Chomper blocks all non-browser https connections

[mpcoll]

Hi, thanks for the great program, I really like it. However, I ran in a serious issue when using chomper. Basically, it seems to block any non-browser based program from connecting to remote sites using https.

Specifically, when running a blacklist on standard time-wasting sites (i.e. facebook, twitter; see below), it seems that no https connection can be achieved outside Chrome. Indeed, chomper blocks apps like Github Desktop, InSync (google drive client) and https requests from custon R/python scritpts.

Running wget -p https://github.com in a terminal during an active block returns

-2018-05-13 11:32:34--  https://github.com/
Resolving github.com (github.com)... 192.30.253.112, 192.30.253.113
Connecting to github.com (github.com)|192.30.253.112|:443... connected.
ERROR: cannot verify github.com's certificate, issued by ‘O=mitmproxy,CN=mitmproxy’:
  Self-signed certificate encountered.
To connect to github.com insecurely, use `--no-check-certificate'.

Here is the active blacklist:

work:

• block_type:

  • blacklist

• addresses:

  • facebook.com
  • twitter.com
  • youtube.com
  • twitter.com
  • tumblr.com
  • pinterest.com
  • livejournal.com
  • digg.com
  • stumbleupon.com
  • reddit.com
  • kongregate.com
  • newgrounds.com
  • addictinggames.com
  • hulu.com
  • 9gag.com
  • xkcd.com

• Chomper commit 5dfa430

• Browser: Chrome

• Operating System: Linux Mint 18.3

Thank you and please let me know if I any other info might be useful or if I am doing something wrong.

[aniketpanjwani]

Hey there - thanks for the well formatted issue.

I agree that this is a problem, and you're not doing anything wrong. I also noticed this as a problem in Issue #25. However, I spent a bit of time doing research, and I couldn't find a way to solve it. Another context in which it's problematic for me is SSHing into an AWS instance while Chomper is on; it just doesn't work.

For now, I just adapt my workflow around when I need to use some of these applications. For example, if I'm coding Python/R and need to make HTTPS connections, I set short blocks of only 10 minutes or so, write the code in those blocks, and then I run the code after the block expires.

However, this is really suboptimal, and the truth is I don't know how to solve the problem. Really sorry about this - if anyone has a solution, I'd greatly appreciate it.

[mpcoll]

Hi thanks for the quick reply. I agree it's possible to work around this issue and this is what I intend to do for the time being. With this solved it would truly be the perfect self-control program for Linux! Unfortunately, I'm not sure I have the time/skills needed to help on this but will try to take a look at some point.

Thanks again.

[snorkel123]

Is there out-of-the-box solution to this? Maybe buy certificate (not sure about this though) ?