FiddlerCore Integration with WPF app

5 posts, 0 answers
  1. Uma
    Uma avatar
    4 posts
    Member since:
    Jul 2012

    Posted 15 Jul 2015 Link to this post

    Hi,

     I am developing an app in WPF that uses REST calls and response of REST appears on WPF form.

    I wan to capture this traffic of REST calls in a log file.

    For Http,It is working fine.

    But in case of Https,It is now working properly.There are two Issue

    For Https I using approach as suggested in link

    http://weblog.west-wind.com/posts/2014/Jul/29/Using-FiddlerCore-to-capture-HTTP-Requests-with-NET#AddingFiddlerCertificateswithFiddlerCore​

    1) Every time Fiddler start it changes LAN setting from "Automatically detect settings" to  "Use a proxy server.......".

    2) If I made some request it says

    Request Method: 
    PUT
    The underlying connection was closed: An unexpected error occurred on a receive.

    and Fiddler log like

    ONNECT http://mytestapp.cloudapp.net:443 HTTP/1.1

    Host: mytestapp.cloudapp.net

    A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

    Version: 3.1 (TLS/1.0)
    Random: 55 A6 4B 5F C1 4F A3 2A 10 90 E0 53 3A BA 14 4E 32 BE 97 ED EB 9A 2C E4 CB 49 A9 E4 7A 9B 77 CC
    "Time": 8/30/2020 6:45:01 PM
    SessionID: 21 46 00 00 74 14 CC B0 49 74 2E 55 2E C9 16 29 C4 AB F2 55 72 78 B5 11 84 63 DB F4 B9 4F 65 E8
    Extensions: 
    renegotiation_info 00
    server_name mysslrpcloudservice.cloudapp.net
    elliptic_curves secp256r1 [0x17], secp384r1 [0x18]
    ec_point_formats uncompressed [0x0]
    SessionTicket empty
    Ciphers: 
    [002F] TLS_RSA_AES_128_SHA
    [0035] TLS_RSA_AES_256_SHA
    [0005] SSL_RSA_WITH_RC4_128_SHA
    [000A] SSL_RSA_WITH_3DES_EDE_SHA
    [C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
    [C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
    [C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
    [C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    [0032] TLS_DHE_DSS_WITH_AES_128_SHA
    [0038] TLS_DHE_DSS_WITH_AES_256_SHA
    [0013] SSL_DHE_DSS_WITH_3DES_EDE_SHA
    [0004] SSL_RSA_WITH_RC4_128_MD5

    Compression: 
    [00] NO_COMPRESSION



    Response Headers :HTTP/1.1 200 Connection Established
    FiddlerGateway: Direct
    StartTime: 17:30:31.982
    Connection: close


    Response Body :

     

    What is the problem?Plz help.​​

  2. Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 15 Jul 2015 Link to this post

    Hi, Uma--

    First things first-- If you run your app without FiddlerCore but with Fiddler running, does it work properly?

    1> Every time Fiddler start it changes LAN setting from "Automatically detect settings" to  "Use a proxy server.......".

    That's entirely expected and doesn't cause any problems.

    2>The underlying connection was closed: An unexpected error occurred on a receive.

     
    There are a few possibilities here, including that your code mangles the request in some way, or you haven't properly configured FiddlerCore to decrypt HTTPS traffic and/or configured Windows to trust the certificate used by the client. It would be helpful if you could share your code and add the notification events to capture any error messages:

        Fiddler.FiddlerApplication.OnNotification += delegate(object sender, NotificationEventArgs oNEA) { Trace.WriteLine("** NotifyUser: " + oNEA.NotifyString); };
                Fiddler.FiddlerApplication.Log.OnLogString += delegate(object sender, LogEventArgs oLEA) { Trace.WriteLine("** LogString: " + oLEA.LogString); };

    Regards,
    Eric Lawrence
    Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  3. Uma
    Uma avatar
    4 posts
    Member since:
    Jul 2012

    Posted 15 Jul 2015 in reply to Eric Lawrence Link to this post

    Hi,

    I have injecting code to trace errors below error occured

    fiddler.network.https> HTTPS handshake to mytestservice.cloudapp.net failed. System.Security.Authentication.AuthenticationException The remote certificate is invalid according to the validation procedure.​

    Code I am using.

