Description
When I start HTTPToolkit (MacOS), even without intercepting anything, after a while I notice large amount of traffic to/from a github server:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
node 26095 t_w 25u IPv4 0xcb5eeb155b5d3b75 0t0 TCP macbookpro.lan:55704->lb-140-82-116-3-sea.github.com:https (ESTABLISHED)
When I say large amount, I mean it's constantly sending traffic, often in the gigabytes.
I tried to look into what this is doing but so far I haven't traced where these connections are made from.
In the processes I see these:
26092 ?? 0:00.44 /Applications/HTTP Toolkit.app/Contents/Frameworks/HTTP Toolkit Helper.app/Contents/MacOS/HTTP Toolkit Helper --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=network --user-data-dir=/Users/t_w/Library/Application Support/httptoolkit --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --shared-files --field-trial-handle=1718379636,r,87867599167215501,744985615024557052,262144 --enable-features=ScreenCaptureKitPickerScreen,ScreenCaptureKitStreamPickerSonoma --disable-features=SpareRendererForSitePerProcess --variations-seed-version --seatbelt-client=25
26095 ?? 0:02.57 HTTP Toolkit Server
26096 ?? 0:08.07 /Applications/HTTP Toolkit.app/Contents/Frameworks/HTTP Toolkit Helper (Renderer).app/Contents/MacOS/HTTP Toolkit Helper (Renderer) --type=renderer --user-data-dir=/Users/t_w/Library/Application Support/httptoolkit --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --app-path=/Applications/HTTP Toolkit.app/Contents/Resources/app.asar --enable-sandbox --js-flags=--expose-gc --lang=en-US --num-raster-threads=4 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --enable-main-frame-before-activation --renderer-client-id=4 --time-ticks-at-unix-epoch=-1739456143460180 --launch-time-ticks=91667634034 --shared-files --field-trial-handle=1718379636,r,87867599167215501,744985615024557052,262144 --enable-features=ScreenCaptureKitPickerScreen,ScreenCaptureKitStreamPickerSonoma --disable-features=SpareRendererForSitePerProcess --variations-seed-version --seatbelt-client=73
What is the node server doing? why does it connect to this remote server?