A while back, I explained how you can use Telerik Fiddler or the Catapult NetLog Viewer to analyze a network log captured from Microsoft Edge, Google Chrome, or another Chromium or Electron-based application.
While Fiddler is a native app that runs locally, the Catapult NetLog Viewer is a JavaScript application that runs in your browser. Because NetLogs can contain sensitive data, some users have worried about the privacy of the viewer– what if someday it started leaking sensitive data from logs, either unintentionally or maliciously?
Fortunately, the NetLog Viewer is a self-contained single page application that doesn’t need a network connection to run. You can use it entirely offline, either from a Virtual Machine with no network connection, or from a browser instance configured to override all network requests.
Your first step is to get an copy of the viewer as a file. You can do that by right-clicking this link and choosing “Save Link As”. Save the HTML file somewhere locally, e.g. C:\temp\NetLogView.html on Windows.
If you want to run it from a disconnected VM, simply copy the file into such a VM and you’re good to go.
If, however, you want the convenience of running the viewer from your Internet-connected PC without worrying about leaks, you can run it from a browser instance that won’t make network connections.
After saving the file, open it in a new browser window thusly:
msedge.exe --user-data-dir=C:\temp\profile --inprivate --host-rules="MAP * 0.0.0.0" --app=C:\temp\NetLogView.html
The command line arguments bear some explanation. In reverse order:
- The
appargument instructs Edge to open the supplied file with a minimal browser UI, as if it were a native app. - The
host-rulesargument tells the browser instance to direct all network requests to an IP address of0.0.0.0. On Windows, such requests instantly fail. On Mac/Linux, the null IP points back at your own PC. - The
inprivateargument directs the browser to discard all storage after the app exits (since it’s not needed). For Chrome, use--incognitoinstead. - The
user-data-dirinstructs the browser to use a temporary browser profile (which prevents the app’s window from being merged into an existing browser process, such that thehost-rulesargument would’ve been ignored.)
While none of this is strictly necessary (the NetLog Viewer doesn’t leak data), it’s always nice to be able to discard attack surface wherever possible.
-Eric
Impatient optimist. Dad. Author/speaker. Created Fiddler & SlickRun. PM @ MSFT '01-'12, and '18-, presently working on Microsoft Edge. My words are my own. View more posts