Unexpected OCSP requests caused by WEC

Question

Unexpected OCSP requests caused by WEC

Opened this issue 3 years ago · 2 comments

I ran this tool earlier today to generate a report on a domain.

Running a local server since then is showing requests coming from somewhere, which seems rather coincidental.

These are the requests I'm seeing;

[14/Jan/2021 17:03:20] "GET /ocsp-devid01/ME4wTKADAgEAMEUwQzBBMAkGBSsOAwIaBQAEFDOB0e%2FbaLCFIU0u76%2BMSmlkPCpsBBRXF%2B2iz9x8mKEQ4Py%2Bhy0s8uMXVAIIHOTNg61vyxk%3D HTTP/1.1" 302 0
[14/Jan/2021 17:03:20] "GET /ocsp-devid01/ME4wTKADAgEAMEUwQzBBMAkGBSsOAwIaBQAEFDOB0e%2FbaLCFIU0u76%2BMSmlkPCpsBBRXF%2B2iz9x8mKEQ4Py%2Bhy0s8uMXVAIIHOTNg61vyxk%3D HTTP/1.1" 302 0
[14/Jan/2021 17:03:20] "GET /ocsp-devid01/ME4wTKADAgEAMEUwQzBBMAkGBSsOAwIaBQAEFDOB0e%2FbaLCFIU0u76%2BMSmlkPCpsBBRXF%2B2iz9x8mKEQ4Py%2Bhy0s8uMXVAIIHOTNg61vyxk%3D HTTP/1.1" 302 0
[14/Jan/2021 17:03:20] "GET /ocsp-devid01/ME4wTKADAgEAMEUwQzBBMAkGBSsOAwIaBQAEFDOB0e%2FbaLCFIU0u76%2BMSmlkPCpsBBRXF%2B2iz9x8mKEQ4Py%2Bhy0s8uMXVAIIHOTNg61vyxk%3D HTTP/1.1" 302 0
[14/Jan/2021 17:03:20] "GET /ocsp-devid01/ME4wTKADAgEAMEUwQzBBMAkGBSsOAwIaBQAEFDOB0e%2FbaLCFIU0u76%2BMSmlkPCpsBBRXF%2B2iz9x8mKEQ4Py%2Bhy0s8uMXVAIIHOTNg61vyxk%3D HTTP/1.1" 302 0
[14/Jan/2021 17:03:20] "GET /ocsp-devid01/ME4wTKADAgEAMEUwQzBBMAkGBSsOAwIaBQAEFDOB0e%2FbaLCFIU0u76%2BMSmlkPCpsBBRXF%2B2iz9x8mKEQ4Py%2Bhy0s8uMXVAIIHOTNg61vyxk%3D HTTP/1.1" 302 0
[14/Jan/2021 17:03:20] "GET /ocsp-devid01/ME4wTKADAgEAMEUwQzBBMAkGBSsOAwIaBQAEFDOB0e%2FbaLCFIU0u76%2BMSmlkPCpsBBRXF%2B2iz9x8mKEQ4Py%2Bhy0s8uMXVAIIHOTNg61vyxk%3D HTTP/1.1" 302 0

Does this tool start ocspd on macOS and it perhaps didn't stop the process?

Answer 1 · 2021-01-14T17:56:08.000Z

Thank you for sharing. We use the tool mostly with Linux. I have not seen this traffic yet.

The Website Evidence Collector does not integrate ocspd. However, maybe the chromimum compontent launches it in some circumstances.

Can you better describe how you have installed the WEC, the launch options and where precisely you witness this traffic? With which tool?

Answer 2 · 2021-01-14T23:41:30.000Z

Yeah, sorry, some vital details missed there @rriemann-eu

So I installed from github with; npm install --global https://github.com/EU-EDPS/website-evidence-collector/tarball/latest

Then I ran the tool with no args and then with website-evidence-collector --quiet --yaml --no-output

I'm seeing the traffic while I'm running a django runserver (through pycharm) on port 80