Support for recording web based sessions to HTTPS pages

[support]

Request to add in the ability to record browser based https sessions, for example websites like logins into firewall consoles.

[SZU]

+1

[Carlo]

Came here to request the same.  This functionality could be added to the existing Passwordstate browser extension (similar to StealthBits/Netwrix)

 

Please see the following open source implementations that could be adapted to work with Passwordstate

https://github.com/dlinbernard/screen-recorder

https://github.com/wireworks-app/chrome-screen-recording

https://github.com/sauermar/web-browser-recorder

https://github.com/muaz-khan/RecordRTC

 

[support]

Hi Carlo,

 

Thanks for the vote, and suggestions.

Looking at each of those solutions, unfortunately they do not appear (at an initial glance), to be appropriate for an Enterprise solution like ours - they seem client based.

If there is a solution available, we would need:

• To be able to specify which users are recorded
• Prevent the users from turning off the recording i.e. uninstalling a browser extension
• Have the recordings sent to a network share, so they can be replayed back from the UI in Passwordstate

Regards

Click Studios

 

[Carlo]

Right now, I have the URL for web administration of a host set up in the External Links section of the host.  When I need to access the web UI of a system, I can click that link, and when the new window launches, the browser extension automatically fills the user name and password.

 

To be able to specify which users are recorded

I think it should be any user that clicks the link in Passwordstate.  If there was a desire to specify which users are recorded, that could be done in the PasswordState interface, and the extension would check to see if the user was in the list of users to record the session.

Prevent the users from turning off the recording i.e. uninstalling a browser extension

It's possible they could uninstall the browser extension, but then they would have to check out the password since the browser extension wouldn't be available to fill in the current password.  I suppose you could make it more secure by launching a reverse proxy of the site through the Passwordstate server that interacts with the browser extension to allow access.  Actually, this would be pretty much like the Browser Based Launcher for SSH.  You could place the button for the web administration for a host in the Remote Session Launcher section, along with the notification of recording.  Not sure if this would work with something like an Azure or 365 portal, though.

Have the recordings sent to a network share, so they can be replayed back from the UI in Passwordstate

Not sure how the above extensions work, as far as where the recordings are saved.  I know an open source application called Posthog can be used by webmasters, where a javascript is added to the web page, and sessions are recorded and saved on the Posthog server.

 

Thanks!

[Carlo]

Maybe this open source application might help.  Supports reverse proxy and session recording.

https://github.com/requestly/requestly

[BCoole]

+1