#Preventing HTTPS inspection on workers?

6 messages · Page 1 of 1 (latest)

indigo hatch Jan 23, 2025, 8:54 AM

That already is a thing

Workers are a server-side execution thing. They don't get sent to the client in any form, only what you want to send to the client is sent.

No tool can see worker content.

No, there's no way. They're just a proxy with logging, they aren't doing anything special and don't give any indication of being used

You get the same data from dev tools, which while detectable is very easy to use even with detection tooling

floral karma Jan 23, 2025, 10:13 AM

technically on enterprise plan with bot management you could manually block the JA3/4 signatures of burp/mitmproxy, but that's easily avoidable

if it runs on a client machine, there's always some way to access it