I have installed fiddler on server named server1.corp.mycompany.net. When i browse from my local machine to https://server1/default.aspx, it does not capture the traffic. But if i open IE on the server and browse https://server1/default.aspx, it works.
I have enabled "Capture https traffic". This is how it looks like:
Am i missing something?
I am using Fiddler4.
You would need to install Fiddler on your local machine if you expect to capture traffic to the server from your local machine. That's how Fiddler works by default, it only captures traffic originating from browsers on your computer.
If you wanted to inspect all traffic coming to the server, then something like Wireshark would be more appropriate.
Your options are:
Run Fiddler on the client machine. It will show outbound requests from that machine.
Run Fiddler on one machine and point the proxy settings on another machine to that first machine. Fiddler will show outbound requests from any client whose proxy settings point at Fiddler.
Run Fiddler as a reverse proxy. This will show inbound requests to the target.
Based on your scenario, you probably want #3.
Related
I have a local jupyter lab instance, running on mint-2 computer with command jupyter lab --ip "*", and it listens to port 8888. I can access it just fine via the URL mint-2:8888.
I also have a server instance ubuntu-2. I reverse ssh tunnel from mint-2:8888 to ubuntu-2:8888, meaning I can access it on my mint-1 laptop just fine via the URL ubuntu-2:8888 anywhere in the world.
However, it is not encrypted with TLS, so I wanted to improve this. On ubuntu-2 I have an nginx load balancer container that strips https traffic, and redirects http traffic to other locations. I have set up jupyter.ubuntu-2:443 so that it redirects to ubuntu-2:8888 so that it redirects to mint-2:8888. This version initially seems to open up just fine, and I can navigate directories. However, whenever I want to launch a new terminal or notebook instance, or even create new directories, it wouldn't work. Here's the network log when I save a modified notebook:
My question is, why won't the requests go through, considering I can still interact with the interface just fine everywhere else, but just not when creating folders/notebooks/terminals. I am thinking that JupyterLab might be using UDP and I'm considering passing UDP traffic through nginx, but this doesn't really make sense, as this is clearly a PUT request. Any other help regarding where to find more logs or speculation on what might have gone wrong is much appreciated.
I dig into it a little more, and managed to figured it out.
JupyterLab has CORS policy that doesn't allow requests to ubuntu-2. I then added c.NotebookApp.allow_origin = "*" to JupyterLab's config at ~/.jupyter/jupyter_lab_config.py, as mentioned here.
Then I found out that everything is still not functional, and this is because Jupyter requires both HTTP and WebSocket protocols, and my current server setup only allows http traffic. So I need to enable generic TCP traffic on ubuntu-2's HAProxy load balancer. Because I have multiple virtual hosts on the server, I need to distinguish between them, so I used Server Name Indication, server name included in TLS traffic.
I built a simple Webserver with just the serve function from the std http module. It just redirects a request to a new URL:
import { serve } from "https://deno.land/std#0.120.0/http/server.ts";
serve(req => Response.redirect("https://google.com"))
It works, when I access the server through a browser on my laptop, where the server is running, but when I try to access it on another machine in the same network using the ip-address of my laptop, there simply is no response at all. Is this one of the security features Deno has and if so, how can you deactivate it?
Update:
So I tried looking up the requests I make on my local machine in Wireshark, but when I run the server and send a request, it doesn't show up there. I disabled my Wifi Connection to see if that changes anything and to my surprise, I still got an answer from the server when I sent a request through the browser. I came to the conclusion that the Deno server somehow doesn't serve over the local network which really confuses me. Is there a way to change that behaviour?
This is not related to Deno, but rather the firewall features of your device/router/network or an error in the method that you are using to connect from the other device (typo, network configuration, etc.).
Without additional configuration (by default), serve binds to 0.0.0.0:8000, so — as an example — if your laptop is assigned the local address 192.168.0.100 by your router, you could reach the server at the address http://192.168.0.100:8000.
You might want to do research on SE/NetworkEngineering and elsewhere to determine the cause of the blocked connection.
