Connect HTTP Proxy with Authorization in FiddlerCore

6 posts, 0 answers
  1. Tomi
    Tomi avatar
    3 posts
    Member since:
    Dec 2018

    Posted 13 Dec 2018 Link to this post

    I would like to connect to a HTTP Proxy with Fiddler Core.

    I'm using the 

    oSession['X-OverrideGateway'] = "HOSTNAME:PORT"

    code to do it.

    Now authentication is needed for the proxy. I see in other question a solution. It says:

    oSession.oRequest["Proxy-Authorization"] = "Basic sOMeBASE64eNCODEdSTRING=";

    Where the hash at the end is the Base64 coding of the 'username:password'

    My question about this workaround:

     
    It results a HTTP_PROXY_AUTHORIZATION HTTP header to my requests. Not just from fiddler to the proxy, but also from the proxy to the web.
    Shouldn't it be removed by the proxy? As it says here? https://tools.ietf.org/html/rfc7235#section-4.4
    Is there a workaround with FiddlerCore so I can connect a HTTP Proxy with credentials without HTTP headers?

    NOTE:

    When I use Proxifier to connect the same proxy it works without the headers being visible by the websites

  2. Simeon
    Admin
    Simeon avatar
    228 posts

    Posted 19 Dec 2018 Link to this post

    Hello Tomi,

    It results a HTTP_PROXY_AUTHORIZATION HTTP header to my requests. Not just from fiddler to the proxy, but also from the proxy to the web.
    Shouldn't it be removed by the proxy? As it says here? https://tools.ietf.org/html/rfc7235#section-4.4

       "When multiple proxies are used in a chain,
       the Proxy-Authorization header field is consumed by the first inbound
       proxy that was expecting to receive credentials.  A proxy MAY relay
       the credentials from the client request to the next proxy if that is
       the mechanism by which the proxies cooperatively authenticate a given
       request."

    According to the rfc, the upstream proxy MAY relay the header, or it may not. It depends on the vendor's implementation.

    Is there a workaround with FiddlerCore so I can connect a HTTP Proxy with credentials without HTTP headers?
    Here is a list of all HTTP authentication schemes, I am aware of and all proxy authentication schemes use HTTP headers.

    Regards,
    Simeon
    Progress Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  3. Tomi
    Tomi avatar
    3 posts
    Member since:
    Dec 2018

    Posted 21 Dec 2018 in reply to Simeon Link to this post

    Thank you for the info. What is still not clear for me:

    When I connect the same proxy with FiddlerCore or Proxifier it works differently.

    I undestand that "A proxy MAY relay the credentials from the client request to the next proxy if that is the mechanism by which the proxies cooperatively authenticate a given request.". But why is it different with proxifier and fiddler core? In one case it relays the credentials and other case it is not.

     

    So I guess the "mechanism" could be changed, but I don't know how. Or what is this mechanism.

  4. Simeon
    Admin
    Simeon avatar
    228 posts

    Posted 02 Jan Link to this post

    Hi,

    When I connect the same proxy with FiddlerCore or Proxifier it works differently. What is this proxy you are connecting to?

    But why is it different with proxifier and fiddler core? In one case it relays the credentials and other case it is not. Is it possible that the FiddlerCore is configured to modify the requests, so that this could trigger the upper proxy to relay the authentication?
     
    Regards,
    Simeon
    Progress Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  5. Tomi
    Tomi avatar
    3 posts
    Member since:
    Dec 2018

    Posted 04 Jan in reply to Simeon Link to this post

    As I can see the attached image

    I only have to provide the Proxy-Authorization header if a Proxy Authentication header was in a response with a status code. It seams ok. But in fiddler core how can I reach the previous response? If I just simply save into a field variable it won't work, since the order of the traffic is not
    Request, Response, Request, Response, etc.
    But mor like
    Request, Response (407), Request, Request, etc.
    In the 2nd example on the 3rd Request we shouldn't send the Proxy Authorization header but we will, since the last Response was a 407.
    Any ideas?
  6. Simeon
    Admin
    Simeon avatar
    228 posts

    Posted 07 Jan Link to this post

    I only have to provide the Proxy-Authorization header if a Proxy Authentication header was in a response with a status code. This is not always the case. You can provide the Proxy-Authorization header in advance. You do not need to receive a 407 response with Proxy-Authentication header before you can send a request with a Proxy-Authorization header. This is because the HTTP protocol is a stateless protocol. The sole purpose of the 407 Proxy Authentication Required response is to inform the user that he must authenticate. The proxy is not required to keep a state and it will reply with 407 to each request without the Proxy-Authorization header.

    In the 2nd example on the 3rd Request we shouldn't send the Proxy Authorization header but we will, since the last Response was a 407. I am sorry, but I can not find this 2nd example, could you please send it again.

    Regards,
    Simeon
    Progress Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Back to Top