Is there a way to set Fiddler software to log only "localhost" and not all the web traffic ?
Thanks,
Yes you can.
Fiddler has a filters option in which you can specify the name of your computer.
Here's the steps:
Make sure you have the latest version of fiddler
Click on the "Filters" tab (in the same line of Inspectors).
Click on "Use Filters"
In the text area enter the name of your computer.
Left click on the request area (so it will be saved).
If everything went well, fiddler has a green arrow on the Filters tab.
Just browse to the website using your machine name so instead of:
http://localhost/MySite
Go to
http://my-machine-name/MySite
I found these ways to only log localhost traffic, either should work.
'Show only Intranet Hosts', which excludes hostnames with a dot in them
'Show only the following Hosts' just specify only to log localhost as below
Here you can find how.
When I test local websites I usually add an entry in the hosts file %systemroot%\System32\drivers\etc\hosts
127.0.0.1 somewebsite
And then I set the bindings on IIS 7 to point to somewebsite
So I can test using "http://somewebsite". Fiddler tracks this.
update
To show only the localhost traffic:
Go to Rules\Customize Rules...
On Handlers class add this menu option
...
class Handlers
{
public static RulesOption("Show Localhost Only")
var m_ShowLocalHostOnly: boolean = false;
....
On the function OnBeforeRequest
...
static function OnBeforeRequest(oSession: Session)
{
// Hide requests based on target hostname.
if (m_ShowLocalHostOnly &&
!(oSession.host =="127.0.0.1"
|| oSession.host =="localhost"
|| oSession.host =="somewebsite"))
{
oSession["ui-hide"]="true";
}
...
Save this file (Ctrl + S), then choose the new option from the Rules menu.
Related
IS there a way to trick the server so I don't get this error:
Content was blocked because it was not signed by a valid security certificate.
I'm pulling an iframe of an html website into another website but I keep getting the console (chrome) error in the title of this question and in internet explorer it says:
Content was blocked because it was not signed by a valid security certificate.
Your resource probably use a self-signed SSL certificate over HTTPS protocol.
Chromium, so Google Chrome block by default this kind of resource considered unsecure.
You can bypass this this way :
Assuming your frame's URL is https://www.domain.com, open a new tab in chrome and go to https://www.domain.com.
Chrome will ask you to accept the SSL certificate. Accept it.
Then, if you reload your page with your frame, you could see that now it works
The problem as you can guess, is that each visitor of your website has to do this task to access your frame.
You can notice that chrome will block your URL for each navigation session, while chrome can memorise for ever that you trust this domain.
If your frame can be accessed by HTTP rather than HTTPS, I suggest you to use it, so this problem will be solved.
Sometimes Google Chrome throws this error, even if it should not.
I experienced it when Chrome had a new version, and it needed to be restarted.
After restarting the same page worked without any errors.
The error in the console was:
net::ERR_INSECURE_RESPONSE
I still experienced the problem described above on an Asus T100 Windows 10 test device for both (up to date) Edge and Chrome browser.
Solution was in the date/time settings of the device; somehow the date was not set correctly (date in the past). Restoring this by setting the correct date (and restarting the browsers) solved the issue for me. I hope I save someone a headache debugging this problem.
Offering another potential solution to this error.
If you have a frontend application that makes API calls to the backend, make sure you reference the domain name that the certificate has been issued to.
e.g.
https://example.com/api/etc
and not
https://123.4.5.6/api/etc
In my case, I was making API calls to a secure server with a certificate, but using the IP instead of the domain name. This threw a Failed to load resource: net::ERR_INSECURE_RESPONSE.
open up your console and hit the URL inside. it'll take you to the API page and then in the page accept the SSL certificate, go back to your app page and reload.
remember that SSL certificates should have been issued for your Dev environment before.
If you're developing, and you're developing with a Windows machine, simply add localhost as a Trusted Site.
And yes, per DarrylGriffiths' comment, although it may look like you're adding an Internet Explorer setting...
I believe those are Windows rather than IE settings. Although MS tend to assume that they're only IE (hence the alert next to "Enable Protected Mode" that it requries restarted IE)...