I am using a win10 desktop app for which I know it is sending TCP packets in order to communicate with the server. The payloads are encrypted. There is a chance that if the app is using TLS, a proxy like mitmproxy or fiddler will be able to decrypt the data.
The app also gets assigned different port every time it launches. So far the only promising information was to use netsh:
netsh interface portproxy add v4tov4 listenport=appPort listenaddress=appLocalIP connectport=fiddlerListeningPort connectaddress=fiddlerLocalIP
I ran this command after the app was already running because I can not determine its local port beforehand. But that did nothing. I was unable to find any other way to force the app to route the traffic through fiddler / mitmproxy.
I had Fiddler open recently with no filters on, and I was running a program from my command prompt that communicates with a server (it's a simple in-house proprietary program).
Interestingly, Fiddler was not picking up this communication, which is mostly made up of REST API calls. I did some research and found this quote, from here
With regard to why you're not seeing this traffic in Fiddler--
assuming you don't have any filters set, this suggests that whatever
mechanism you're using to send the HTTP request isn't adopting the
system's proxy settings. This means, for instance, that your code
would fail if run on a corporate computer that requires a proxy server
to reach the Internet.
However, I'm wondering why this would be the case. As far as I understand, my computer still needs to send data from my network card to the proxy server's network card. The traffic isn't bypassing my network card - it simply carries a different address. Why isn't Fiddler able to see this?
The reason is that Fiddler works not by sniffing your network card but by installing itself as the system proxy. If you click start and type "Internet Options" and choose the tab "Connections" and the button "LAN Settings" you'll see that localhost:8888 is your system proxy. Now, most well-behaved clients (e.g. IE and Chromer) respect and use the system proxy but some don't. In particular Java programs have their own ideas about which proxy they will use and you would have to set that separately. For other programs which are just hard-coded to make their own direct HTTP request you cannot AFAIK monitor them with Fiddler.
Here is what I have to do :
Open a url in IE/Chrome/Firefox browser.
Do some UI user action (click/submit).
Record http request for a particular http call.
Here is what I did: console application + selenium RC to open url & do the user actions + Fiddler Core to capture that http traffic.
My code works fine when I'm running it in Firefox & IE, but don't know why Fiddler Core not able to capture any http traffic when running it against Chrome.
ISelenium selenium = new DefaultSelenium("localhost", 4444, "*googlechrome", "http://money.msn.com/");
selenium.Start();
selenium.Open("/");
selenium.WaitForPageToLoad("30000");
Another intersting thing, if I dont use Selenium RC & open Chrome using Process class then I can see fiddler core capturing that http request. But I need a UI automation tool to do the user actions.
Any help will be greatly appriciated.
Thanks.
I hope I do not misinterpret the problem -- I assume localhost traffic to be the thing that cannot be captured.
localhost traffic is routed via the local loopback interface (a 'virtual' interface that routes local traffic more efficiently), and this never reaches a network card. Most packet capture tools capture the packets on the network device driver layer and thus only capture packets that actually go throug physical network devices.
I use the following way to pass proxy and it is working for me.
ChromeOptions options = new ChromeOptions();
options.AddArgument(string.Format("--proxy-server=http={0}:{1};https={0}:{1}", proxyHost, port));
driver = new ChromeDriver(options);
Anyway, use ipv4.fiddler instead of localhost to ensure fiddler is able to capture the traffic.
For IE, if you are using IE9, it has been changed to allow proxy connections to localhost. It seems FF is also capable to do this. Check this URL:
Fiddler and the IE9 Release Candidate
http://blogs.msdn.com/b/fiddler/archive/2011/02/10/fiddler-is-better-with-internet-explorer-9.aspx
*IE9 RC introduces the ability to proxy loopback traffic. To do so, simply include the token <-loopback> (pronounced “minus-loopback”) in the proxy bypass list. When WinINET encounters this token in the bypass list, it will remove the loopback addresses (localhost, 127.0.0.1) from the list of hosts that bypass the proxy. Fiddler 2.3 and above automatically set this option when capturing traffic.
The FiddlerHook add-on automatically sets the equivalent version of this option for Firefox; for Opera, you can manually remove loopback addresses from the proxy-bypass list.*