Configure Fiddler to show sites that use non default ports

5 posts, 1 answers
  1. Ian
    Ian avatar
    4 posts
    Member since:
    Apr 2015

    Posted 08 Apr 2015 Link to this post

    Hi,

    I was wondering if it is possible to configure Fiddler to show...

    1. Sites that use non default ports (ignore 80 and 443).

    2. Sites that bypass a proxy server by going direct. 

     

    Our environment uses a PAC file to direct internet traffic to our PROXY server. Occasionally we find web sites that do not use ports 80 or 443 (and may not be obvious from the URL). Also we sometimes find sites that do not forward traffic to the proxy server and still attempts to access the remote server directly.

     

    Can Fiddler be used to help identify these scenarios?

  2. Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 09 Apr 2015 Link to this post

    Hi, Ian--

    You can easily flag traffic going to a non-default port in Fiddler; simply click Rules > Customize Rules. Inside OnBeforeRequest, add code like:

       if ( (!oSession.isHTTPS && (oSession.port != 80)) ||
            (oSession.isHTTPS && (oSession.port != 443)))
      {
         // Traffic isn't going to default port. Flag it.
         oSession["ui-backcolor"] = "red";
      }
      else
      {
        // Default port. Uncomment next line to hide if desired
        // oSession["ui-hide"] = true;
      }

    Now, your second question is a bit more complicated. The first thing to recognize is that Fiddler is itself a proxy, so if traffic somehow bypasses a proxy, it will never go to Fiddler to begin with. Having said that, in a properly functioning browser, a site does not have any way to send traffic that bypasses a proxy-- in general, only a bug in the browser or in one of its extensions can cause traffic to bypass the proxy. There are a few corner cases where such behavior is explicitly designed into an extension (e.g. some types of video streaming in Flash) but most of those will fall back to going through a proxy if a direct connection is blocked by a firewall.

    Regards,
    Eric Lawrence
    Telerik
     

    See What's Next in App Development. Register for TelerikNEXT.

     
  3. Ian
    Ian avatar
    4 posts
    Member since:
    Apr 2015

    Posted 13 Apr 2015 in reply to Eric Lawrence Link to this post

    Many thanks for this Eric, its really helpful! I see what you mean about Fiddler being a proxy itself and as such wouldnt catch direct requests. 

     Im getting curious about the other ways to utilise fiddler. We have a Websense proxy which blocks pages and displays a block page to the user (although it is not always actually displayed on screen depending on the page, for example video files), there can be multiple blocks as well on complex sites.

    Is there a relatively simple way for fiddler to write to a text file the requested URL (i.e. xxx.com) that came immediately before a block page (http://websense/cgi-bin/blockpage)? So in theory we would have a Hopefully that makes sense.

     

    Many thanks again!

  4. Answer
    Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 13 Apr 2015 Link to this post

    Hello, Ian--

    You should watch your traffic with Fiddler in one of the blocking scenarios to see how they've implemented blocking. My guess would be that the blocked resource results in a HTTP/302 redirect to the blocking page. If so, then yes, you could easily write a rule in Fiddler that captures the original URL for any response that is a 302 with a Location header pointed at the blocking HTML page. Those captured URLs could then be written to a text file or whatever.

    (Having said that, don't most content filtering proxies like websense themselves capture these URL requests and log them somewhere before returning the block to the client?)

    Regards,
    Eric Lawrence
    Telerik
     

    See What's Next in App Development. Register for TelerikNEXT.

     
  5. Ian
    Ian avatar
    4 posts
    Member since:
    Apr 2015

    Posted 15 Apr 2015 in reply to Eric Lawrence Link to this post

    Many thanks Eric, thats really helped and Ive been able to accomplish a nice little script to write out any block pages to a log file which will speed things up for us a lot. Thanks again!
Back to Top