I'm trying to setup fiddlercore to accept remote connections on port 80 and 443 then act as a proxy to incoming connections - without being configured as the system proxy on the client machine. Similar to how Squid can be configured in transparent mode. So far I've tried a number of variations on the below with no luck.
FiddlerApplication.Startup(3145, false, false);
var altEndPoint = FiddlerApplication.CreateProxyEndpoint(80, true, "*");
altEndPoint.Attach();
var oSecureEndpoint = FiddlerApplication.CreateProxyEndpoint(443, true, "*");
oSecureEndpoint.Attach();
Is what I'm trying to do doing possible, would really appreciate any pointers!
10 Answers, 1 is accepted
Can you elaborate a little more on what specifically you're trying to accomplish?
A Transparent proxy can only function when you have a configuration whereby traffic is forced through it (e.g. by configuring router rules, etc). FiddlerCore can capture traffic that is explicitly sent to it, and can evaluate the URL and host header when deciding where to send it (which are both elements of how a Transparent proxy or Reverse Proxy works) but it doesn't have any way to transparently force a client to use it.
-Eric
DevCraft Q1'14 is here! Watch the online conference to see how this release solves your top-5 .NET challenges. Watch on demand now.
Rank 1
I’m looking to allow capture of traffic, and redirection, on some of the
devices in my home that don’t support having a proxy configured.
So far I’ve taken an open source C# DNS server and written the
query code so that it can return the address of the machine hosting it for
certain domains. So, for example www.bbc.co.uk
is resolved to the server which also has simple port forwarding setup to
forward any traffic received on port 80 or 443 to the correct endpoint for www.bbc.co.uk
I wanted to take this one step further with fiddler core
setup as a transparent proxy, this would hopefully allow me to respond to items
such as *.bbc.co.uk, using the dns server, then fiddler would correctly proxy
these requests to the appropriate endpoints having resolved the ips using a
genuine dns server.
Would it be useful if I posted some of the code I've got at the moment? The problem I'm currently seeing with fiddlercore is that it doesn't seem to like picking up the traffic on 443 or 80 when remote even with remote enabled. On a side note I also managed to get it sending traffic to itself in an infinite loop at one point when testing with just one machine bbc.co.uk -> localhost --> fiddler core --> bbc.co.uk --> localhost etc (human error not fiddlers fault but did have me confused for a while!)
Ps. Love fiddler and thanks for getting back to me on this!
The most useful thing you could do is expound upon this:
> The problem I'm currently seeing with fiddlercore is that it doesn't
> seem to like picking up the traffic on 443 or 80 when remote even
> with remote enabled.
How did you enable remote access? Did you remember to reconfigure your firewall to allow inbound traffic to the process hosting FiddlerCore?
thanks,
-Eric
Rank 1
Turns out that I had enabled the firewall for the app, just
in the release folder of my project not the bin folder. Face palm. Punched open
all the ports regardless of app listening then had another look at what I’m
seeing, cracking open wireshark and the like. It turns out that the port 80
instance of fiddler is functioning correctly. I can spoof the DNS from the
client and redirect to the fiddler endpoint and see the content proxied nicely.
When it comes to the HTTPS endpoint it looks like I’ve
misunderstood the http spec, looking at it in more detail I was expecting the client
to send an “HTTP Connect bob.example.com:443” which would then be proxied by
fiddler. As the client has no idea that its being proxied no connect message is
being sent and the client is attempting to direct connect to the https endpoint
at fiddler. I think this explains why I don’t see the traffic come in and kicking
off the BeforeRequest event.
Cracking open ILSpy it looks like, if I define a single shttpsHostName
when I create the proxy endpoint I’ll be able to intercept that but with a
different cert, as Fiddler will terminate the connection and MITM it.
I think I’m going to wrap up where I am at the moment in a
rough UI and blog about it, as I’m very close to where I wanted to be.
User can host the DNS server on their machine and configure,
say smart TV, to connect through it then capture the traffic with fiddlercore
for latter analysis or redirect straight to a running version of fiddler. Only
downside is that if the app relies on https at some point, say login page, then
this isn’t going to function as expected.
As a really rough workaround I’ve used straight TCP
forwarding which it setup following a DNS request. At this point I treat the
DNS query as if it was an HTTP Connect and setup the tunnel but this falls down
a bit due to caching of queries and if there are multiple https request sequentially.
