Fiddler not showing websocket protocol using ws prefix

3 Answers 4353 Views
Windows
Eric
Top achievements
Rank 1
Eric asked on 31 Oct 2017, 05:33 PM

I use fiddler to review many of the http and https communications from our application. We have a websocket implementation connected to a phoenix/elixir server using the ws prefix. So our url looks like ws://{ip}:4000/socket/websocket. None of the communications from our application to this end point are visible in Fiddler. I can see any and all http and https traffic we're doing, but not the websocket calls. The websocket connections are working and the app is sending and receiving messages correctly, but I'd like to be able to see the messages to monitor this part of the application. Any thoughts would be great. Thank you.

guennole
Top achievements
Rank 1
commented on 05 Feb 2018, 11:07 PM

Hi,

 

I got the exact same problem and I have not been able to find a solution.

Regarding the context, I am using a virtual machine on Azure and I am trying to monitor the websockets of a software I made. I can't see any. The HTTP/HTTPS trafic is well displayed.

guennole
Top achievements
Rank 1
commented on 05 Feb 2018, 11:13 PM

I have been trying both fiddler 4.5 and 5
Ar
Top achievements
Rank 1
commented on 12 Apr 2018, 05:26 PM

same here

no websocket tab

is there any workaround or solution?

Simeon
Telerik team
commented on 24 Apr 2018, 02:36 PM

Hello,

I am able to capture WebSocket traffic from this echo service: https://websocket.org/echo.html. Please, let me know if this is the case for you, as well.

Regards,
Simeon
Progress Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Dr.YSG
Top achievements
Rank 2
commented on 04 Jul 2018, 08:20 PM

I also do not see the websocket icon, so I cannot add the tab. But I know that the traffic is flowing (localhost to localhost
Simeon
Telerik team
commented on 06 Jul 2018, 11:38 AM

Hello Yechezkal,

Could you, please, provide me with steps how to reproduce the problem. If you can provide me with a (demo) app, which uses WebSockets, and you are unable to capture its traffic with Fiddler, that would be great.

It seems that this issue is affecting many users, so we really need to reproduce it in order to solve it.

Regards,
Simeon
Progress Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Dr.YSG
Top achievements
Rank 2
commented on 06 Jul 2018, 01:36 PM

Can you wait a few days? I would like to help, but I have a slightly more urgent requirement to meet.
Simeon
Telerik team
commented on 06 Jul 2018, 03:05 PM

Thank you! I will wait. Do not worry :)
Dr.YSG
Top achievements
Rank 2
commented on 06 Jul 2018, 07:40 PM

My situation might be a bit odd. I have two C++ programs I wrote using NanoMSG. If they are on the same machine. One a client and the other a server. If I do ws://localhost:2018 then there seems to be an IPC short-circuit so I am not surprised that Fiddler does not see that.

So I put the second on a VPN connected machine. Now I can get the packets via RawCap.exe (yes this is all windows 10, with the latest 5.0.2 Fiddler). I am going to attach the rawcap output which you can look at in wireshark.I changed the extension from .pcap to .jpg so that I could attach it.

Of course, now I have two interfaces, and this uses the xecond one (The TAP connector). So maybe that is the problem I am having with Fiddler.

 

D:\>ipconfig/all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : YSG4206
   Primary Dns Suffix  . . . . . . . : xxx
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : xxx

Ethernet adapter Ethernet 3:

   Connection-specific DNS Suffix  . : x
   Description . . . . . . . . . . . : Killer E2200 Gigabit Ethernet Controller
   Physical Address. . . . . . . . . : F8-B1-56-FF-8B-36
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.4.30.239(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.254.0
   Lease Obtained. . . . . . . . . . : Thursday, July 5, 2018 4:09:07 PM
   Lease Expires . . . . . . . . . . : Friday, July 6, 2018 10:15:23 PM
   Default Gateway . . . . . . . . . : 10.4.31.254
   DHCP Server . . . . . . . . . . . : 140.102.100.111
   DNS Servers . . . . . . . . . . . : 10.10.20.11
                                       10.10.20.12
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP Adapter OAS NDIS 6.0
   Physical Address. . . . . . . . . : 00-FF-91-E7-8A-38
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 172.27.225.77(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Enabled

D:\>



















 

 

Simeon
Telerik team
commented on 24 Jul 2018, 12:30 PM

Hi Yechezkal,

Sorry for the late response and thank you for your time and effort to provide us with the RawCap output. I examined the traffic and I realized that I need some more information before I can reproduce the issue.

Firstly, I would like to explain in general how a WebSocket Connection is established via an HTTP proxy like Fiddler to make sure that we are all on the same page. 

