Firefox fails to proxy requests to 127.0.0.1 regardless of the proxy settings.
Categories
(Core :: Networking, defect)
Tracking
()
People
(Reporter: pauljt, Unassigned)
References
Details
Firefox fails to proxy requests to 127.0.0.1 regardless of the proxy settings.
STR:
- configure a proxy to listen and intercept (e.g. OWASP ZAP). Make sure "No Proxy For" options is blank (i.e. no exceptions)
- navigate to 127.0.0.1:1234 (or similar, doesn't actually need a server to be listening)
Expected:
You should see an error frmo the proxy saying no server etc
Actual:
The request doesnt get proxied.
NB: If you change the address to 0.0.0.0:1234 you will see the proxy intercept the request. It sounds similar to 1354269 but not sure.
PS Im testing this on OSX, FF72. But confirmed in release (OSX FF70 too. )
Comment 1•5 years ago
|
||
Hello Paul,
From Firefox 67, Bug 1507110 prevents proxy-ing localhost to avoid the vulnerable-by-omission issue.
Set network.proxy.allow_hijacking_localhost
if we want to opt-out.
In 69, Bug 1562084 provides some description for the fact. I guess that's what we can do.
You can see the warning below the "No Proxy For" box.
Thanks for reporting this.
Reporter | ||
Comment 2•5 years ago
|
||
Ha thanks Junior, I had no idea (and obviously didn't see the warning below the box). Hello pentesters who find this "bug" when you do the same thing! :)
Comment 3•5 years ago
|
||
We have a ZAP FAQ about that :) https://github.com/zaproxy/zaproxy/wiki/FAQlocalhost
Description
•