Most applications in Windows rely directly on the WinINET networking stack (used by IE, Office, and tens of thousands of other applications). Even applications that don’t rely on WinINET will typically still respect the proxy settings configured for WinINET using the Internet Options control panel.

When Fiddler begins capturing as the “system proxy”, under the covers, it simply reconfigures the WinINET proxy settings to point at the Fiddler instance. However, Windows includes multiple HTTP(S) stacks. While Fiddler can work with all of them, applications that do not adopt the WinINET proxy settings will require additional configuration.

Configuring WinHTTP’s Proxy

The WinHTTP stack is designed for use by services and applications that run without any UI. WindowsUpdate patches and other content are typically downloaded by WinHTTP, often utilizing BITS, a higher-level abstraction that’s built atop HTTP’s “ranged download” capabilities.

Applications built atop WinHTTP occasionally don’t respect the WinINET proxy setting. While such apps can be configured to adopt the WinINET proxy settings of the current user (using the WinHttpGetIEProxyConfigForCurrentUser function), some will instead pass WINHTTP_ACCESS_TYPE_DEFAULT_PROXY for the dwAccessType parameter to WinHttpOpen. As noted by MSDN, the WinHTTP default proxy settings are not based on the WinINET proxy settings.

To configure apps using the DEFAULT_PROXY option so that they proxy their traffic through Fiddler, you can use the proxycfg.exe (XP) or netsh.exe (Vista+) utilities.

For XP, you’d either specify the proxy manually:

    proxycfg -p http=127.0.0.1:8888;https=127.0.0.1:8888

...or instruct WinHTTP to import WinINET's proxy settings:

    proxycfg -u

On Vista and later, you need to use an elevated (admin) command prompt to call netsh:

    netsh winhttp set proxy 127.0.0.1:8888 "<-loopback>"

...or import the WinINET proxy settings:

    netsh winhttp import proxy ie

Cross-bitness Apps

On Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2, the netsh command is specific to the bitness (32bit or 64bit) of the calling environment, so you may need to run the above command twice: first using the 32bit NetSh and then using the 64bit NetSh. This blog has more information.

This limitation was fixed in Windows 8; you can call either NetSh just once to set the proxy for both 32bit and 64bit WinHTTP apps.

Automatically Configuring WinHTTP

If you find that you’re often interested in capturing traffic from WinHTTP-based applications, you might find it a hassle to drop to a command-prompt to configure the proxy setting each time you use Fiddler. Fortunately, as a highly-extensible platform, Fiddler allows you to easily automate this process.

In Fiddler, click Rules > Customize Rules to open your FiddlerScript file. Scroll to the OnAttach method and inside it add a new function call to UpdateWinHTTPSettings. Do the same for the OnDetach method. Then implement the method to update the WinHTTP settings:

static function OnAttach() {
    UpdateWinHTTPSettings();
}
static function OnDetach() {
    UpdateWinHTTPSettings();
}

public static ToolsAction("Update WinHTTPSettings")
function UpdateWinHTTPSettings() {
     var oPSI: System.Diagnostics.ProcessStartInfo
              = new System.Diagnostics.ProcessStartInfo();
     oPSI.UseShellExecute = true;
     oPSI.FileName = "netsh.exe";
     oPSI.Verb = "runas";
     oPSI.Arguments = "winhttp import proxy ie";
     System.Diagnostics.Process.Start(oPSI);
}

After saving your FiddlerScript, you will find that each time Fiddler attaches or detaches you will be prompted for administrative permission to update the WinHTTP proxy settings (unless you are running Fiddler as an administrator, in which case the update happens silently).

The ToolsAction attribute applied to the UpdateWinHTTPSettings method enables you to manually invoke an update whenever you like by clicking the item created on Fiddler’s Tools menu.

For pre-Win8 platforms, your script can be updated to also invoke the 32-bit NetSh:

public static ToolsAction("Update WinHTTPSettings")
function UpdateWinHTTPSettings() {
    var oPSI: System.Diagnostics.ProcessStartInfo
              = new System.Diagnostics.ProcessStartInfo();
    oPSI.UseShellExecute = true;
     oPSI.FileName = "netsh.exe";
     oPSI.Verb = "runas";
     oPSI.Arguments = "winhttp import proxy ie";
     System.Diagnostics.Process.Start(oPSI);

    // Re-run 32bit version
    oPSI.FileName = oPSI.FileName =
        Environment.SystemDirectory.Replace("system32", "syswow64")
        + "\\netsh.exe";   
    System.Diagnostics.Process.Start(oPSI);

}

Alternatively, you could update the script to instead launch a batch file that invokes both netsh commands (so that you are prompted for elevation only once).

 

If you often need to capture traffic from WinHTTP apps that don’t adopt the WinINET proxy settings, I hope you find this trick useful!

 

-Eric


About the Author

Eric Lawrence

(@ericlaw) has built websites and web client software since the mid-1990s. After over a decade of working on the web for Microsoft, Eric joined Telerik in October 2012 to enhance the Fiddler Web Debugger on a full-time basis. With his recent move to Austin, Texas, Eric has now lived in the American South, North, West, and East.

Related Posts

Comments