When the client is configured to use an HTTP proxy and it wants to establish a WebSocket connection with a server, firstly it opens a TCP connection to the proxy and sends an HTTP CONNECT request to the proxy. The request contains the hostname and the port of the server. Then the proxy opens a TCP connection to the server on the specified port. After this, the proxy responds to the client with 200 Connection established and it keeps both TCP connections (to the client and the server) open. Now the proxy is expected to forward the bits flowing in these TCP connections which creates a tunnel between the client and the server.

Now the client knows that it can communicate with the server and it sends HTTP GET request with a Connection:Upgrade and Upgrade: websocket headers and the server responds with HTTP 101 status code which means that they have just upgraded to the WebSocket protocol. Please, note that I am purposely skipping the WebSocket handshake requirements to keep this post focused.

In your pcap file I could not find the HTTP CONNECT request from the client to the proxy. Then I remembered that RawCap can sniff only one network interface at a given time and I realized that you were sniffing your Ethernet network interface. However, your client app and Fiddler communicate on the Loopback pseudo-network interface, which I believe you did not sniff in this pcap file.

Could you, please, make another sniff, this time on the loopback interface. Could you, please, also let me know if you see a "Tunnel to" session in Fiddler for the WebSocket connection. If there is no such session most probably your client is not configured to use the system proxy (WinINET) which Fiddler sets by default. It is possible that your client goes direct to the server or it could use a SOCKS proxy which Fiddler currently does not support.

You could examine the pcap to check if there is any communication between the client and Fiddler. You can add this to your C# FiddlerScript:
[BindUIColumn("Client port")]
public static string FillClientPortColumn(Session session)
{
    return session.clientPort.ToString();
}

Which will make a 'Client port' column in the Fiddler's Session list and you will be able to get the port which your app uses to communicate with Fiddler. Then in the pcap file look for packets with that port as destination or source port and 8888 (the default Fiddler listen port) as the source/destination port.

And finally, if you could provide us with some demo app and server and source code to reproduce the issue this would be great.

Regards,
Simeon
Progress Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Pankaj
Top achievements
Rank 1
commented on 26 Nov 2018, 04:55 PM

I'm also facing the same problem. Fiddler is not able to capture Websocket traffic..
Alexander
Telerik team
commented on 29 Nov 2018, 06:40 AM

Hi Pankaj,

Is your app's traffic going through Fiddler? This can be easily checked by checking if there is normal HTTP/S traffic showing up. If yes - could you, please, attach a sample SAZ file where you made some WS traffic and it didn't show up?

Regards,
Alexander
Progress Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items

3 Answers, 1 is accepted

Sort by
0
Simeon
Telerik team
answered on 08 Nov 2017, 12:31 PM
Hello,

In order to see the WebSocket messages, you should double-click on the WebSocket session in the Web Session list of Fiddler. The WebSocket tab will appear. For more information, please, read the WebSockets section of What's New in Fiddler 4.5 page.

Regards,
Simeon
Progress Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Eric
Top achievements
Rank 1
commented on 08 Nov 2017, 01:49 PM

The problem is there is no WebSocket message to double-click. The ws prefix calls are not showing in Fiddler. I've read the What's New page and all of the examples show WebSocket messages that have an http or https prefix, not a ws prefix. Any idea how I get the ws prefix WebSocket messages to show in the list?
Simeon
Telerik team
commented on 27 Nov 2017, 02:56 PM

Hello Eric,

Sorry for the late replay, could you please, elaborate on what is your network setup and the proxy settings for each client and server. 

Regards,
Simeon
Progress Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Eric
Top achievements
Rank 1
commented on 27 Nov 2017, 08:10 PM

Simeon,

How is this related to what I'm asking? What kind of network setup are you asking for? What kind of network configuration would keep Fiddler from seeing the ws prefixed messages? Can you see ws prefixed communications in your version or configuration of Fiddler? I'm just not sure it's supported. Can you let me know if it's supported?

Simeon
Telerik team
commented on 06 Dec 2017, 03:04 PM

Eric,

This is relevant to what you are asking because you claim that you do not see the WebSocket session in Fiddler. I asked for the network setup to understand if Fiddler is a proxy between the two sides which upgrade their HTTP connection into WebSocket connection. If Fiddler is not a proxy for the side which requests the upgrade, it will not be able to see the WebSocket traffic because it will be circumventing it.

Correct me if I am wrong, but I suppose that you expect to see a session in the Fiddler's session list whose protocol is WS. However, Fiddler does not read the protocol from the URI scheme but from the start line. Because the WebSocket connection is an HTTP upgrade you will always see the WebSocket's session protocol to be HTTP or HTTPS.

I hope that this answers your question.

Regards,
Simeon
Progress Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
sum1saw
Top achievements
Rank 1
commented on 18 Aug 2020, 11:11 AM

Hi Simeon,

Via Fiddler 5 i was able to view websockets request but can you please provide solution how to compose a same websocket request or export same Websocket request to a curl request.

