Hi guys and girls,
few days ago I tried to test a new webapp I made. I've used the now browser-native implementation of fetch() for AJAX type of requests.
Tried to intercept it with Burp and Foxy Proxy => Nothin
Tried to intercept it with Burp and Firefox Network Settings => Nothin
Tried to curl the target address => Nothin
I mean the Browser doesn't even show the Burp response, nor a certificate error. Yeah I looked into dev tools
All requests are over https and server-side there's a WAF, Content Security Policies, Domain Origin checks in the code and whatnot. At this point I got not the slightest idea where it could be caught, logs don't show anything special.
Please hit me with some ideas.