Try this code to watch for, and report, a possible net::ERR_INSECURE_RESPONSE
I was having this issue as well, using a self-signed certificate, which I have chosen not to save into the Chrome Settings. After accessing the https domain and accepting the certificate, the ajax call works fine. But once that acceptance has timed-out or before it has first been accepted, the jQuery.ajax() call fails silently: the timeout parameter does not seem help and the error() function never gets called.
As such, my code never receives a success() or error() call and therefore hangs. I believe this is a bug in jquery's handling of this error. My solution is to force the error() call after a specified timeout.
This code does assume a jquery ajax call of the form jQuery.ajax({url: required, success: optional, error: optional, others_ajax_params: optional}).
Note: You will likely want to change the function within the setTimeout to integrate best with your UI: rather than calling alert().
const MS_FOR_HTTPS_FAILURE = 5000;
$.orig_ajax = $.ajax;
$.ajax = function(params)
{
var complete = false;
var success = params.success;
var error = params.error;
params.success = function() {
if(!complete) {
complete = true;
if(success) success.apply(this,arguments);
}
}
params.error = function() {
if(!complete) {
complete = true;
if(error) error.apply(this,arguments);
}
}
setTimeout(function() {
if(!complete) {
complete = true;
alert("Please ensure your self-signed HTTPS certificate has been accepted. "
+ params.url);
if(params.error)
params.error( {},
"Connection failure",
"Timed out while waiting to connect to remote resource. " +
"Possibly could not authenticate HTTPS certificate." );
}
}, MS_FOR_HTTPS_FAILURE);
$.orig_ajax(params);
}
This problem is because of your https that means SSL certification. Try on Localhost.
I'm testing a webpage, which would connect some external Links .
I don't want the page to take too much time to connect them .
So is there any light http-proxy or firewall software, it can be set a white list,
and return 500 directly to all other links that are not in the white list.
Thanks. better if it supports https
I am working with PHP/PHPunit/Win7
duplicate with another question of mine:
Webdriver(Selenium2) - How to make selenium operate elements without wating for connecting to external AD links?
I finally found a simple solution for my condition.
I want to block these Ad requests and tried some firewall and proxy softwares,for example,
comodo,privatefirewall, etc.
comodo is too heavy and complex ,privatefirewall doesn't support wildcards, and firewall would interrupt tests. At last I choosed a proxy software CCproxy.
I create a rule for localhost ,to make it can request my test website domain only, and all other requests are rejected.
Running a test costs about 1-2 minutes before and only 30 seconds now ,it's apparently more stable and fast without connecting to the useless Ad links.
Here're configuration steps:
1.launch CCproxy with Administor privilege( you should set it using Adminisrator in the file property)
2.click Options, select AutoStartup,select AutoDetected for Local IP Address. click OK.
3.create a txt file ,input your domains,like "*.rong360.com*;*.rong360.*;"
4.click Account, select PermitOnly for Permit Category;
click New, input 127.0.0.1 for IP Address/Range;
select WebFilter,click the E button at right side to create a filter;
click the ... button,select the text file you create at Step3,
select PermittedSites. click OK
click OK.
5.click OK to return to the main UI of CCproxy.
6.launch IE and config the local proxy with 127.0.0.1:808
now you can run the tests again , you'll feel better if have same condition :)
I am trying to send activation mail to the currently registered user.In mail body,I need to send a link like http://example.com/account/activation?username=d&email=g.Now, for debugging on local machine, I manually write it as localhost:30995/account/activation?username=d&email=g. But, when my port number changes, I need to rewrite it.
I tried another question
on this website,but, compiler gives error like url.action doesnot exist.
Please give me fresh solution as I am confused with that solution.
Use a Url.Action overload that takes a protocol parameter to generate your URLs:
Url.Action("Activation", "Account", new { username = "d", email = "g" }, "http")
This generates an absolute URL rather than a relative one. The protocol can be either "http" or "https". So this will return http://localhost:XXXXX/account/activation?username=d&email=g on your local machine, and http://example.com/account/activation?username=d&email=g on production.
In short, this will stick whatever domain you're hosting your app on in front of your URL; you can then change your hostname/port number/domain name as many times as you want. Your links will always point to the host they originated from. That should solve the problem you're facing.
