Capture all IIS traffic, on the Web server

1 Answer 2737 Views
Fiddler Classic
Lee
Top achievements
Rank 1
Lee asked on 07 Aug 2015, 05:19 PM

It sounds so simple.  I want to capture all IIS traffic​--not just ASP.NET traffic​--including "static" file traffic (images, CSS, etc.) without shoving the static files through the ASP.NET pipeline.  I want to do this on the Web server, entirely​--no reverse proxy shoving the traffic across the network through a remote machine.

(I've asked the Internet, and tried too many things.  None of them work.  When people say IIS, they mean ASP.NET.  I mean IIS.  When people want to capture, they are fine with reverse-proxy to another machine.  I am not.)

I hope I'm missing something obvious.

Thanks in advance.

Eric Lawrence
Telerik team
commented on 07 Aug 2015, 07:11 PM

Hi, Lee--

Sorry, but it's not really clear what you're asking.

If you want to capture all traffic from IIS, you have to configure ASP.NET and all of the other stacks (e.g. WinHTTP) to send their requests through Fiddler.

If you want to capture all traffic to IIS, you have to run Fiddler in reverse proxy mode on port 80, having it forward all inbound requests to the port to which you've moved your IIS server (e.g. port 8080). 

If this is a production server, of course, you first need to ensure that the load on the server is commensurate with the resources available to Fiddler to proxy that load.

Regards,
Eric Lawrence
Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Lee
Top achievements
Rank 1
commented on 07 Aug 2015, 07:32 PM

Thanks, Eric.

I want to capture all IIS traffic (from and to) "on the server."  I don't know how to make that clearer.  :]

It is a dev server.

I hate to phrase it this way, but I want Fiddler to do what Wireshark "just does."  I realize Wireshark is not a proxy.  The proxy part of Fiddler can be a real challenge at times.  (I know you've commented on so many people saying "I followed the instructions, but it just doesn't work."  Today, that became me.)  If I want Fiddler to do (far better) what any browser's dev toolbar "just does," Fiddler is fairly easy to set up.  If I want Fiddler to "serve me" as a server-side developer, the proxy is a real hassle--due to Microsoft's choices, no fault of Fiddler's, but I still feel the pain.  I can't find a single document online that has working instructions (for my current setup), partly because there are so many variables, for the proxy to deal with.  Fiddler "version" (2 v. 4), OS version, IIS version, AppPool account, other AppPool settings (Load User Profile), directory permissions, bitness (32- or 64-), various file proxy settings (ignore local--understanding local, loopback, override, machinename, restarting services, lions, tigers, bears--oh my), etc.  I think a full flow-chart would look like a worse version of the old Florida voters' ballot joke (http://0.tqn.com/d/politicalhumor/1/S/L/_/florida_confusing_ballot.jpg).  Ugh.  Have I mentioned that Wireshark just works?  You know I love Fiddler.  I don't want Wireshark packets; I want Fiddler sessions.  Can I get a WinPcap Fiddler option?!  :]

I'm now on Windows 8.1, with Hyper-V, which makes my machine's IP come from a virtual network, even though I'm the host OS.  Good grief.  I did this so easily in previous OS versions.  Now, nothing works.  I can't get my ASP.Net app to break when I set an invalid proxy address.  Again, not Fiddler's fault, but I'm only dealing with it because Fiddler is a proxy.

1 Answer, 1 is accepted

Sort by
0
Accepted
Eric Lawrence
Telerik team
answered on 07 Aug 2015, 08:28 PM
If Wireshark truly "just works" (e.g. you're not using any secure traffic anywhere) then it's simple enough-- capture the traffic with Wireshark, save it to a PCAP, and import it to Fiddler using File > Import > Packet Capture.

If you want Fiddler to capture traffic coming *in* to your IIS server and going *out* from your IIS server, then you need to run Fiddler in both reverse proxy mode and normal proxy mode. First, get Fiddler capturing the traffic coming out from your IIS server (by editing machine.config & setting the proxy settings for WinHTTP to 127.0.0.1:8888, etc). Then, move your IIS instance to a different port (8080) and configure Fiddler to listen on port 80 as well (e.g. type !listen 80 in QuickExec to set up a second listening endpoint). In FiddlerScript, you then need to forward requests received on port 80 to your IIS instance (8080).

Regards,
Eric Lawrence
Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Lee
Top achievements
Rank 1
commented on 07 Aug 2015, 08:58 PM

Good stuff!  Thanks, Eric.  Much appreciated, as always.
Lee
Top achievements
Rank 1
commented on 07 Aug 2015, 09:02 PM

Oh, wait, the proposed method of capturing outgoing traffic will only capture ASP.NET traffic.  Can I force IIS to use WinINet?!  Sheesh.  wish@microsoft.com
Lee
Top achievements
Rank 1
commented on 07 Aug 2015, 09:04 PM

Bah.  Hasty replies.  Sorry.  You did say "& setting the proxy settings for WinHTTP to 127.0.0.1:8888"
Tags
Fiddler Classic
Asked by
Lee
Top achievements
Rank 1
Answers by
Eric Lawrence
Telerik team
Share this question
or