[Bug] [Firefox] The Kee Browser Extension stalls Websocket connections to localhost

Kee browser extension
#1

Hey there, I’m pretty sure I found a bug.

Today when working I was having trouble to get my browser to connect to a WebSocket server on my local machine.

After a long time of trial and error I found out that the issue vanishes as soon as the Kee Extension is disabled and appears again as soon as it’s back online.

It is fairly easy to reproduce:

  1. Open a WS server locally. I used node and the ws package:
const WebSocket = require('ws');
const ws = new WebSocket.Server({ port: 80 });
ws.on('connection', socket =>
{
  console.log('New connection!');
  socket.close();
});
  1. Open Firefox with Kee installed and enabled (not connected to Keepass, not sure if it makes a difference but I guess that it does)
  2. Go to about:blank and open the DevTools (Ctrl + Shift + I)
  3. Use the console to run
const ws = new WebSocket('ws://127.0.0.1/'); 
ws.onopen = () => console.log('Connected!');
  1. Refresh the page
  2. Goto step 4

When I do this on my machine and Kee is installed, the time between calling new Websocket and actually starting a connection gets increasingly slower until it is the slowest at roughly 70 seconds. This might match the reconnect timeout used in WebsocketSession.ts of the addon. I can’t tell if they are related though, I haven’t looked thorugh the code very long.

I have to do a full restart of the browser to fix the issue. It seems to only affect connections via localhost or 127.0.0.1. I have not tested this out in Chromium.

Have a nice day!

#2

Firefox continuously increases the time required for a websocket connection to succeed each time that it fails.

Perhaps it additionally treats all localhost ports as part of the same timeout pool?

Kee is very conservative because of this and therefore only attempts to connect once every 70 seconds, unless an exploratory HTTP request fails in a way that suggests KeePassRPC is waiting for an incoming connection.

In step 5, which page are you refreshing? I see no way to do this on “about:blank”

#3

Thanks for the reply!

You can hit F5 while the devtools are open to refresh the page. You don’t have to try it on the about:blank page either, I just figured it would be easiest to try there but looks like I was mistaken ^^

When I disable the Kee extension I can do it 100 times in quick succession without noticing any difference, when Kee is active, it takes about 7-10 tries to start stalling and about 15-20 tries to become basically unusable.

#4

Were you able to reproduce it?

#5

Yeah, more or less. For me the successful connections occur at the point at which Firefox gives up trying to connect to the KeePassRPC websocket port - that’s every 60 seconds at a time related to when Kee first started up. So there’s no increasing time delay but instead always a delay of somewhere up to 60 seconds.

I know that Linux and Windows behave differently with respect to websocket connections though so perhaps that explains our slightly different results (I’m on Linux).

So, at least on Linux, there’s nothing that Kee (or any Websocket client) can do about this. Whether via a Firefox bug or WebSocket protocol requirement, it seems that attempting two connections to different ports on the same IP address concurrently is just not possible. Again, this may even be platform dependant behaviour.

It would be interesting to see if the behaviour in Chrome is the same (suggesting a protocol requirement) and whether using an alternative IP address for localhost (or even a different host or domain name aliased to it) allows you a way to work around the limitation. And/or you can always keep KeePass open (but locked) so that Kee has no need to try to connect to it using the only available connection to localhost.