Try using IIS / IIS-Express instead of Casinni web server that comes with visual studio.
You could add bindings to have the right URL (with host entries of course).
This will avoid the port numbers in your links.
I'm building a simple internal application for my company, and it requires Windows Authentication for security. All other authentication modes are disabled. I'm stuck in a situation where internet explorer prompts for credentials 3 times, then fails with this error:
Not Authorized
HTTP Error 401. The requested resource requires user authentication.
I then created a bare-bones website to test this out. I created a new site in IIS, put it on its own port (:8111, chosen at random), put one static "default.htm" file in there, disabled anonymous authentication, then enabled windows authentication. Everything else was left at default settings. The port number was assigned because we have multiple sites on this machine all sharing the same IP.
Here are a few scenarios:
Browsing from the web server itself, to http://localhost:8111/ works
fine
Browsing from another computer, to http://ServerIPaddress:8111/
works fine
Browsing from another computer, to http://ServerName:8111/ FAILS
(asks for credentials 3 times, then gives 401 error)
I've been searching online and trying to find a solution with no luck thus far. Either I haven't found it, or I don't understand well enough what I'm reading. Any help would be greatly appreciated.
Just worked out the solution with the help of a coworker after 2 days of fighting with this issue. Here is what he wrote:
There are 2 providers for Windows Authentication (Negotiate and NTLM).
When setting the Website Authentication to Windows Authentication,
while Windows Authentication is highlighted, click on the Providers
link on the right pane or IIS Manager and move NTLM to the top. By
default Negotiate is on top which is why you are getting an
authentication prompt.
Error 401.1 when you browse a Web site that uses Integrated Authentication.
Solution
Disable the loopback check
* In Registry Editor, locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
* Right-click Lsa, point to New, and then click DWORD Value.
* Type DisableLoopbackCheck, and then press ENTER.
* Right-click DisableLoopbackCheck, and then click Modify.
* In the Value data box, type 1, and then click OK.
http://support.microsoft.com/kb/896861
If it still does not work after moving NTML to top in the list of providers try to remove Negotiate completely so there is only NTML left.
That fixed it for me - moving NTML to top did not help on Windows Server 2012 and IIS 8.5. I found the solution in the following stackoverflow issue: IIS 7.5 Windows Authentication Not Working in Chrome
I personally recommend NOT disabling the loopbackcheck globally on your server (IE: Do NOT set DisableLoopbackCheck to a value of 1 in your registry). This is a security vulnerability. Please only disable for known hosts.
Here's a Powershell function to get you pointed in the right direction.
function Add-LoopbackFix
{
param(
[parameter(Mandatory=$true,position=0)] [string] $siteHostName
)
$ErrorActionPreference = "Stop"
Write-Host "Adding loopback fix for $siteHostName" -NoNewLine
$str = Get-ItemProperty -Name "BackConnectionHostNames" -path 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0' -erroraction silentlycontinue
if ($str) {
if($($str.BackConnectionHostNames) -like "*$siteHostName*")
{
Write-Host "`tAlready in place" -f Cyan
} else{
$str.BackConnectionHostNames += "`n$siteHostName"
Set-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0" -Name "BackConnectionHostNames" -Value $str.BackConnectionHostNames
Write-Host "`tDone" -f Green
}
} else {
New-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0" -Name "BackConnectionHostNames" -Value $siteHostName -PropertyType "MultiString"
Write-Host "`tDone" -f Green
}
Write-Host "`tnote: we are not disabling the loopback check all together, we are simply adding $siteHostName to an allowed list." -f DarkGray
}
> Add-LoopbackFix "ServerName"
Source
It's been a while since this question was asked, but I know numerous people run into it a lot. A more proper fix for this is described here: Kernel-mode authentication. We implemented this several months back, and it works fine.
