Add some sneaky tricks to hide the Chrome cert warning banner

Author: pimterry

src/cert-check-server.ts

@@ -54,85 +54,85 @@ export class CertCheckServer {
 
         const certificatePem = await readFile(this.config.https.certPath);
 
-        this.server.get('/test-https').thenReply(200);
-
-        this.server.get('/download-cert').thenReply(200, certificatePem, {
-            'Content-type': 'application/x-x509-ca-cert'
-        });
-
-        this.server.get('/check-cert').thenReply(200, `
-            <html>
-                <title>HTTP Toolkit Certificate Setup</title>
-                <meta charset="UTF-8" />
-                <link href="http://fonts.googleapis.com/css?family=Lato" rel="stylesheet" />
-                <style>
-                    body {
-                        margin: 20px;
-                        background-color: #d8e2e6;
-                        font-family: Lato, Arial;
-                    }
-
-                    body:not(.show-content) > * {
-                        display: none;
-                    }
-
-                    h1 {
-                        font-size: 36pt;
-                    }
-
-                    p {
-                        font-size: 16pt;
-                    }
-
-                    iframe {
-                        display: none;
-                    }
-                </style>
-                <script>
-                    let installingCert = false;
-                    const targetUrl = ${JSON.stringify(targetUrl)};
-
-                    ${ensureCertificateIsInstalled.toString()}
-                    ensureCertificateIsInstalled();
-                </script>
-                <body>
-                    <h1>
-                        Configuring Firefox to use HTTP Toolkit
-                    </h1>
-                    <p>
-                        To intercept HTTPS traffic, you need to trust the HTTP Toolkit certificate.
-                    </p>
-                    <p>
-                        Select 'Trust this CA to identify web sites' and press 'OK' to continue.
-                    </p>
-
-                    <svg
-                        version="1.1"
-                        xmlns="http://www.w3.org/2000/svg"
-                        xmlns:xlink="http://www.w3.org/1999/xlink"
-                        x="0px"
-                        y="0px"
-                        width="400px"
-                        height="400px"
-                        viewBox="0 0 50 50"
-                        style="enable-background:new 0 0 50 50;"
-                    >
-                        <path fill="#b6c2ca" d="M25.251,6.461c-10.318,0-18.683,8.365-18.683,18.683h4.068c0-8.071,6.543-14.615,14.615-14.615V6.461z">
-                            <animateTransform
-                                attributeType="xml"
-                                attributeName="transform"
-                                type="rotate"
-                                from="0 25 25"
-                                to="360 25 25"
-                                dur="6s"
-                                repeatCount="indefinite"
-                            />
-                        </path>
-                    </svg>
-                </div>
-                </body>
-            </html>
-        `);
+        await Promise.all([
+            this.server.get('/test-https').thenReply(200),
+            this.server.get('/download-cert').thenReply(200, certificatePem, {
+                'Content-type': 'application/x-x509-ca-cert'
+            }),
+            this.server.get('/check-cert').thenReply(200, `
+                <html>
+                    <title>HTTP Toolkit Certificate Setup</title>
+                    <meta charset="UTF-8" />
+                    <link href="http://fonts.googleapis.com/css?family=Lato" rel="stylesheet" />
+                    <style>
+                        body {
+                            margin: 20px;
+                            background-color: #d8e2e6;
+                            font-family: Lato, Arial;
+                        }
+
+                        body:not(.show-content) > * {
+                            display: none;
+                        }
+
+                        h1 {
+                            font-size: 36pt;
+                        }
+
+                        p {
+                            font-size: 16pt;
+                        }
+
+                        iframe {
+                            display: none;
+                        }
+                    </style>
+                    <script>
+                        let installingCert = false;
+                        const targetUrl = ${JSON.stringify(targetUrl)};
+
+                        ${ensureCertificateIsInstalled.toString()}
+                        ensureCertificateIsInstalled();
+                    </script>
+                    <body>
+                        <h1>
+                            Configuring Firefox to use HTTP Toolkit
+                        </h1>
+                        <p>
+                            To intercept HTTPS traffic, you need to trust the HTTP Toolkit certificate.
+                        </p>
+                        <p>
+                            Select 'Trust this CA to identify web sites' and press 'OK' to continue.
+                        </p>
+
+                        <svg
+                            version="1.1"
+                            xmlns="http://www.w3.org/2000/svg"
+                            xmlns:xlink="http://www.w3.org/1999/xlink"
+                            x="0px"
+                            y="0px"
+                            width="400px"
+                            height="400px"
+                            viewBox="0 0 50 50"
+                            style="enable-background:new 0 0 50 50;"
+                        >
+                            <path fill="#b6c2ca" d="M25.251,6.461c-10.318,0-18.683,8.365-18.683,18.683h4.068c0-8.071,6.543-14.615,14.615-14.615V6.461z">
+                                <animateTransform
+                                    attributeType="xml"
+                                    attributeName="transform"
+                                    type="rotate"
+                                    from="0 25 25"
+                                    to="360 25 25"
+                                    dur="6s"
+                                    repeatCount="indefinite"
+                                />
+                            </path>
+                        </svg>
+                    </div>
+                    </body>
+                </html>
+            `)
+        ]);
     }
 
