Need assistance to unblock WhatPulse from Netskope company firewall intercepting

Eagle3386 · October 21, 2022, 7:22pm

Hey guys!

Pulsing results in this dialog:

And refreshing my account info results in this dialog:

Since WhatPulse’s log says:

21-10-2022 21:01:27.299 ERROR HTTP Error: "Error while talking to website: Operation canceled" 
21-10-2022 21:01:27.299 ERROR HTTP Error code: QNetworkReply::OperationCanceledError 
21-10-2022 21:01:27.300  WARN Error while talking to the website:  "Error while talking to website: Operation canceled" 
21-10-2022 21:01:27.300  WARN Original request:  "refresh_account_info" 
21-10-2022 21:01:27.300  WARN with input data:  
21-10-2022 21:01:27.300  WARN "{}"

and even Netskope’s log says:

2022/10/21 21:01:22.901 stAgentSvc p13cc t30e4 info tunnel.cpp:814 nsTunnel DTLS [sessId 1] Tunneling flow from addr: <my local IP>:51605, process: whatpulse.exe to host: client.whatpulse.org, addr: 159.65.210.53:443 to nsProxy
2022/10/21 21:01:22.949 stAgentSvc p13cc t30e4 info tunnel.cpp:814 nsTunnel DTLS [sessId 1] Tunneling flow from addr: <my local IP>:51606, process: whatpulse.exe to host: client.whatpulse.org, addr: 159.65.210.53:443 to nsProxy
2022/10/21 21:01:24.586 stAgentSvc p13cc t30e4 info tunnel.cpp:814 nsTunnel DTLS [sessId 1] Tunneling flow from addr: <my local IP>:51608, process: whatpulse.exe to host: client.whatpulse.org, addr: 159.65.210.53:443 to nsProxy
2022/10/21 21:01:25.595 stAgentSvc p13cc t30e4 info tunnel.cpp:814 nsTunnel DTLS [sessId 1] Tunneling flow from addr: <my local IP>:51608, process: whatpulse.exe to host: client.whatpulse.org, addr: 159.65.210.53:443 to nsProxy
2022/10/21 21:01:31.267 stAgentSvc p13cc t30e4 info tunnel.cpp:814 nsTunnel DTLS [sessId 1] Tunneling flow from addr: <my local IP>:51609, process: whatpulse.exe to host: client.whatpulse.org, addr: 159.65.210.53:443 to nsProxy

there’s obviously an interception of the connection.

Since any other connection (update check, GeoIP db update, etc.) succeeds just fine, I’ve got 2 questions:
a) Could WhatPulse be modified to accept such company firewall/proxy interceptions & if so, what’s a realistic timeframe (amount of months is sufficient for me) or, if not, why such feature/workaround isn’t possible.

b) From a very technical point of view (I’ve got to argue with highly tech-savvy firewall/network admins…), what exactly needs to be stopped/left alone by that security software in order for- WhatPulse to succeed account info refreshes & pulses?

Please help me, getting WhatPulse working (again)!

Thanks in advance,
Martin

Bloopy · October 25, 2022, 8:24am

It could be modified to accept it in theory, by using double encryption as I mentioned here when I encountered the same issue. I just don’t see it happening though. I still wonder if other apps and sites will start detecting sniffing and then maybe Zscaler and Netskope have to back down before WhatPulse does anything.

You can keep pulsing your stats by going portable style like I did, taking files to a home device to pulse and then bringing them back to continue. The business I work for was bought by another company who keeps more control of what’s installed now, so I don’t run WP for work any more.

smitmartijn · October 25, 2022, 8:39am

Hi Martin,

Just checking in to see whether you had enough info from the support ticket reply, which seems to be the same post as this one. To recap: the SSL certificate of client.whatpulse.org needs to be left alone. Having that changed, indicates something/someone is looking into the data that you’re sending.

Eagle3386 · October 25, 2022, 10:36am

@ Bloopy: interesting idea, because @smitmartijn only stated in that thread that MITM checks won’t go away, but not that double-encryption as an effective prevention wouldn’t be considered.

In my case, it’d require to stop the Netskope client service, then pulsing succeeds - but while I’m a developer & hence won’t either loose local admin rights nor can I be bothered with installed software beyond a certain level, I’m still bound by company-wide established rules which of course forbid termination of said service for security reasons.

Eagle3386 · October 25, 2022, 10:42am

@smitmartijn: I did understand the “culprit” as soon as I read Bloopy’s post. However, in contrast to Bloopy, I do want to continue tracking my stats & therefore any improvement on your side would be greatly appreciated!
So, what are your thoughts regarding Bloopy’s suggestion? Could you implement that?

smitmartijn · October 25, 2022, 11:54am

We’ll reevaluate, but I put data security very high in my priority list. You can use portable mode right now.