If you set CONFIG.bUseSNIForCN to True, FiddlerCore will look at the inbound HTTPS connection for a ServerNameIndication TLS extension, and if found, generate a certificate to match the certificate hostname expected by the client as indicated in its handshake.
If that Boolean isn't set to true, or if the client's HTTPS handshake does not include a SNI, then FiddlerCore will use the certificate or hostname provided when the call to CreateProxyEndpoint was made.
Regards,
Eric Lawrence
Telerik
Build cross-platform mobile apps using Visual Studio and .NET. Register for the online webinar on 03/27/2014, 11:00AM US ET.. Seats are limited.
Rank 1
I would like to ask if setting CONFIG.bUseSNIForCN to True in Fiddler is possible? I have the following issue, basically I am using Linux bridge + iptables to preroute HTTP/HTTPS traffic for specific hosts to Fiddler proxy on a local network. Fiddler appears as transperant proxy for the clients and that brakes the CONNECT tunnels. I did try to change CONFIG.bUseSNIForCN using the fiddler.exe.config file but it didn't work, after all .NET is not my field of knowledge. Any thoughts?
To set this value inside Fiddler (rather than FiddlerCore), go to the black QuickExec box below the Web Sessions list on the left hand side of Fiddler. In it, type
prefs set fiddler.network.https.SetCNFromSNI true
and hit Enter.
Regards,
Eric Lawrence
Telerik
Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.
Rank 1
Thank you for your help, unfortunatly that didn't solve the problem. I am still missing something. I have Client (windows PC) -> Linux Bridge (forwarding both ports 80 and 443 to Fiddler native 8888) -> Fiddler listening on port 8888, even though the CONFIG.bUseSNIForCN is set to true it seems the CONNECT tunnel cannot be established. Does fiddler look for inbound HTTPS on port 8888 in the above setup? Is there any option to slice the traffic on two ports one e.g. 8888 dedicated on http and second for HTTPS tunnels e.g. port 444.
Regards,
Vladimir
Dennis Technology Labs
By default, Fiddler doesn't attempt to perform HTTPS handshakes with the client; it expects clients to connect to it using HTTP, as this is how proxies work.
You can tell Fiddler to create a new listening port that will perform a HTTPS handshake for every client that connects; this is discussed in the Fiddler Book (http://fiddlerbook.com)
|
!listen port [SubjectCN] |
Starts a new proxy listener object on the specified port. This listener’s Sessions will be added to the Web Sessions list. The listener instance is automatically configured to permit remote connections. If the CN parameter is present, all inbound connections on this listener will automati- cally invoke a HTTPS handshake; Fiddler will present a certificate containing the specified SubjectCN. This feature is primarily useful when Fiddler is being used as a reverse proxy for a HTTPS site. |
!listen 8889 !listen 4443 secure.example.com
|
In the QuickExec box below Fiddler's Session list, type !listen 8889 secure.example.com
In your browser, you can then visit, e.g. https://127.0.0.1:8889 and see that Fiddler handshakes with the browser, returning a certificate for "secure.example.com"
Keep in mind that you must perform this step each time you restart Fiddler; it doesn't keep track of the new listeners you create across multiple Sessions.
Regards,
Eric Lawrence
Telerik
Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.
Rank 1
Hi Eric,
I am unable to get the http traffic by using fiddler core, I am new to fiddler & fiddlerCore Please help me:
I have connected my Android device to the System using Appium Studio and automated to open the chrome and open some URL in my mobile device.
My mobile is connected to my wifi and PC is connected to LAN
Fiddler tool is open and I am opening a link in the chrome of mobile then, I am able to see the link url in the 'web session list' of fiddler tool.
but with fiddler core i am unable to see the link. My code snippet is below:
FiddlerCoreStartupFlags oFCSF = FiddlerCoreStartupFlags.RegisterAsSystemProxy;
Fiddler.FiddlerApplication.Startup(8877, oFCSF);
Fiddler.FiddlerApplication.BeforeRequest += delegate(Fiddler.Session oS) {
oS.bBufferResponse = false;
Monitor.Enter(oAllSessions);
oAllSessions.Add(oS);
WriteSessionList(oAllSessions);
Monitor.Exit(oAllSessions);
And also as soon as i run this my system proxy settings are changing and i am unable to access the internet.