     //To start Fiddler
    private void PerformTestExecution(object obj)
            {

                CaptureConfiguration.ProcessId = Process.GetCurrentProcess().Id;
                if (true)
                {
                    if (!Fiddler.FiddlerApplication.IsStarted())
                    {
                        InstallCertificate();
                        Fiddler.FiddlerApplication.AfterSessionComplete += FiddlerApplication_AfterSessionComplete;
                        Fiddler.FiddlerApplication.Startup(8888, true, true, true);
                    }
                    Fiddler.FiddlerApplication.OnNotification += delegate(object sender, NotificationEventArgs oNEA) 
                    {
                        File.AppendAllText(Path.Combine(GlobalStorage.GetInstance().LogsPath, "Fiddler.log"), oNEA.NotifyString.ToString());
                    };
                    Fiddler.FiddlerApplication.Log.OnLogString += delegate(object sender, LogEventArgs oLEA) 
                    {
                        File.AppendAllText(Path.Combine(GlobalStorage.GetInstance().LogsPath, "Fiddler.log"), oLEA.LogString);                    
                       // Trace.WriteLine("** LogString: " + oLEA.LogString); 
                    };
                }
                ExecuteTest();


            }

    //To Stop Fiddler
     public void Stop(object obj)
            {
                UninstallCertificate();
                Fiddler.FiddlerApplication.AfterSessionComplete -= FiddlerApplication_AfterSessionComplete;
                if (Fiddler.FiddlerApplication.IsStarted())
                {
                    Fiddler.FiddlerApplication.Shutdown();
                }
                
            }

    //to lod traffic
    public void FiddlerApplication_AfterSessionComplete(Session sess)
            {
                           
                    if (sess == null || sess.oRequest == null || sess.oRequest.headers == null)
                        return;

                    string headers = sess.oRequest.headers.ToString();
                    var reqBody = Encoding.UTF8.GetString(sess.RequestBody);

                    // if you wanted to capture the response
                    string respHeaders = sess.oResponse.headers.ToString();
                    var respBody = Encoding.UTF8.GetString(sess.ResponseBody);

                    // replace the HTTP line to inject full URL
                    string firstLine = sess.RequestMethod + " " + sess.fullUrl + " " + sess.oRequest.headers.HTTPVersion;
                    int at = headers.IndexOf("\r\n");
                    //if (at < 0)
                    //    return;
                    headers = firstLine + "\r\n" + headers.Substring(at + 1);

                    string output = headers + "\r\n" +
                                    (!string.IsNullOrEmpty(reqBody) ? reqBody + "\r\n" : string.Empty) +
                                    "Response Headers :" + respHeaders + "\r\n\r\n" +
                                    "Response Body :" + respBody + "\r\n\r\n" +
                                    Separator + "\r\n\r\n";

                    // must marshal to UI thread
                    File.AppendAllText(Path.Combine(GlobalStorage.GetInstance().LogsPath, "Fiddler.log"), output.ToString());
                
            }

            public static bool InstallCertificate()
            {
                if (!CertMaker.rootCertExists())
                {
                    if (!CertMaker.createRootCert())
                        return false;

                    if (!CertMaker.trustRootCert())
                        return false;
                }

                return true;
            }

            public static bool UninstallCertificate()
            {
                if (CertMaker.rootCertExists())
                {
                    if (!CertMaker.removeFiddlerGeneratedCerts(true))
                        return false;
                }
                return true;
            }

     

     

  4. Uma
    Uma avatar
    4 posts
    Member since:
    Jul 2012

    Posted 16 Jul 2015 in reply to Eric Lawrence Link to this post

    Also my web service connection is encrypted with 256 bit encryption.The Connection uses TLS 1.2.
  5. Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 16 Jul 2015 Link to this post

    This:

    fiddler.network.https> HTTPS handshake to mytestservice.cloudapp.net failed. System.Security.Authentication.AuthenticationException The remote certificate is invalid according to the validation procedure.​

    Means that the server presented a bad certificate (either self-signed, chained to an untrusted root, or containing an incorrect hostname).

    As shown in the Demo\Program.cs, your code can apply any validation logic it likes to permit an otherwise valid or invalid certificate to be handled differently:

       // allow a specific (even invalid) certificate by implementing
       // and assigning a callback...
       FiddlerApplication.OnValidateServerCertificate += new System.EventHandler<ValidateServerCertificateEventArgs>(CheckCert);


            /// <summary>
          /// This callback allows your code to evaluate the certificate for a site and optionally override default validation behavior for that certificate.
          /// You should not implement this method unless you understand why it is a security risk.
         /// </summary>
        static void CheckCert(object sender, ValidateServerCertificateEventArgs e)
        {
            if (null != e.ServerCertificate)
            {
                Console.WriteLine("Certificate for " + e.ExpectedCN + " was for site " + e.ServerCertificate.Subject + " and errors were " + e.CertificatePolicyErrors.ToString());

                if (e.ServerCertificate.Subject.Contains("fiddler2.com"))
                {
                    Console.WriteLine("Got a certificate for fiddler2.com. We'll say this is also good for any other site, like https://fiddlertool.com.");
                    e.ValidityState = CertificateValidity.ForceValid;
                }
            }
        }

     
    Regards,
    Eric Lawrence
    Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Back to Top