I would like to connect to a HTTP Proxy with Fiddler Core.
I'm using the
oSession['X-OverrideGateway'] = "HOSTNAME:PORT"code to do it.
Now authentication is needed for the proxy. I see in other question a solution. It says:
oSession.oRequest["Proxy-Authorization"] = "Basic sOMeBASE64eNCODEdSTRING=";Where the hash at the end is the Base64 coding of the 'username:password'
My question about this workaround:
It results a HTTP_PROXY_AUTHORIZATION HTTP header to my requests. Not just from fiddler to the proxy, but also from the proxy to the web.
Shouldn't it be removed by the proxy? As it says here? https://tools.ietf.org/html/rfc7235#section-4.4
Is there a workaround with FiddlerCore so I can connect a HTTP Proxy with credentials without HTTP headers?
NOTE:
When I use Proxifier to connect the same proxy it works without the headers being visible by the websites
5 Answers, 1 is accepted
It results a HTTP_PROXY_AUTHORIZATION HTTP header to my requests. Not just from fiddler to the proxy, but also from the proxy to the web.
Shouldn't it be removed by the proxy? As it says here? https://tools.ietf.org/html/rfc7235#section-4.4
"When multiple proxies are used in a chain,
the Proxy-Authorization header field is consumed by the first inbound
proxy that was expecting to receive credentials. A proxy MAY relay
the credentials from the client request to the next proxy if that is
the mechanism by which the proxies cooperatively authenticate a given
request."
According to the rfc, the upstream proxy MAY relay the header, or it may not. It depends on the vendor's implementation.
Is there a workaround with FiddlerCore so I can connect a HTTP Proxy with credentials without HTTP headers?
Here is a list of all HTTP authentication schemes, I am aware of and all proxy authentication schemes use HTTP headers.
Regards,
Simeon
Progress Telerik
Rank 1
Thank you for the info. What is still not clear for me:
When I connect the same proxy with FiddlerCore or Proxifier it works differently.
I undestand that "A proxy MAY relay the credentials from the client request to the next proxy if that is the mechanism by which the proxies cooperatively authenticate a given request.". But why is it different with proxifier and fiddler core? In one case it relays the credentials and other case it is not.
So I guess the "mechanism" could be changed, but I don't know how. Or what is this mechanism.
When I connect the same proxy with FiddlerCore or Proxifier it works differently. What is this proxy you are connecting to?
But why is it different with proxifier and fiddler core? In one case it relays the credentials and other case it is not. Is it possible that the FiddlerCore is configured to modify the requests, so that this could trigger the upper proxy to relay the authentication?
Regards,
Simeon
Progress Telerik
Rank 1
I only have to provide the Proxy-Authorization header if a Proxy Authentication header was in a response with a status code. It seams ok. But in fiddler core how can I reach the previous response? If I just simply save into a field variable it won't work, since the order of the traffic is not
Request, Response, Request, Response, etc.
But mor like
Request, Response (407), Request, Request, etc.
In the 2nd example on the 3rd Request we shouldn't send the Proxy Authorization header but we will, since the last Response was a 407.
Any ideas?
In the 2nd example on the 3rd Request we shouldn't send the Proxy Authorization header but we will, since the last Response was a 407. I am sorry, but I can not find this 2nd example, could you please send it again.
Regards,
Simeon
Progress Telerik