WebSniffer is one of my projects that will be getting more of my attention now and during the upcoming weeks and months. In essence, it’s a HTTP protocol debugger that sends a GET/POST/HEAD request to a remote site and returns the headers and content of the requested page. It also helps to track different types of HTTP redirects (301/302) and trace affiliated links without setting the tracking cookies in your browser etc. This product has been (passively) developed since mid 2017 ans as of now is completely web based and free to use. The only income it generates are a couple of bucks per month via the online banners advertisement.

Now, the reason for this blog post are some surprising news that I discovered today. But before we get to it, let start with the background. The WebSniffer product was created in the first place to serve my own needs. From time to time I had to ping some web sites to find out what kind of response they are returning. Some months ago I tried to do this using the WebSniffer site while being at my day job at Siemens. To my surprise and disappointment I was not able to connect to the site. The error message I was getting in almost all web browsers was coming from the corporate antivirus Trend Micro, which is installed on almost all corporate computers, including my laptop. All my attempts to connect to the site using either Internet Explorer, Firefox or Chrome were blocked. The only browser that was able to access the website on this laptop was Opera. I don’t really know what helped Opera to circumvent the filters of antivirus. Maybe an own DNS server? No idea! While it was a bit annoying, I didn’t pay much attention to it, because I was still able to access WebSniffer from Opera… But in fact it was a huge deal. Imagine, the whole Siemens army of developers could not access the site. Also, who knows how many other corporations with thousands of employees use the same antivirus solution and thus cannot access the site?

The probable reason of the blocking by Trend Micro was a site blacklisting somewhere in their databases. I don’t have any idea why they would block a site like WebSniffer as it never served a piece of malicious code of any sorts. It almost doesn’t use any JavaScript, other than the standard third-party analytics and ads solutions. My only guess is that they somehow didn’t like the word “sniffer” in the domain name and thus suspected the site of some wrongdoing…

Additionally to this fact, I got a report in November 2019 that Kaspersky was also blocking the site (see the screenshot below in German).

Kaspersky blocks the access to WebSniffer.

That was really annoying and I wrote in my (long) product backlog that I’ll need to sort these things out once I have a bit more time on my hands. Some of the possible solutions that came to my mind were: completely ignore it (probably not the best option), try to whitelist the domain, move to another domain. I got some spare time during the Christmas holidays and on 26-Dec-2019 was tinkering with the site of Trend Micro. Pretty quickly I discovered their “Site Safety Center“. It’s a simple web form that let’s you check any web site and will rate it according to 4 categories: safe, dangerous, suspicious and untested. I submitted the site websniffer.cc and received the response with the safety rating “untested”, while some of my other websites were rated as “safe”. Once you submit a site and get a safety rating, just below the rating there will be this big red button called “RECLASSIFY REQUEST”. I clicked the button and filled out a short form, also leaving my email address, to reclassify the site in question. I even got an automated email that now the site will be reviewed and they will get back to me. Just after 20 minutes I received a second email from Trend Micro that informed me that the site was successfully reclassified as “safe”. That was quick!

A couple of days before this whole reclassification thing with Trend Micro my shared hosting provider asked me to move the WebSniffer site away from their server. The reason was that before this date the site was under ongoing DDoS attack and caused substantial load to the shared server. I was forced to move the site to my dedicated virtual server hosted at AWS. This move resulted into a change of the IP address of the server.

Today, I already wanted to write an email to an IT admin within the Siemens corp network and send him a screenshot of the blocked WebSniffer site. As I typed the address websniffer.cc into the URL field of the browser, I was shocked! The site loaded as usual. No blocking anymore! What was the reason? Moving from one IP address to another one or whitelisting the domain with Trend Micro? I guess the latter. Anyways, here are the good news, WebSniffer is unblocked!

PS: still have to double check it with Kaspersky and some other major antiviruses and general blacklists.

PPS: if you want to follow the development of WebSniffer check out the listing at Indie Hackers or subscribe to the WebSniffer newsletter. For any feedback or feature requests, feel free to contact me.