Kosher Filter Debugger: A Chrome Extension for Diagnosing Content Filter Issues

I tried to open a site — typeui.sh — and it just sat there, blank. No error page, no explanation. Just nothing.

My network runs through a kosher content filter that sits between my browser and the internet. It intercepts HTTPS traffic, inspects WebSocket connections, and blocks things it doesn't like — often silently. The hard part isn't knowing that something is blocked. It's knowing what exactly is being blocked and why — and then communicating that clearly enough to support so they can actually fix it.

So I built a Chrome extension to handle all of that.

What the Extension Does

The Kosher Filter Debugger monitors every network request in your active tab and flags anything that looks like filter interference. It classifies errors into specific categories so you know exactly what type of block you're dealing with:

SSL inspection — The filter is replacing the server's certificate with its own (ERR_CERT_AUTHORITY_INVALID)
Content block — The filter's inspection engine rejected the request (ERR_ICAP_RESPONSE)
Tunnel blocked — The HTTPS CONNECT tunnel was refused by the proxy (ERR_TUNNEL_CONNECTION_FAILED)
WebSocket blocked — WSS upgrade connections silently dropped (ERR_FAILED on WebSocket)
Policy block — Hard admin block via ERR_BLOCKED_BY_ADMINISTRATOR

The Real Problem It Solves

Identifying that something is blocked is only half the battle. The other half is reaching out to support with enough detail that they can actually do something about it. Most people send vague messages like "site X isn't working" — which leads to back-and-forth that can take days.

The extension has an Email tab that auto-generates a fully pre-filled support request based on the detected errors — including your device ID, the affected site, the specific blocked hosts, the exact error codes, and a clear description of what needs to be whitelisted. Hit "Open in Gmail" and it lands in a pre-composed draft, ready to send in seconds.

A Real Example

When I loaded typeui.sh with the extension active, the Errors tab filled up immediately:

Extension — Errors Tab

net::ERR_FAILED
dapper-hamster-864.convex.cloud/api/1.32.0/sync
Socket/WSL WebSocket

Four identical failures, all hitting dapper-hamster-864.convex.cloud. That's Convex, a real-time backend service the site uses for live data sync over WebSocket. The filter was silently killing every WSS connection attempt, so the UI had nothing to render.

Root cause: WebSocket (WSS) connections to *.convex.cloud were being blocked. The fix is a whitelist rule for that domain — and the extension generated the support email with exactly that request, pre-filled and ready to send.

How It Works Technically

background.js — Network Monitor

A service worker that hooks into chrome.webRequest.onErrorOccurred and onHeadersReceived. It classifies each error code against known filter patterns and deduplicates repeated failures from the same host. WebSocket ERR_FAILED errors get automatically classified as filter interference since that error code on a WSS connection almost always means the proxy dropped the upgrade.

content.js — In-Page Monitor

A content script that overrides window.WebSocket to intercept connection events. It watches for abnormal close codes — specifically code 1006 (no close frame received, typical of a proxy that drops the connection mid-stream) and code 1015 (TLS handshake failure).

popup.js — UI + Email Generator

Reads the collected error data and renders a verdict, a deduplicated error list, and a diagnostic summary. The email generator constructs the support request based on error types — different language for WebSocket blocks vs. SSL interception vs. hard policy blocks — so the message is always specific and actionable.

Install It

It's a developer tool, so you load it unpacked:

Download or clone the repo
Open chrome://extensions/
Enable Developer mode
Click Load unpacked and select the folder

The source is in a private repo — get in touch if you'd like more details or want to use it.

The extension requires the webRequest permission to monitor network traffic. It only reads error events — it does not modify requests or send any data anywhere.

What's Next

A few things I might add: auto-detection of the filter's block page (it has a recognizable HTML signature), a history log that persists across tab navigations, and a one-click export of the full diagnostic report as a text file for attaching to support tickets.

If you're on a kosher-filtered network and hitting mystery blank pages, give it a try.