Using Fiddler to intercept requests from Windows program - http

I am trying to intercept HTTP requests sent via an application I have installed on my Windows 7 machine. I'm not sure what platform the application is built on, I just know that Fiddler isn't correctly intercepting anything that this program is sending/receiving. Requests through Chrome are intercepted fine.
Can Fiddler be set up as a proxy for ALL applications, and if so, how would I go about doing this? I have no control over the application code, it's just something I installed. It is a live bidding auction program which seems to mainly display HTML pages inside the application window.

Fiddler isn't correctly intercepting anything that this program is sending/receiving
That means the program is either firing requests to localhost (very unlikely), or ignoring the proxy settings for the current user (most likely). The latter also means this application won't function on a machine where a proxy connection is required in order to make HTTP calls to the outside.
The alternative would be to use a packet inspector like Wireshark, or to let the application be fixed to respect proxy settings, or to capture all HTTP requests originating from that machine on another level, for example the next router in your network.

Related

Deno Server doesn't go through the Internet

I built a simple Webserver with just the serve function from the std http module. It just redirects a request to a new URL:
import { serve } from "https://deno.land/std#0.120.0/http/server.ts";
serve(req => Response.redirect("https://google.com"))
It works, when I access the server through a browser on my laptop, where the server is running, but when I try to access it on another machine in the same network using the ip-address of my laptop, there simply is no response at all. Is this one of the security features Deno has and if so, how can you deactivate it?
Update:
So I tried looking up the requests I make on my local machine in Wireshark, but when I run the server and send a request, it doesn't show up there. I disabled my Wifi Connection to see if that changes anything and to my surprise, I still got an answer from the server when I sent a request through the browser. I came to the conclusion that the Deno server somehow doesn't serve over the local network which really confuses me. Is there a way to change that behaviour?
This is not related to Deno, but rather the firewall features of your device/router/network or an error in the method that you are using to connect from the other device (typo, network configuration, etc.).
Without additional configuration (by default), serve binds to 0.0.0.0:8000, so — as an example — if your laptop is assigned the local address 192.168.0.100 by your router, you could reach the server at the address http://192.168.0.100:8000.
You might want to do research on SE/NetworkEngineering and elsewhere to determine the cause of the blocked connection.

No need for HTTPS at all, but there seems to be no other way from the web browser

Given a web application running over an HTTPS connection. It also has to communicate with a Java application on the local area network.
This server is literally in the same room with the PC on which the web app is running, a simple HTTP connection would be completely fine between the two, but since the web app is running over HTTPS, the browser forces the HTTPS.
It's already stupid and a big overkill that I must employ an HTTPS server in the Java application just because of that, but still now it doesn't work yet, because now the browser is complaining about the certificate that it is self-signed..
I mean, do I really need to purchase an SSL certificate so two of my computers in the same room can communicate over HTTP? Even if I wanted I couldn't. There's not even a fix domain.
I'm confused, is there a way around?
UPDATE:
The web application is served from the Internet, that's why the HTTPS connection. Whereas it should receive data from a Java application running locally. Hundreds of megabytes in every couple of minutes (confidential medical images) so sending all that through a proxy is not really an option.
I also wanted to avoid the need of any manual configuration from the user's side to make the communication work (like importing a certificate into the web browser and similar) but maybe I have no other option.

Why can't Fiddler detect traffic through proxy servers?

I had Fiddler open recently with no filters on, and I was running a program from my command prompt that communicates with a server (it's a simple in-house proprietary program).
Interestingly, Fiddler was not picking up this communication, which is mostly made up of REST API calls. I did some research and found this quote, from here
With regard to why you're not seeing this traffic in Fiddler--
assuming you don't have any filters set, this suggests that whatever
mechanism you're using to send the HTTP request isn't adopting the
system's proxy settings. This means, for instance, that your code
would fail if run on a corporate computer that requires a proxy server
to reach the Internet.
However, I'm wondering why this would be the case. As far as I understand, my computer still needs to send data from my network card to the proxy server's network card. The traffic isn't bypassing my network card - it simply carries a different address. Why isn't Fiddler able to see this?
The reason is that Fiddler works not by sniffing your network card but by installing itself as the system proxy. If you click start and type "Internet Options" and choose the tab "Connections" and the button "LAN Settings" you'll see that localhost:8888 is your system proxy. Now, most well-behaved clients (e.g. IE and Chromer) respect and use the system proxy but some don't. In particular Java programs have their own ideas about which proxy they will use and you would have to set that separately. For other programs which are just hard-coded to make their own direct HTTP request you cannot AFAIK monitor them with Fiddler.

Is it possible to start WCF UDP Listener in IIS on a shared host without requiring a user to access HTTP first?

I have created a sweet ASP.NET 4.0 UDP listener via WCF that starts on Application_Start. As usual, everything is hunky dory on my local machine. On my local machine using the VS Dev Environment and setting it to not open any page upon debug, the listener starts without browsing to anything yet. However, whenever I deploy to my shared host, I must access the site via a web browser before the listener will start. I do not have access to the IIS control panel but I do have some limited setting changes I can make to IIS via "Website Panel" software. I believe the shared host uses IIS 7.5.
Is there a better way to solve this rather than creating a polling service from my home PC to send an HTTP request to the shared host every so often to kick off the listener?
Requirements
The client sends UDP packets over a configurable port. I cannot change anything other than the IP and port that the client uses to connect
The solution must work with my shared host since I cannot afford a VPS at this time - otherwise I would've created a Windows Service. I got around creating a window service before by creating a polling service via WCF Application_Start but that only works because the info the users would see have to be on a webpage therefore application_start would always be called. In this case, the users/clients are not necessarily accessing the webpage.
Ideas:
Somehow pull this into a .svc. That way when the .svc is accessed by the client, it kicks off the listener for everyone else. But how can a .svc running on port 80 accept UDP calls? I'm also not sure if the client will be able to connect to more than an IP:PORT (I don't think it'd accept a .svc path like URL.com/awesomeListener.svc).
Any suggestions? Thank you so much.
If you are running ASP.NET 4.0 you can set it to auto-start for you which will fire Application_Start:
http://weblogs.asp.net/scottgu/archive/2009/09/15/auto-start-asp-net-applications-vs-2010-and-net-4-0-series.aspx

Configure a WinHTTP application to use Fiddler

I need to see the actual requests being made from a asp page to the webservice(which calls another webservice). All these requests happen on the same local box. I ran the "proxycfg -p http=127.0.0.1:8888;https=127.0.0.1:8888" on the command prompt based on
http://www.fiddler2.com/fiddler/help/hookup.asp#Q-WinHTTP: How can I configure a WinHTTP application to use Fiddler?
I now see the webservice wsdl requests in Fiddler but not the actual requests. Would someone know why??
If your WS calls are going to your local machine, make sure the URLs they are using are "localhost." instead of "localhost" - notice the dot in the first instance. Otherwise fiddler never gets a chance to pick up the request.

Resources