Another good explanation here: MORE 2008 AND KERBEROS: AUTHENTICATION DENIED, APP POOL ACCOUNT BEING INGNORED
To apply to a single site:
cd %windir%\system32\inetsrv
set SiteName=TheSiteName
appcmd.exe set config "%SiteName%" -section:system.webServer/security/authentication/windowsAuthentication /useKernelMode:"True" /useAppPoolCredentials:"True" /commit:apphost
Or to apply to all sites:
%windir%\system32\inetsrv\appcmd.exe set config -section:windowsAuthentication /useAppPoolCredentials:"True" /commit:apphost
How do I display localhost traffic in Fiddler while debugging an ASP.NET application?
try using this:
http://ipv4.fiddler/folder
instead of
http://localhost/folder
this also works with ports
http://ipv4.fiddler:12345/folder
Here is link to fiddler documentation
http://docs.telerik.com/fiddler/Configure-Fiddler/Tasks/MonitorLocalTraffic
To make Fiddler work on localhost with IIS Express you should use this form of URL
http://localhost.fiddler:50262/
This puts correct Host header value (localhost) which satisfies IIS Express.
Start Fiddler.
Go to Tools--> Fiddler Options.
Choose Connections tab.
Check the 'USe PAC Script' option.
Now you will be able to monitor local traffic as well
For an ASP.NET web site project:
1) Right-click the project and select Property Pages
2) Select Start Options
3) Under the Server section, click the "Use custom server" and edit the Base URL by replacing localhost with your computer's name.
Probably the easiest way to monitor traffic to localhost is to replace "localhost" with "localhost." in the browser's URL bar. E.g.
http://localhost./MyApp/default.aspx
Using Fiddler v4:
Check your IE proxy settings
IE->Tools->Internet Options->Connections->Lan Settings
Check your settings in Fiddler:
Fiddler -> Options-> Connections & Https
Check the Fiddler port, default is 8888
In Fiddler-Menu:
File -> Capture Traffic is checked
The following solution worked for me, when using a
HttpClient or
WebClient
from inside an ASP.NET application.
Web.config
<system.net>
<defaultProxy
enabled = "true"
useDefaultCredentials = "true">
<proxy autoDetect="False" bypassonlocal="False" proxyaddress="http://127.0.0.1:8888" usesystemdefault="False" />
</defaultProxy>
Code:
var resourceServerUri = new Uri("http://localhost.fiddler:YourAppServicePort");
var body = c.GetStringAsync(new Uri(resourceServerUri)).Result;
Check if your request actually reaches fiddler by customizing the Fiddler Rules script
Fiddler->Rules->Customize Rules
and hook into the OnBeforeRequest event:
static function OnBeforeRequest(oSession: Session) {
if (oSession.hostname.Contains("localhost:YourPortNumber")
{
System.Windows.Forms.MessageBox.Show(oSession.hostname);
}
Or explicitly by setting a web proxy
WebClient wc = new WebClient();
WebProxy proxy = new WebProxy();
// try one of these URIs
proxy.Address = new Uri("http://127.0.0.1:8888");
proxy.Address = new Uri("http://hostname:8888");
proxy.Address = new Uri("http://localhost.fiddler");
proxy.Address = new Uri("http://ipv4.fiddler");
// https://en.wikipedia.org/wiki/IPv6
proxy.Address = new Uri("http://ipv6.fiddler");
proxy.BypassProxyOnLocal = false; wc.Proxy = proxy;
var b = wc.DownloadString(new Uri(YourResourceServerBaseAddress));
Check out this link...the 'workaround' is hacky, but it does work:
Tip for using Fiddler on localhost
You may use PC hostname instead of 127.0.0.1 or localhost
Checking the "Use PAC Script" in Fiddler Options -> Connections worked for me when using IIS Express within a corporate intranet.
Ensure that in your Fiddler Connections that localhost isn't in the "IE should bypass Fiddler for URLs that start with:" box.
You should uncheck the checkbox:
Bypass proxy server for local addresses
Located at proxy configuration of Internet Explorer.
Try with http://127.0.0.1. <-- note the . at the end
So you can still connect to Casini and debug easily (I'm currently debugging page on http://127.0.0.1.:1718/login/Default.aspx ).
One of the possible solutions is remove the proxy settings in IE as follows.
IE->Tools->Internet Options->Connections->Lan Settings->
disable following
Automatically detect settings
Use automatic configuration script
If trying to catpure HTTPS traffic on a local machine from BizTalk using Fiddler, try using the WCF Adapter Proxy settings. I used an address of: http://localhost:8888/