Simeon
Telerik team
commented on 21 Aug 2020, 01:32 PM

Hi Divik,

You can compose a WebSocket request the same way you can compose any other HTTP request with the Composer. You can drag and drop the WebSocket request session, which Fiddler captured, from the Session list to the Composer tab.

You can also export the session to a cURL Script which is basicaly a bat file with the curl command which produces the same request.

Please, note that both the compose and the export handle only the upgrade to websocket request message. You cannot compose or export any messages sent on the WebSocket connection. Both Fiddler and curl are not designed for this. However, with Fiddler once you capture a WebSocket connection, you can modify the messages with the FiddlerScript by adding a OnWebSocketMessage function to it.

// ...

class Handlers
{
    static function OnWebSocketMessage(oMsg: WebSocketMessage) {
        // Conditionally modify message content
        var sPayload = oMsg.PayloadAsString();
        if (sPayload.Contains("time")) {
            oMsg.SetPayload(sPayload + "... bazinga!");
        }
        // FiddlerApplication.Log.LogString(oMsg.ToString());
    }

// ...

Regards,
Simeon
Progress Telerik

Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.

sum1saw
Top achievements
Rank 1
commented on 23 Aug 2020, 03:56 PM

Hi Simeon,

Thanks, One more query I'm unable to intercept a Particular request via android emulator using Fiddler same If i try to intercept via SMSniff I'm able to. Please Check Attached snapshot or request.

Shiraz
Top achievements
Rank 1
commented on 25 Aug 2020, 01:30 PM

I don't see the websocket tab even though I have web socket traffic captured. I've attached a screenshot

Here are the details of the version of Fiddler that I'm using:

v5.0.20202.18177 for .NET 4.6.1
Built: 14 April 2020

64-bit AMD64, VM: 196.0mb, WS: 263

I wanted to attached the session data as a .saz file but only images are supported on the forum.
Eric R | Senior Technical Support Engineer
Telerik team
commented on 26 Aug 2020, 04:44 PM

Hi Shiraz,

When a WebSocket session is captured the icon next to the session number will be different than a HTTP/S session. To quickly test capturing Web Sockets use https://www.websocket.org/echo.html. For additional reference, see the attached video walkthrough as well. 

Please give this a try and let us know if you experience any additional issues. Thank you.

Regards,


Eric R | Senior Technical Support Engineer
Progress Telerik

Five days of Blazor, Angular, React, and Xamarin experts live-coding on twitch.tv/CodeItLive , special prizes and more, for FREE?! Register now for DevReach 2.0(20).

Shiraz
Top achievements
Rank 1
commented on 25 Oct 2020, 10:07 PM

Thanks for the info, and sorry for taking so long to respond. I think my issue is down to filtering: I connect to "ws://127.0.0.1:8081/" but it's not in my list of shown hosts, which is currently just "localhost:3000;" - I guess I just need to add the other port number for it to be included.
0
Colin
Top achievements
Rank 1
answered on 08 Feb 2019, 03:29 PM

One thing that hasn't been mentioned - in the fiddler options dialog, make sure that the "Parse WebSocket Messages" options is checked under the "Performance" tab.

I had the same problem - WS connections appeared in the session inspector, were marked as WS and showed the http 101 response, but the web socket inspector didn't open on double clicking the session, Setting the check, closing and reopening Fiddler seemed to solve the problem (you might have to try double clicking a few times, first click didn't seem to work - maybe because there were no messages from the socket?)

The "Parse WebSocket Messages" is documented in the fiddler book, under Fiddler Options Performance Tab.

 

 

 

 

Carina
Top achievements
Rank 1
commented on 05 May 2019, 09:10 AM

Hi Colin,

Seems capturing  WebSocket works on your fiddler. Could you please share how you configured and got it work? :)

By searching the solutions, find someone says add several lines code in Fiddler script, a WebSocket tab will appear next to Timeline tab. But I don't find new tab shows after adding codes. No WebSocket session is captured. I think the code doesn't work. 

The code added: 

static function OnWebSocketMessage(oMsg: WebSocketMessage) {
// Log Message to the LOG tab
FiddlerApplication.Log.LogString(oMsg.ToString());
}

That may be the reason why I don't see the "Parse WebSocket Messages" options under the "Performance" tab.

Colin
Top achievements
Rank 1
commented on 06 May 2019, 08:10 AM

Hi Carina,

I've just tested capturing WebSocket traffic in Fiddler on a new installation and it's working fine. Here's what I did:

- Make sure "Parse WebSocket Messages" is checked in Fiddler Options -> Performance.

