Hi,
I am developing an app in WPF that uses REST calls and response of REST appears on WPF form.
I wan to capture this traffic of REST calls in a log file.
For Http,It is working fine.
But in case of Https,It is now working properly.There are two Issue
For Https I using approach as suggested in link
http://weblog.west-wind.com/posts/2014/Jul/29/Using-FiddlerCore-to-capture-HTTP-Requests-with-NET#AddingFiddlerCertificateswithFiddlerCore
1) Every time Fiddler start it changes LAN setting from "Automatically detect settings" to "Use a proxy server.......".
2) If I made some request it says
Request Method:
PUT
The underlying connection was closed: An unexpected error occurred on a receive.
and Fiddler log like
ONNECT http://mytestapp.cloudapp.net:443 HTTP/1.1
Host: mytestapp.cloudapp.net
A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.
Version: 3.1 (TLS/1.0)
Random: 55 A6 4B 5F C1 4F A3 2A 10 90 E0 53 3A BA 14 4E 32 BE 97 ED EB 9A 2C E4 CB 49 A9 E4 7A 9B 77 CC
"Time": 8/30/2020 6:45:01 PM
SessionID: 21 46 00 00 74 14 CC B0 49 74 2E 55 2E C9 16 29 C4 AB F2 55 72 78 B5 11 84 63 DB F4 B9 4F 65 E8
Extensions:
renegotiation_info 00
server_name mysslrpcloudservice.cloudapp.net
elliptic_curves secp256r1 [0x17], secp384r1 [0x18]
ec_point_formats uncompressed [0x0]
SessionTicket empty
Ciphers:
[002F] TLS_RSA_AES_128_SHA
[0035] TLS_RSA_AES_256_SHA
[0005] SSL_RSA_WITH_RC4_128_SHA
[000A] SSL_RSA_WITH_3DES_EDE_SHA
[C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
[C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
[C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
[C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
[0032] TLS_DHE_DSS_WITH_AES_128_SHA
[0038] TLS_DHE_DSS_WITH_AES_256_SHA
[0013] SSL_DHE_DSS_WITH_3DES_EDE_SHA
[0004] SSL_RSA_WITH_RC4_128_MD5
Compression:
[00] NO_COMPRESSION
Response Headers :HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 17:30:31.982
Connection: close
Response Body :
What is the problem?Plz help.
4 Answers, 1 is accepted
First things first-- If you run your app without FiddlerCore but with Fiddler running, does it work properly?
1> Every time Fiddler start it changes LAN setting from "Automatically detect settings" to "Use a proxy server.......".
That's entirely expected and doesn't cause any problems.
2>The underlying connection was closed: An unexpected error occurred on a receive.
Fiddler.FiddlerApplication.OnNotification += delegate(object sender, NotificationEventArgs oNEA) { Trace.WriteLine("** NotifyUser: " + oNEA.NotifyString); };
Fiddler.FiddlerApplication.Log.OnLogString += delegate(object sender, LogEventArgs oLEA) { Trace.WriteLine("** LogString: " + oLEA.LogString); };
Regards,
Eric Lawrence
Telerik
Rank 1
Hi,
I have injecting code to trace errors below error occured
fiddler.network.https> HTTPS handshake to mytestservice.cloudapp.net failed. System.Security.Authentication.AuthenticationException The remote certificate is invalid according to the validation procedure.
Code I am using.
