Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I have no ideea. Possibly that's a limitation of Chrome+Firefox developer tools (I get the feeling it's the same code)?

But I found what "burp" is: https://portswigger.net/burp/communitydownload



It seems like they only make the localhost requests on your first visit. If you open devtools in incognito mode (or just clear the cookies) before accessing https://ceac.state.gov/genniv/ you should see those 127.0.0.1 attempts as ERR_CONNECTION_REFUSED in the network tab.

Somewhat more worryingly, Little Snitch doesn't report them at all, though that might just be because they were already blocked at the browser.


This is what I see.

https://i.imgur.com/lvjg2YQ.png


> 400_random_url_with_numbers_403

That looks so much like test code that was shipped to prod.

Searches for that string on GH does return results.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: