Browzer for MS Exchange OWA

I'm very interested in combining BrowZer with our on-prem Exchange server. IMO Exchange has a questionable history of security issues and using BrowZer to decouple it from the internet is a compelling idea.

I've got my OpenZiti overlay working. I believe I've got BrowZer working too. The bootstrapper starts, I login to the auth provider, and eventually I'm shown the login page for OWA. But the login process just loops. Put in password, click login, back to login page again.

I compared the network activity from a good (no browzer) login vs a browzer login. There's supposed to be a POST that returns a bunch of cookies. Those cookies are present in the next request which eventually loads the mailbox. In the browzer session the cookies don't come through and are absent on the following request.

I confirmed that OWA doesn't seem to care which FQDN I use to reach it. I setup a hosts file entry and ran a test w/o browzer. Works fine. It doesn't seem to mind being behind a reverse proxy.

Any thoughts or suggestions on how to debug this further or tweak browzer?

Hi @ghibsch,

Thanks for trying out browZer with your private Exchange/OWA. I'm excited you're doing this because this use case is one on our list that we haven't gotten to yet.

Which version of browZer are you running right now?

If you are willing, here are some suggestions that will help me troubleshoot (via private msgs):

• Set your client-side trace level to TRACE (set env var ZITI_BROWZER_RUNTIME_LOGLEVEL=trace in bootstrapper), then open dev tools, go through the failing flow, then save the Console log and send it to me, and save the Network har file and send that to me.

I'm happy to do what I can. I'll work up that trace and send your way.

BrowZer version appears to be 0.60.3. It's just the github zip file from main as of yesterday I think.

OK, you have the latest. I recently fixed a similar Cookie issue to what you described (in 0.60.2), so wanted to make sure you had that fix.
Also, see my "private Discourse chat" msg to you.

Hey Bobby, I have good news... OWA over browZer is a reality... see below:

image2066×1678 200 KB

I have a bit more testing to do tomorrow (Wed) but I'll release the fix for you soon.

That's VERY good news! Thank you!

I just updated to the latest browzer code from Github and OWA is working!

Terrific. Thanks for the update, Bobby.

browzer-cookie.txt (58.0 KB)
Hello curt, I have a local service called zentao. You can search for this open source project on github. Currently, direct access is fine. You can access the login page through the browzer, but you cannot jump after entering the account and password and clicking login. This is my browzer trace record. I compared their interfaces and found that the cookie was not carried when the browzer accessed

image2256×1318 329 KB

image1698×798 106 KB

I'll take a peek at zentao under browZer today. Stand by.

Hi, have you reproduced the problem of zentao being unable to log in? What help do I need?

I am on PTO this week, and will pick this up again when I return to the office next week.

I have reproduced the issue, and I see the problem. ZBR is doing an inappropriate transformation on the HTML returned from the request to ZenTao's /index.php?m=user&f=refreshRandom endpoint, which leads to bogus data being sent in the form data on the subsequent request to /index.php?m=user&f=login. I am working on a fix now.

Please try the latest browZer release (0.83.0) and let us know if things have improved for you.

Sorry, there was a problem with the network at home some time ago, so I came to test the new version of browZer now

image1920×332 130 KB

I used version 0.87.1, and the following error was prompted when accessing zentao

image1920×1162 218 KB

image2518×1496 450 KB

I changed to another test service and it can be accessed, but the situation is the same as the previous zentao, it cannot carry cookies and cannot jump

image1924×1506 346 KB

image2232×1430 323 KB