//To start Fiddler
private void PerformTestExecution(object obj)
{
CaptureConfiguration.ProcessId = Process.GetCurrentProcess().Id;
if (true)
{
if (!Fiddler.FiddlerApplication.IsStarted())
{
InstallCertificate();
Fiddler.FiddlerApplication.AfterSessionComplete += FiddlerApplication_AfterSessionComplete;
Fiddler.FiddlerApplication.Startup(8888, true, true, true);
}
Fiddler.FiddlerApplication.OnNotification += delegate(object sender, NotificationEventArgs oNEA)
{
File.AppendAllText(Path.Combine(GlobalStorage.GetInstance().LogsPath, "Fiddler.log"), oNEA.NotifyString.ToString());
};
Fiddler.FiddlerApplication.Log.OnLogString += delegate(object sender, LogEventArgs oLEA)
{
File.AppendAllText(Path.Combine(GlobalStorage.GetInstance().LogsPath, "Fiddler.log"), oLEA.LogString);
// Trace.WriteLine("** LogString: " + oLEA.LogString);
};
}
ExecuteTest();
}
//To Stop Fiddler
public void Stop(object obj)
{
UninstallCertificate();
Fiddler.FiddlerApplication.AfterSessionComplete -= FiddlerApplication_AfterSessionComplete;
if (Fiddler.FiddlerApplication.IsStarted())
{
Fiddler.FiddlerApplication.Shutdown();
}
}
//to lod traffic
public void FiddlerApplication_AfterSessionComplete(Session sess)
{
if (sess == null || sess.oRequest == null || sess.oRequest.headers == null)
return;
string headers = sess.oRequest.headers.ToString();
var reqBody = Encoding.UTF8.GetString(sess.RequestBody);
// if you wanted to capture the response
string respHeaders = sess.oResponse.headers.ToString();
var respBody = Encoding.UTF8.GetString(sess.ResponseBody);
// replace the HTTP line to inject full URL
string firstLine = sess.RequestMethod + " " + sess.fullUrl + " " + sess.oRequest.headers.HTTPVersion;
int at = headers.IndexOf("\r\n");
//if (at < 0)
// return;
headers = firstLine + "\r\n" + headers.Substring(at + 1);
string output = headers + "\r\n" +
(!string.IsNullOrEmpty(reqBody) ? reqBody + "\r\n" : string.Empty) +
"Response Headers :" + respHeaders + "\r\n\r\n" +
"Response Body :" + respBody + "\r\n\r\n" +
Separator + "\r\n\r\n";
// must marshal to UI thread
File.AppendAllText(Path.Combine(GlobalStorage.GetInstance().LogsPath, "Fiddler.log"), output.ToString());
}
public static bool InstallCertificate()
{
if (!CertMaker.rootCertExists())
{
if (!CertMaker.createRootCert())
return false;
if (!CertMaker.trustRootCert())
return false;
}
return true;
}
public static bool UninstallCertificate()
{
if (CertMaker.rootCertExists())
{
if (!CertMaker.removeFiddlerGeneratedCerts(true))
return false;
}
return true;
}
Rank 1
fiddler.network.https> HTTPS handshake to mytestservice.cloudapp.net failed. System.Security.Authentication.AuthenticationException The remote certificate is invalid according to the validation procedure.
Means that the server presented a bad certificate (either self-signed, chained to an untrusted root, or containing an incorrect hostname).
As shown in the Demo\Program.cs, your code can apply any validation logic it likes to permit an otherwise valid or invalid certificate to be handled differently:
// allow a specific (even invalid) certificate by implementing
// and assigning a callback...
FiddlerApplication.OnValidateServerCertificate += new System.EventHandler<ValidateServerCertificateEventArgs>(CheckCert);
/// <summary>
/// This callback allows your code to evaluate the certificate for a site and optionally override default validation behavior for that certificate.
/// You should not implement this method unless you understand why it is a security risk.
/// </summary>
static void CheckCert(object sender, ValidateServerCertificateEventArgs e)
{
if (null != e.ServerCertificate)
{
Console.WriteLine("Certificate for " + e.ExpectedCN + " was for site " + e.ServerCertificate.Subject + " and errors were " + e.CertificatePolicyErrors.ToString());
if (e.ServerCertificate.Subject.Contains("fiddler2.com"))
{
Console.WriteLine("Got a certificate for fiddler2.com. We'll say this is also good for any other site, like https://fiddlertool.com.");
e.ValidityState = CertificateValidity.ForceValid;
}
}
}
Eric Lawrence
Telerik