Fiddler as reverse proxy with HTTPS?

2 posts, 0 answers
  1. Gerhard
    Gerhard avatar
    1 posts
    Member since:
    Oct 2017

    Posted 23 Oct 2017 Link to this post

    Hi!

    I'm new to Fiddler, I had some success, but there is also an unsolved problem. My setup is:
    - An appliance with an integrated webserver. (This appliance is accessible via HTTP only)
    - A PC with Fiddler (used as a reverse proxy)
    - Another PC with a Browser
    All 3 components are in the same network.

    I want to use Fiddler for 2 tasks:
    - First task is to edit the webpage of the appliance on the fly, I need to remove some content. This works fine, I managed to edit the page with FiddlerScrip. On the PC with the browser I can see the changed webpage.
    - Second task: For later use there is a requirement, that this changed webpage is accessible via HTTPS. I tried a lot of settings in Fiddler, but without success. I can't even see any reaction in Fiddlers Session window when I try to access the changed webpage via HTTPS. I assume that the ports are correct, because it works with HTML. Is there a way to solve this problem?

    regards
    Gerhard

  2. Alexander
    Admin
    Alexander avatar
    336 posts

    Posted 26 Oct 2017 Link to this post

    Hi,

    Sure, there is a way to achieve this.

    First you have to create additional listener on new port. You can achieve with the QuickExec command "!listen", more information how to use it here. Then you have to reroute request coming to that new port using FiddlerScript. Fill the placeholders in the following code snippet and add it to your OnBeforeRequest method. Please, keep in mind that it is written in C# but if you are using JScript.NET you should convert it manually.

    if (oSession.HostnameIs("<hostname>") && oSession.oRequest.pipeClient.LocalPort == <httpsPort>)
    {
        oSession.oRequest.headers.UriScheme = "http";
        oSession.host = "<hostname>:<httpPort>";
    }

    Then navigating to "https://<hostname>:<httpsPort>" should show you the page from your HTTP server, but with HTTPS encryption.

    As a side note I want to mention that in order this to work properly, all machines that want to access your server through HTTPS should trust Fiddler's root certificate as Certificate Authority. Otherwise the browsers will show warnings that the certificate is invalid.

    Regards,
    Alexander
    Progress Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Back to Top