Wednesday, October 12, 2016

How to force QUIC connections with Google Chrome for testing

My day job is  panic'ing  over QUIC udp  connections & with  our proxy. QUIC is not new but most network/security engineer don't understand it muchless know how to test for access w/QUIC.

Here's a simple way to force a  QUIC connection  & to test if your Chrome browser has support  for QUIC connections to a website and  if your firewall and proxy support  QUIC.


from the cli ( macOSX  in my  case ) , we set the  quick enable and the  server  name:port that we are connecting to;

example  cli command open launching chrome

/Applications/Google\\ Chrome   --enable-quic --origin-to-force-quic-on<sitename:port#:80>  http://<sitename>

2> Now you can monitor these from the chrome browser using the chrome integral URL for quic connections

insert the following in a new window tab

  notice the above connections where over my t-mobile  ipv6  hotspot cool ;)

This is a sure way to enable QUIC connection and to monitor them. If the  site is not available for QUIC you will get the classic quic connection error in your browser indicating the protocol


You can also inspect TLS over QUIC via the  "https" icon  if you  want to inspect  SSL/TLS and QUIC support or use  tshark.

( https over up  port 443 )

notice udp as the transport

If SSL/TLS support is not supported or fails, you  unix shell will display the following output upon launching


NSE Network Security Engineer
{  Fortigate,  PaloAlto ,  CiscoASA }

kfelix   a...t
     ^      ^
=(  @  @ )=

        /  \

No comments:

Post a Comment