- With capture enabled, navigate to http://websocket.org/echo.html (to prevent problems due to https, make sure you've really loaded the page over http - you should see a security warning somewhere, in chrome in the address bar. If you load the page over https you can change manually change the web socket location to use ws instead of wss, but the browser will probably refuse to connect over ws - with Chrome in the console you will see a warning about trying to initiate an insecure connection from a page loaded over https.)

- Click on the connect button for default location ws://echo.websocket.org. The request should appear in Fiddler's sessions list, but note that at this point double clicking the ws session did not open the inspector tab for me.)

- Click on the Send button to send the default message "Rock it with HTML5 WebSocket"

- Go to Fiddler and double click on the ws session (there will still only be one session open.) At this point the WebSocket session tab opens showing details of all the messages sent over the socket.

Tested with Fiddler v5.0.20182.28034 on Windows 10 using Chrome Canary. Fiddler book has some pretty good information on capturing Web Sockets and is highly recommended - make sure you have at least v 2.03 (the Performance Tab for example is not described in v4.01 of the book.) 

 

 

Colin
Top achievements
Rank 1
commented on 06 May 2019, 08:14 AM

One thing I forgot to include in my last message - if you just want to capture websocket sessions, it shouldn't be necessary to modify fiddler script. If you don't see the "Parse WebSocket Messages" option, make sure you have the latest version of Fiddler.
Simeon
Telerik team
commented on 08 May 2019, 02:02 PM

Hi Colin,

As a token of gratitude for the feedback you shared with us, I added some Telerik points to your account.

Regards,
Simeon
Progress Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Carina
Top achievements
Rank 1
commented on 28 May 2019, 07:49 AM

Hi Colin,

Thanks for your reply and the detailed steps, and sorry for the late response. I tried the steps in your post, indeed Websocket for web can be captured, and I captured Websocket of my company's production, also web end. BTW, is there any chance you happen to know how to capture WS of mobile APP? Though my developer colleague has developed a tool to capture WS from the APP, I still want to find if there is a way to do that via fiddler. :D

 

Thanks,

Carina

Colin
Top achievements
Rank 1
commented on 29 May 2019, 08:06 AM

Hi Carina,

 

Good to hear you got the WebSocket capture working.

In principal capturing connections from an app is fairly simple, although it will depend on having a common wi-fi connection for your mobile device and the PC running fiddler. Steps to do this on Android are (iOS should be similar, but I haven't tried it):

  1. In Fiddler options, tab Connections, make sure "Allow remote computers to connect" is checked. You may need to restart Fiddler. Note the port being used by Fiddler - default is 8888. You can disable capturing in Fiddler - the mobile device will send its requests directly to Fiddler.
  2. Find the IP address of Fiddler. You can get this by clicking the "Online" button in the tool bar, or typing "about:network" in the QuickExec box. Note the IP address being used by the wi-fi network.
  3. In the mobile device, go to Settings -> Wi-fi, select the current wi-fi connection, and choose the option to modify connection. Enable Advanced Options, select Manual proxy, and fill in the IP address of Fiddler as host, and the port being used by fiddler. Save changes and you're set.
  4. Go to Chrome and load any page. You should see the requests appearing in Fiddler. 

That's it, now all network requests from the mobile device should go through fiddler. Remember to disable the proxy in you wi-fi settings when you finish testing!

Colin

 

Carina
Top achievements
Rank 1
commented on 29 May 2019, 08:47 AM

Hi Colin,

Thanks for your quick reply. You are so helpful ;)

Yes I can capture requests from browser/application on mobile, but I don't find the way to capture Websocket from my company's software, can capture HTTP/S, but no Websocket in session list. If you know how to capture Websocket of software, that would be great.

Colin
Top achievements
Rank 1
commented on 29 May 2019, 09:22 AM

OK, I've just tried with the websocket.org echo page:
http://websocket.org/echo.html

and it works as with the browser - I can see the ws session in the session list, and on sending a message to the socket the WebSocket tab appears in the inspector.

Can you see WebSocket sessions on connecting to http://websocket.org/echo? Does you application use secure wss protocol? (I haven't been able to trace wss connections from the mobile device, probably due to a problem with certificates.)

Colin

0
Shiraz
Top achievements
Rank 1
answered on 25 Oct 2020, 10:14 PM

Confirmed! When filter is set to "localhost:3000;127.0.0.1:8081;" and turned on I can see websocket traffic.

Thanks!

Shiraz
Top achievements
Rank 1
commented on 25 Oct 2020, 10:20 PM

Sorry, me again!

It can be confusing to users that the WebSocket tab is only shown after the first successful connection, and it remains once it is shown. Also the protocol is shown as HTTP (or HTTPS) rather than WS (or WSS)

Tags
Windows
Asked by
Eric
Top achievements
Rank 1
Answers by
Simeon
Telerik team
Colin
Top achievements
Rank 1
Shiraz
Top achievements
Rank 1
Share this question
or