How to act as a proxy only for specific hosts

7 posts, 1 answers
  1. Anuj
    Anuj avatar
    8 posts
    Member since:
    Mar 2015

    Posted 26 Mar 2015 Link to this post

    Hi,

    I have created a desktop app which uses fiddler core to modify requests on specific hosts.
    I am using FiddlerCoreStartupFlags.Default
    The problem I have facing is that it is acting as a proxy for requests going to all hosts.
    I can ignore specific hosts using CONFIG.sHostsThatBypassFiddler but I want to do the other way round i.e. configure hosts which I care about.
    I wanted to know if this is possible.

    Thanks,
    Anuj
  2. Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 26 Mar 2015 Link to this post

    Hello, Anuj--

    Are you trying to capture traffic from ALL applications, or just your OWN application? (If you only want to capture traffic from your own application, how are you issuing the network requests in that application? It would be best to not register as the system proxy if you only want your own traffic)

    There are two ways to control, on a per-host basis, which requests go to a proxy:

     1. You can exempt hosts by adding them to the proxy bypass list. (That's what sHostsThatBypassFiddler controls.)

     2. You can control, on a per-request basis, whether a request goes to a proxy using a proxy-configuration script. You can configure Fiddler to use a proxy-configuration script, but this is somewhat complicated and there are implications to going this route if you use IE or any Windows components that utilize the Zones API (https://msdn.microsoft.com/en-us/library/bb250483(v=vs.85).aspx)

    Regards,
    Eric Lawrence
    Telerik
     

    See What's Next in App Development. Register for TelerikNEXT.

     
  3. Anuj
    Anuj avatar
    8 posts
    Member since:
    Mar 2015

    Posted 26 Mar 2015 in reply to Eric Lawrence Link to this post

    Hi Eris, thanks for the quick reply.
    I am not capturing traffic for applications I own. I am capturing browser traffic and am only interested in specific hosts.
    Option 1 is not very feasible since I will have exempt hosts one by one and I might not be aware of all hosts that are hit by folks using my app.

    The reason why I wanted to ignore all traffic except certain hosts is that I see endless prompts on IE with intranet sites. I am decrypting ssl for only hosts that I am interested in so cannot apply the workaround mentioned here http://blogs.msdn.com/b/fiddler/archive/2011/09/04/fiddler-http-401-authentication-workaround-to-support-channel-binding-tokens-removing-endless-prompts.aspx

    Since I am facing issues with only intranet sites, is there a way I can exempt all intranet traffic?

    Thanks,
    Anuj
  4. Answer
    Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 26 Mar 2015 Link to this post

    Proxy bypass lists support the special token <local> which matches any hostname that does not contain a dot; this is the most common way that a site is determined to be Intranet. So you could set your sHostsThatBypassFiddler value to "<local>;" to prevent having those sites' traffic run through Fiddler.

    Regards,
    Eric Lawrence
    Telerik
     

    See What's Next in App Development. Register for TelerikNEXT.

     
  5. Anuj
    Anuj avatar
    8 posts
    Member since:
    Mar 2015

    Posted 27 Mar 2015 in reply to Eric Lawrence Link to this post

    Thanks Eric, that solved my problem.
    It would be good though to have an option to only act as a proxy for specific hosts. Right now, I check if the host is in the list that I am interested in, otherwise, I set oSession["x-no-decrypt"] = "do not care." It would be good if I don't even act as a proxy for the uninteresting hosts.
  6. Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 30 Mar 2015 Link to this post

    Hi, Anuj--

    Yes, that option would be nice. All we need to do is convince all of the browsers and HTTP stacks that the existing proxy configuration script approach I mentioned below isn't good enough and get them to implement a new option for proxy configuration that does what you want. Unfortunately, that's not very feasible.

    FWIW, instead of just setting x-no-decrypt, you should call oSession.Ignore() on Sessions you don't care about. This improves performance.

    Regards,
    Eric Lawrence
    Telerik
     

    See What's Next in App Development. Register for TelerikNEXT.

     
  7. Anuj
    Anuj avatar
    8 posts
    Member since:
    Mar 2015

    Posted 30 Mar 2015 in reply to Eric Lawrence Link to this post

    Thanks Eric!
Back to Top