Fiddler classic | HTTPS decryption | application basis;

1 Answer 279 Views
Fiddler Classic Windows
Zach
Top achievements
Rank 1
Zach asked on 18 Aug 2021, 11:43 PM

Hello,

I am very new to this program, I was wondering if it were at all possible for fiddler to only monitor traffic of ONE application only.

So that the fiddler only monitors one particular program/excutable, and everything else does NOT go through the proxy?

I tried to use OnBeforeRequest function: listed here - https://docs.telerik.com/fiddler/configure-fiddler/tasks/decrypthttps#skip-traffic-decryption-for-an-application but its still going though the proxy, the proxy is just chosing not to decrypt it, I basically want all to blacklist everything and whitelist X application to go through fiddler, and decrypt the HTTPS.

1 Answer, 1 is accepted

Sort by
0
Nick Iliev
Telerik team
answered on 19 Aug 2021, 06:10 AM

Hello Zach Davey,

 

By default, Fiddler is set as a system proxy and will act as a MITM proxy, meaning it will capture all the traffic through the OS system proxy. That includes the traffic from applications that are using the system proxy. 

The above said you could stop using Fiddler as a system proxy (disable Capturing) and set the Fiddle proxy to be explicitly used by the wanted program only. For example, in Firefox, that can be done via Options > Connection Settings > Manual Proxy Configuration (instead of the default Use System Proxy) and setting the Fiddler IP and port.

Alternatively, you can visually show/hide traffic only from a specific process. That can be achieved through the process filter called Any Process (drag the icon to a particular process to show only traffic generated from that process) or by applying your custom logic from FiddlerScript (suggested solution here).

 

Regards,
Nick Iliev
Progress Telerik

Love the Telerik and Kendo UI products and believe more people should try them? Invite a fellow developer to become a Progress customer and each of you can get a $50 Amazon gift voucher.

Zach
Top achievements
Rank 1
commented on 19 Aug 2021, 09:13 PM | edited

Hi thanks for the answer.

So does F12 stop windows from using Fiddler as the system wide proxy?

And the issue I have is the application I have does not have any way to connect to it via a proxy.

Do you know of any software which will allow me to specify each program to use said proxy? I found proxifier but not sure of alternatives and what would be safe and trusted.

My issue is I want to decrypt the HTTPS of only one application, and not have my entire system go through it (I see I can limit this to only non browsers but that doesnt really help me too much), I want to just do it from a saftey standpoint, so that ONLY the program I want will be compramised in terms of HTTPS decryption.

Hopefully that makes sense and you could add some insight?

PS. It would be very cool if the devs could add this as a feature :)

Nick Iliev
Telerik team
commented on 20 Aug 2021, 10:32 AM

Yes, F12 will remove the Fiddler from the Windows's Proxy Settings. However, applications using other proxy configurations might still be captured even when capturing is turned off. As a disclaimer, I want to underline that the data captured from Fiddler Classic is not stored anywhere unless you explicitly choose to save or export the data. All captured traffic is available only for the user that utilizes the Fiddler Classic application.

That said, you also have the option to skip a process from being decrypted. That can be achieved through FiddlerScript and the exposed events, as shown in this documentation article. In your case, that would mean explicitly remove the decryption for any application that you wouldn't like to see decrypted.
Zach
Top achievements
Rank 1
commented on 20 Aug 2021, 10:44 AM

Hello,

Thanks for the reply. In the code fir fiddlerscript do I replace "outlook" with the process window title? Im not sure how to implement the code could you give and example? Thank you.

Nick Iliev
Telerik team
commented on 20 Aug 2021, 02:22 PM

You should know the process name or at least a crucial part of it and use it with some of the build-in methods (for example, in the sample code the method StartsWith). You could see the process name while using the X-PROCESSINFO flag (in FiddlerScript) or by directly seeing the actual process name within the Windows OS taskbar.

The documentation example is pretty much self-explanatory but you could refer to the documentation to learn more about the Session object and the OnBeforeRequest event.

An example on using X-PROCESSNAME with the OnBeforeRequest event.

Tags
Fiddler Classic Windows
Asked by
Zach
Top achievements
Rank 1
Answers by
Nick Iliev
Telerik team
Share this question
or