502 errors on http tunnel connection to 443

5 posts, 0 answers
  1. Evan Paul
    Evan Paul avatar
    1 posts
    Member since:
    Feb 2015

    Posted 11 Feb 2015 Link to this post

    Eric - I have used Fiddler as an everyday part of my job for about 5 years now. I am proficient with it. Rarely need to use rule editor - but have done some. 

    Ok, so I have to capture many different websites with Fiddler. Many of them are SSL sites. And I don't think I have ever had this issue.
    When I go to the site https://www.ote.gr/web/guest (its in Greece) it's not very fast and takes a while to load, but with fiddler it is taking longer and I wonder if it is somehow creating the 502's I am seeing. If you go to the site and see how it loads, then use the latest Fiddler (as of today Feb 11 2014 ver v4.4.9.9) you should see the same thing. I tried an old 2.4 fiddler on a different network and different machine too just to see.. no difference. Many of the connections will be ok.. but then you get a bunch of 502s on http to ssl tunnels... then... you'll see that the page doesn't render properly.

    But.. if you were to go to say capture https://www.bankofamerica.com no problem.

    I tried the:
     static function OnBeforeRequest(oSession: Session) {
    if (oSession.HTTPMethodIs("CONNECT") && oSession.HostnameIs("www.ote.com")) 

      oSession["x-OverrideSslProtocols"] = "ssl3"; 
      FiddlerApplication.Log.LogString("Legacy compat applied for inbound request to BuggySite.com"); 

    As you can guess, it didn't help. So I am here looking for a hand. Let me know if you need anything else to help me with this.

    I tried attaching a saz with the 502s for your review but the forum tool wouldn't let me. Maybe too large. I did give you a snap shot of the page render with and without fiddler runnning.

    My hope is you can tell me some timeout parameter to change so that it won't time out or a way to speed up the tunnel connections in case their server infrastructure is what is deciding it's taking too long and drops the connection. Let me know and thanks.

  2. Eric Lawrence
    Eric Lawrence avatar
    832 posts

    Posted 12 Feb 2015 Link to this post

    Hi, Evan--

    You can send me files using Help > Send Feedback inside Fiddler. I'm particularly interested in looking at the timings of the requests and failures, as well as the body of the HTTP/502 responses that Fiddler is showing. The SAZ file you send me will also include what version of Fiddler you're using, an interesting question.

    The site in question does not require SSL3 for use. (If it did, your script below wouldn't work because you're checking that the hostname is www.ote.COM but you need to check for www.ote.GR.)

    Eric Lawrence

    Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

  3. Evan Paul
    Evan Paul avatar
    3 posts
    Member since:
    Feb 2015

    Posted 23 Feb 2015 in reply to Eric Lawrence Link to this post

    Hey all who read this post... Eric and I dialogued in email. He helped me find a solution. Basically it appears this site's web server or load balancer, or something in their web hosting infrastructure is somehow blocking or delaying the connection to a point where it times out. So, we get a bunch of 502s on https connectsion "http to 443 tunnel". So, Eric introduced me to an autoresponder feature in Fiddler called "*ReplyWithTunnel". 
    So I created an autoresponder rule which says if request matches "method:CONNECT www.ote.com" then do what... do this.. "*ReplyWithTunnel". It worked.. now the connections don't assume they are failing and we get the content. This may not work for all issues like this, because in this case, we are getting the static content after we trick the connection failure... some sites may not let you have that content with that issue. But in our case it works!! Thanks Eric!

     Screenshot of the autoresponder and what it does attached.

  4. Evan Paul
    Evan Paul avatar
    3 posts
    Member since:
    Feb 2015

    Posted 23 Feb 2015 in reply to Eric Lawrence Link to this post

    I want to clear something up for those who may read this.. I mistakenly put www.ote.COM, but the site is www.ote.GR 
    I am telling you this so you don't think you had to switch the domain suffix. the .COM was just a typo.
  5. Evan Paul
    Evan Paul avatar
    3 posts
    Member since:
    Feb 2015

    Posted 02 Mar 2015 in reply to Evan Paul Link to this post

    To all who read this post.. when I used Chrome (thanks to a friend's input) the issue with 502s in the captured ceased. So, Chrome works MSIE not so much... with this particular site. Not sure why.. Maybe Eric has an idea.
Back to Top