I have to capture http request from charles. I am able to get normally. One site that is not working in my ip address, so I am using proxy I set proxy in my mozila browser. After setting proxy in browser charles is not capturing site calls.
What I have to do to make it happen , As well I tried in fiddler as well. Please help me to sort out.
Thanks
For fiddler you can download certmaker as you need a certificate in most cases for secure traffic:
http://docs.telerik.com/fiddler/Configure-Fiddler/Tasks/ConfigureForAndroid
Related
I am trying to use charles proxy, but after starting it as root, I still have only one sequence, but no more requests. why?
I think the problem is that your requester device does not have the proxy settings to reach CharlesProxy.
You can find instructions on how to configure your proxy settings on Chrome easily here.
Is there a way to completely encrypt the outgoing HTTPS requests from the software to the server ? i mean there are apps like Charles and Fiddler that can capture the HTTPS traffic and see everything like the Headers,URL,...
i don not want anyone to see or capture the traffic going from my app.
i'm using Delphi 10.1 VCL App
If you're using HTTPS and you are properly validating certificates as a browser would, there is no way for an intermediate to view URLs or headers, or content. All they can see is which server you're communicating with.
The way Charles gets around this is that it presents its own non-genuine certificate, which won't validate, and proxies the communication. If your app is validating certificates it would refuse to communicate with the Charles proxy. If you viewed the Charles proxy with a web browser it would present an SSL certificate error.
If you trust that particular Charles proxy and want to add an exception in your client or browser, you can. But it only allows that particular one - it doesn't mean anyone else can intercept your HTTPS, or read URLs, etc, using their own Charles proxy or similar.
Have just installed fiddler for analyzing http traffic and performed the following configuration.
Capturing is on
Filter all processes is on
Unchecked hide Images, CONNECTS, and 304 under rules
Checked Automatically Authenticate under rules
Fiddler listens port is 8888 under Fiddler Options -> Connections
Use System proxy under Fiddler Options -> Gateway is checked
Current Gateway info under Fiddler Options -> Gateway shows my companys proxy config script http://wtd.ten.thomsonreuters.com/proxy.pac
IE browser has automatic configuration script of http://wtd.ten.thomsonreuters.com/proxy.pac under LAN settings set
When accessing a an external web page via any browser no information is being captured in fiddler.
However if i enter 127.0.0.1:8888 in any browser then fiddler captures this request, which suggests to me fiddler is not able to see any normal URL requests due to mis configuration.
Any help would be appreciated. Thanks.
Click Fiddler's Log tab just after startup. Does it mention anything about your proxy settings being controlled by group policy?
Click Help > Troubleshoot Filters. What do you see?
When Fiddler is capturing, what do you see inside Tools > WinINET Options > LAN Settings?
Scenario: I want a staging environment at a customer's site. The customer owns www.example.com. I want to map the site to staging.example.com reachable from the outside, but I haven't got time to wait for the bureaucracy surrounding either the purchase of the new subdomain or opening of secondary HTTP ports.
Assumption: If I spoof the HTTP Header param Host to be staging.example.com on the client side, but actually make the request to the IP of www.example.com, IIS will redirect the request to the configured site for staging.example.com. Am I right?
So is there any client tool that can help me with that? I'm fairly famailiar with Fiddler, but it seem to override my rewrites of the host parameter. Also I would need to configure it to do it for every request, not just one, to make it trivial to test.
Are there simpler solutions to this problem?
I'm not entirely sure what you're asking.
Inside Fiddler, by clicking Tools > HOSTS and you can send all traffic targeting one site, e.g. dev.example.com to the IP of your choice. The target site (namely dev.example.com) doesn't need to exist at all in this case. Your client (e.g. the browser) has no idea that Fiddler is retargeting the traffic, it just thinks that it is talking to dev.example.com.
If you have the Fiddler book, check out the Retargeting Traffic section for many other ways to retarget traffic.
I am working with Squid Proxy Server as I have also used cyberoam,Sonicwall and Clear OS.
I want to setup my own proxy like above products ie authentication in transparent proxy.
Actually I setup transparent proxy but at that time my HTTPS site is not working.Then I configure one iptables rule that redirect all http & https traffic to 3128(squid port) only. but here I can access all my https websites but I cant block them.
My requirement is when I am going to access any website at first time it will ask me to authentication and then and only i can access internet. In log reports also I can show its Username and one more thing it will also possible in thinclient(terminal service).
Anybody help me short-out this problem ?
Proxy authentication doesn't work in transparent proxies setups. The browser should have the proxy configured to catch the authentication request from a proxy and to request the credentials to an user.
Another thing is that you can create a transparent proxy for HTTPS. Why? Because when the browser connects, it's connected to the proxy, not the real server. The browser will try to negotiate SSL which is a thing that Squid won't support. There are tricks to do this, but you'll break the SSL security, browser will complain, etc. There are one tool that I used to get this working: u2nl, but it's a hack that tunnels HTTPS trought the proxy.
The best option, is to use a non-transparent proxy. If you want to avoid browsers configuration, have a look at WPAD
As said before, you can't really block HTTPS sites with Squid, and you can't really use authentication with the proxy running at his transparent mode.
As far as I could use and cofigure, you can use an external acl to force a kind of login, but the login requests will not be treated by the proxy, but you can work it with some PERL.
And about the HTTPS thing, you could work it with some hacks, but it is a very sensible question, because the server performance with be punished with this kind of use and you could be pointed as a fraudulent service, which isn't cool... Believe me.