Fiddler not capturing HTTPS - AutoProxy Detection failed.

1 Answer 815 Views
Fiddler Classic
Leo
Top achievements
Rank 1
Leo asked on 15 Sep 2022, 10:21 PM

I have a client shipping application that interfaces with a server. The server then communicates with FedEx.com web services. The communication works fine but I need to analyze the web service communications (request & response) to troubleshoot a problem in the application. I am using Fiddler Classic installed on the Windows Server 2019 application server. I have followed the document on configuring for HTTPS.

When I start capturing, Fiddler shows only HTTP transactions, no HTTPS. I see a HTTP transaction Tunnel to ws.fedex.com:443 but not HTTPS transactions. The shipping application will display an error stating "An error occurred while making the HTTP request to https://ws.fedex.com/web-services/." 

Attached is a screenshot showing captured and HTTPS configuration.

The Fiddler log shows
15:59:56:3692 Progress Telerik Fiddler Classic Running...
15:59:56:3848 Windows 8+ AppContainer isolation feature detected.
15:59:56:3848 Fiddler.Network.AutoProxy> AutoProxy Detection failed.
15:59:56:3848 AutoProxy failed. Disabling for this network.
15:59:56:6035 fiddler.network.https> HTTPS handshake to www.fiddler2.com (for #1) failed. System.IO.IOException Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. < An existing connection was forcibly closed by the remote host


16:00:07:7907 HTTPSLint> Warning: ClientHello record was 347 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
16:00:07:7907 Assembly 'C:\Users\Latitude\AppData\Local\Programs\Fiddler\CertMaker.dll' was not found. Using default Certificate Generator.
16:00:07:8219 /Fiddler.CertMaker> Using .‰+˜ for certificate generation; UseWildcards=True.
16:00:08:0250 [Fiddler] No HTTPS request was received from (w3wp:3636) new client socket, port 51113.
16:00:43:0082 [Fiddler] No HTTPS request was received from (w3wp:3636) new client socket, port 51117.

I checked Tools > WinINET Options > LAN Settings while Fiddler is "Capturing". It is  127.0.0.1:8888 

I tried overriding chaining to the system default proxy by setting Manual configuration in the setting the Tools > Options - Gateway tab http & https to 127.0.0.1:8888. That caused a different problem.Setting it to the IP address still did not work. The application error was " Could not establish trust relationship for the SSL/TLS secure channel with authority 'ws.fedex.com'." . 

The Fiddler log was:
16:52:21:8478 fiddler.network.gateway.connect>Connection to 172.17.3.232 failed. No connection could be made because the target machine actively refused it 172.17.3.232:8888. Will try DNS Failover if available.
16:52:32:8162 fiddler.network.gateway.connect>Connection to fe80::c9b2:e9db:ff6b:5d95%9 failed. No connection could be made because the target machine actively refused it [fe80::c9b2:e9db:ff6b:5d95%9]:8888. Will try DNS Failover if available.
16:52:33:8475 fiddler.network.gateway.connect>Connection to 172.17.3.232 failed. No connection could be made because the target machine actively refused it 172.17.3.232:8888. Will try DNS Failover if available.
16:52:33:9099 WinINET Registry change detected. Verifying proxy keys are intact...
16:52:42:0660 HTTPSLint> Warning: ClientHello record was 347 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
16:52:42:2534 [Fiddler] No HTTPS request was received from (w3wp:3636) new client socket, port 52666.

Hoping some one can help,

Leo Zipper

1 Answer, 1 is accepted

Sort by
0
Nick Iliev
Telerik team
answered on 19 Sep 2022, 10:58 AM

Hello Leo Zipper,

 

I am speculating that your WS 2019 server runs a NET app that makes the requests to FedEx. If that is correct, then consider the following:

- Check and verify that your NET app is configured to use Fiddler https://www.telerik.com/blogs/capturing-traffic-from-.net-services-with-fiddler 

- Verify that you are running FIddler from the same user pool as the NET app.

- Verify that the FedEx server allows third-party user CA and does not expect a specific certificate (certificate pinning).

Regards,
Nick Iliev
Progress Telerik

Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.

Leo
Top achievements
Rank 1
commented on 19 Sep 2022, 05:47 PM

Hello Nick,

I followed the instructions for configuring .NET to use Fiddler and am logged in as the user that the application pool runs under but it still does not work. I am getting the same results. 

Should Fiddler captured sessions show if FedEx or Endicia do not accept third-party CA?  How do I find out if that is the problem? I am getting a HTTP session with a Host of "Tunnel to" .

Thanks for helping

 

Nick Iliev
Telerik team
commented on 20 Sep 2022, 06:32 AM

If FedEx or Endicia or any other service is using a certificate pinning, then it would be expected that you see only the HTTP Connect (tunnels). Then the SSL handshake will fail, so you won't be able to capture & decrypt HTTPS traffic.

Of course, there could be other reasons why the handshake fails (like using a specific TLS version).

Leo
Top achievements
Rank 1
commented on 20 Sep 2022, 09:56 PM

Fiddler4 on Windows Server 2008 works for capturing & decrypting HTTPS to ws.fedex.com and to Endicia. It is not working with the current Fiddler Classic on Windows Server 2019. I doubt the problem is with certificate pinning. If I need to prove that, how do I?
Nick Iliev
Telerik team
commented on 21 Sep 2022, 05:45 AM

Compare both your Fiddler4 and latest Fiddler Classic instance for the used security protocols (and if needed, add/remove a protocol from Fiddler Classic)

Tags
Fiddler Classic
Asked by
Leo
Top achievements
Rank 1
Answers by
Nick Iliev
Telerik team
Share this question
or