     get host(): string {

src/hide-chrome-warning-server.ts

@@ -0,0 +1,59 @@
+import { getLocal, Mockttp } from 'mockttp';
+
+// Make the types for some of the browser code below happy.
+let targetUrl: string;
+
+// The first tab that opens opens with a Chrome warning about dangerous flags
+// Closing it and immediately opening a new one is a bit cheeky, but
+// is completely gets rid that, more or less invisibly.
+function jumpToNewTab() {
+    window.open(targetUrl, '_blank');
+    window.close();
+}
+
+export class HideChromeWarningServer {
+
+    private server: Mockttp = getLocal();
+
+    // Resolved once the server has seen at least once
+    // request for the warning-hiding page.
+    public completedPromise = new Promise<void>((resolve) => {
+        this.server.on('request', (req) => {
+            if (req.url.includes('hide-chrome-warning')) {
+                resolve();
+            }
+        });
+    })
+
+    async start(targetUrl: string) {
+        await this.server.start();
+
+        await this.server.get('/hide-chrome-warning').thenReply(200, `
+            <html>
+                <title>HTTP Toolkit Chrome Warning Fix</title>
+                <meta charset="UTF-8" />
+                <style>
+                    body { background-color: #d8e2e6; }
+                </style>
+                <script>
+                    const targetUrl = ${JSON.stringify(targetUrl)};
+
+                    ${jumpToNewTab.toString()}
+                    jumpToNewTab();
+                </script>
+                <body>
+                    This page should disappear momentarily. If it doesn't, click
+                    <a href="${targetUrl}">this link</a>
+                </body>
+            </html>
+        `);
+    }
+
+    get hideWarningUrl(): string {
+        return this.server.url.replace(/\/?$/, '/hide-chrome-warning');
+    }
+
+    async stop() {
+        await this.server.stop();
+    }
+}

src/interceptors/fresh-chrome.ts

@@ -9,6 +9,7 @@ import { HtkConfig } from '../config';
 
 import { getAvailableBrowsers, launchBrowser, BrowserInstance } from '../browsers';
 import { delay } from '../util';
+import { HideChromeWarningServer } from '../hide-chrome-warning-server';
 
 const readFile = promisify(fs.readFile);
 
@@ -39,14 +40,20 @@ export class FreshChrome {
         const certificatePem = await readFile(path.join(this.config.configPath, 'ca.pem'), 'utf8');
         const spkiFingerprint = generateSPKIFingerprint(certificatePem);
 
-        const browser = await launchBrowser('https://amiusing.httptoolkit.tech', {
+        const hideWarningServer = new HideChromeWarningServer();
+        await hideWarningServer.start('https://amiusing.httptoolkit.tech');
+
+        const browser = await launchBrowser(hideWarningServer.hideWarningUrl, {
             browser: 'chrome',
             proxy: `https://localhost:${proxyPort}`,
             options: [
                 `--ignore-certificate-errors-spki-list=${spkiFingerprint}`
             ]
         }, this.config.configPath);
 
+        await hideWarningServer.completedPromise;
+        await hideWarningServer.stop();
+
         browsers[proxyPort] = browser;
         browser.process.once('exit', () => {
             delete browsers[proxyPort];

test/interceptors.spec.ts

@@ -21,7 +21,11 @@ const interceptors = buildInterceptors({ configPath, https: { certPath, keyPath
 _.forEach(interceptors, (interceptor, name) =>
     describe(`${name} interceptor`, function () {
 
-        beforeEach(() => server.start());
+        beforeEach(async () => {
+            await server.start();
+            await server.anyRequest().thenPassThrough();
+        });
+
         afterEach(async () => {
             await interceptor.deactivate(server.port);
             await server.stop();
@@ -49,8 +53,6 @@ _.forEach(interceptors, (interceptor, name) =>
                 this.skip();
             }
 
-            await server.anyRequest().thenPassThrough();
-
             const exampleRequestReceived = new Promise<CompletedRequest>((resolve) =>
                 server.on('request', (req) => {
                     if (req.url.startsWith('https://amiusing.httptoolkit.tech')) {