) In the normal OAM flow, the next 302/redirect is also to an SSL-enabled URL

4) And after that, there are 2 more 302/redirect (so 2 more requests/responses) that are to non-SSL enabled URLs.

In the Wireshark capture, I can see the #2 (the response), but I DON'T SEE any other requests/responses until the final request/response pair, i.e., most of the 302 request/responses appear to be missing from the Wireshark capture.

From the response in the LAST request/response, I can see some response headers that are injected by the CORS Anywhere proxy:

x-request-url: http://fakewava04.....com:7777/wavatarget-charlie/index.html\r\n
 [truncated]X-CORS-Redirect-1: 302 https://access.....com:443/oam/server/obrareq.cgi?encquery%3DU0nGIZcbFsG....9rEMX%2F49HbZJlUlxs0GJC8avVVeh4ADw9ZWUeC9FgSl%2BsWWGInx6qg7nW5%2BdOpyBxBLv
 [truncated]X-CORS-Redirect-2: 302 https://access.....com:443/oam/CredCollectServlet/X509?bmctx=E63431A...ED5B8A0EB8ECB&ssoCookie=disablehttponly&challenge_url=%2Foam%2FCredCollectServlet%2FX509&request_id=-86947040

and:

 [truncated]x-final-url: https://access.....com:443/oam/CredCollectServlet/X509?bmctx=E63431AD72....B8A0EB8ECB&ssoCookie=disablehttponly&challenge_url=%2Foam%2FCredCollectServlet%2FX509&request_id=-869470400032903949

Those "X-CORS-Redirect-1" and "X-CORS-Redirect-2" headers, and the "x-final-url" header are added to the response by the CORS Anywhere, for debugging purposes, and that SEEMS to indicate that there WERE those requests, BUT the actual requests don't seem to be captured by Wireshark, for some reason.

I had suspected that those 2 request/responses might not have been captured because those URLs were SSL-enabled, so I configured Wireshark with the server private key, but even after that, I still am not seeing the actual re-directed requests/responses.

FYI, in Wireshark I have been using "http||tls" as the filter...

Can anyone suggest what I need to do in order to get Wireshark to either capture those missing 302 request/responses, or to make them visible in Wireshark?

Sorry for the longish post :(!!

Thanks, Jim

I just installed Wireshark 3.4.8, and am trying to trying to diagnose a problem with requests that are going to a URL that is protected by an Oracle OAM webgate, where the request is being made from a webpage that contains Javascript and XMLHttpRequest code. The initial request is going through a CORS proxy ("CORS Anywhere") that I host locally.

For requests that go to OAM-protected URLs, the OAM webgate causes several 302/redirects, and I am using Wireshark to try to capture that information. The initial flow looks like:

1) Browser+Javascript+XHR =====> protected URL (this is non-SSL)

2) OAM webgate sends 302/redirect response =====> browser (the "location:" response header is something like "https://access....", i.e., the 302/redirect is TO a different SSL-enabled URL.

3) In the normal OAM flow, the next 302/redirect is also to an SSL-enabled URL

4) And after that, there are 2 more 302/redirect (so 2 more requests/responses) that are to non-SSL enabled URLs.

In the Wireshark capture, I can see the #2 (the response), but I DON'T SEE any other requests/responses until the final request/response pair, i.e., most of the 302 request/responses appear to be missing from the Wireshark capture.

From the response in the LAST request/response, I can see some response headers that are injected by the CORS Anywhere proxy:

x-request-url: http://fakewava04.....com:7777/wavatarget-charlie/index.html\r\n
 [truncated]X-CORS-Redirect-1: 302 https://access.....com:443/oam/server/obrareq.cgi?encquery%3DU0nGIZcbFsG....9rEMX%2F49HbZJlUlxs0GJC8avVVeh4ADw9ZWUeC9FgSl%2BsWWGInx6qg7nW5%2BdOpyBxBLv
 [truncated]X-CORS-Redirect-2: 302 https://access.....com:443/oam/CredCollectServlet/X509?bmctx=E63431A...ED5B8A0EB8ECB&ssoCookie=disablehttponly&challenge_url=%2Foam%2FCredCollectServlet%2FX509&request_id=-86947040

and:

 [truncated]x-final-url: https://access.....com:443/oam/CredCollectServlet/X509?bmctx=E63431AD72....B8A0EB8ECB&ssoCookie=disablehttponly&challenge_url=%2Foam%2FCredCollectServlet%2FX509&request_id=-869470400032903949

Those "X-CORS-Redirect-1" and "X-CORS-Redirect-2" headers, and the "x-final-url" header are added to the response by the CORS Anywhere, for debugging purposes, and that SEEMS to indicate that there WERE those requests, BUT the actual requests don't seem to be captured by Wireshark, for some reason.

I had suspected that those 2 request/responses might not have been captured because those URLs were SSL-enabled, so I configured Wireshark with the server private key, but even after that, I still am not seeing the actual re-directed requests/responses.

FYI, in Wireshark I have been using "http||tls" as the filter...

Can anyone suggest what I need to do in order to get Wireshark to either capture those missing 302 request/responses, or to make them visible in Wireshark?

Sorry for the longish post :(!!

Thanks, Jim