I would say you can get to this point far below 100 million people, especially on web. Some people are truly special and have some kind of setup you just can't easily reproduce. But I agree, you do really have to be confident in your ability to control rollout / blast radius, monitor and revert if needed.
This isn't meant as a replacement for tshark. It actually uses tshark for the live capture part.
tshark is the engine; Babyshark is the guided Ul on top of it.
• tshark: raw packet/field dump + powerful filters, but you have to know what fields to ask for and how to stitch the story together.
• Babyshark: gives you an opinionated workflow (Overview → Domains/Weird → Flows → Packets/ Stream) with "explain/why it matters" text, curated detectors, and one-key drilldowns.
For live capture, Babyshark uses tshark -T fields to extract things like DNS qname / TLS SNI / HTTP host; for offline PCAP it parses enough to build flows + summaries.
So: if you already live in tshark one-liners, tshark is faster. If you're trying to understand what's happening or teach/debug quickly, Babyshark is a nicer front-end.
That's cool, but also requires using the Singlefile extension (and granting it access), right?
What I like about the share sheet JS method is that it doesn't get access to most of my browsing sessions. (The shared-to app getting access to my browser session is somewhat unexpected, though.)
The use of "storage.googleapis.com" is probably because it's an "authority" domain that apps can't easily ban without side effects. Buckets can typically be used as a static site host where u can host a client side redirect, depending on how you set it up you can make it almost impossible for an app to ban a campaign in real time.
This has some good uses, by the way! VPNs and news websites that are blocked in Russia use it to either mirror content or redirect to the newest version.
reply