Getting Started
Getting Started
Installation
Installation
HTTP Rules (Modify Traffic)
HTTP Rules (Modify Traffic)
Overview
Redirect URL (Map Local, Map Remote)
Replace Strings (Switch Hosts, API Endpoints)
Modify Headers
Modify Request Body
Modify Response Body
Modify Query Params
Modify Cookies
Modify DOM/Inject scripts
Modify User Agents
Delay Request
Cancel Rule
Organizing Rule
Import/Export Rules from File
Pause/Resume Requestly
Rule Operators
Advance Targeting
Sharing Rules
Map Local
Map Remote
Pinning Rules
GraphQL Support
Edit and Replay
Import Setting from Charles Proxy
Test URL Condition
Test this Rule
File Server
File Server
Sessions Replay
Sessions Replay
Getting Started
Getting Started
Installation
Installation
HTTP Rules (Modify Traffic)
HTTP Rules (Modify Traffic)
Overview
Redirect URL (Map Local, Map Remote)
Replace Strings (Switch Hosts, API Endpoints)
Modify Headers
Modify Request Body
Modify Response Body
Modify Query Params
Modify Cookies
Modify DOM/Inject scripts
Modify User Agents
Delay Request
Cancel Rule
Organizing Rule
Import/Export Rules from File
Pause/Resume Requestly
Rule Operators
Advance Targeting
Sharing Rules
Map Local
Map Remote
Pinning Rules
GraphQL Support
Edit and Replay
Import Setting from Charles Proxy
Test URL Condition
Test this Rule
File Server
File Server
Â
Session Replay Architecture
This document aims to provide an understanding of the architecture of session replay and its security aspects in the Requestly app.
Session replay on a Website
When auto-recording a particular website, the extension adds a JavaScript library in the website -
request-web-sdk.js - which observes the mouse movement, console logs, and network logs. The recorded data is locally stored in the page’s context (an in-memory JS variable).Please note, as soon as the page navigates or refreshes, the local context is cleared by the browser, and data recorded so far is lost. In Network logs, request headers are NOT captured as they are more likely to hold sensitive information like authorization tokens, auth id, session id, resource id, cookies, etc.
Reviewing a Session
Once the session is recorded on the website, you can review it, add details, save online or download the session file locally by clicking on
Save . The Requestly UI retrieves the session data and renders the session player and other details.
While saving the session, you can choose if Console logs and Network logs are to be included in the replay. If not included, they will not be saved on the Requestly server.
Security Aspects
The security of session replay in Requestly is ensured by the following measures:
- Local Storage of Data: All session data is stored locally in the page's context. No details of the session are stored on the Requestly server unless explicitly saved online. This data is lost if you click the "Discard" button or close the Requestly UI and website, ensuring that no residual data is left on the server. You can also choose to save session locally using by clicking on
Save>Download File.
- No Capture of Sensitive Information: The Requestly extension does not capture request headers in network logs, which are more likely to hold sensitive information like authorization tokens, auth id, session id, resource id, cookies, etc. This measure further enhances the security of session replay.
- Sync Storage and Firebase: The extension stores the configuration in the browser’s local storage and also on the Requestly server (Firebase), ensuring it is available across all devices or browser instances logged in using the same account. This ensures that the data is securely stored and accessible only to the authorized user.
- Requestly is OpenSource tool: Source code is freely available for inspection on GitHub. This transparency allows developers to verify the security measures implemented in the tool, providing an additional layer of trust and security. Please checkout Github for UI code and requestly-web-sdk
Requestly takes several measures to ensure the security of session replay, including local storage of data, not capturing sensitive information, and secure storage of configuration.
Â
Â
Â