Fiddler not showing websocket protocol using ws prefix

27 posts, 0 answers
  1. Eric
    Eric avatar
    4 posts
    Member since:
    Sep 2009

    Posted 31 Oct 2017 Link to this post

    I use fiddler to review many of the http and https communications from our application. We have a websocket implementation connected to a phoenix/elixir server using the ws prefix. So our url looks like ws://{ip}:4000/socket/websocket. None of the communications from our application to this end point are visible in Fiddler. I can see any and all http and https traffic we're doing, but not the websocket calls. The websocket connections are working and the app is sending and receiving messages correctly, but I'd like to be able to see the messages to monitor this part of the application. Any thoughts would be great. Thank you.

  2. Simeon
    Admin
    Simeon avatar
    234 posts

    Posted 08 Nov 2017 Link to this post

    Hello,

    In order to see the WebSocket messages, you should double-click on the WebSocket session in the Web Session list of Fiddler. The WebSocket tab will appear. For more information, please, read the WebSockets section of What's New in Fiddler 4.5 page.

    Regards,
    Simeon
    Progress Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  3. Eric
    Eric avatar
    4 posts
    Member since:
    Sep 2009

    Posted 08 Nov 2017 in reply to Simeon Link to this post

    The problem is there is no WebSocket message to double-click. The ws prefix calls are not showing in Fiddler. I've read the What's New page and all of the examples show WebSocket messages that have an http or https prefix, not a ws prefix. Any idea how I get the ws prefix WebSocket messages to show in the list?
  4. Simeon
    Admin
    Simeon avatar
    234 posts

    Posted 27 Nov 2017 Link to this post

    Hello Eric,

    Sorry for the late replay, could you please, elaborate on what is your network setup and the proxy settings for each client and server. 

    Regards,
    Simeon
    Progress Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  5. Eric
    Eric avatar
    4 posts
    Member since:
    Sep 2009

    Posted 27 Nov 2017 in reply to Simeon Link to this post

    Simeon,

    How is this related to what I'm asking? What kind of network setup are you asking for? What kind of network configuration would keep Fiddler from seeing the ws prefixed messages? Can you see ws prefixed communications in your version or configuration of Fiddler? I'm just not sure it's supported. Can you let me know if it's supported?

  6. Simeon
    Admin
    Simeon avatar
    234 posts

    Posted 06 Dec 2017 Link to this post

    Eric,

    This is relevant to what you are asking because you claim that you do not see the WebSocket session in Fiddler. I asked for the network setup to understand if Fiddler is a proxy between the two sides which upgrade their HTTP connection into WebSocket connection. If Fiddler is not a proxy for the side which requests the upgrade, it will not be able to see the WebSocket traffic because it will be circumventing it.

    Correct me if I am wrong, but I suppose that you expect to see a session in the Fiddler's session list whose protocol is WS. However, Fiddler does not read the protocol from the URI scheme but from the start line. Because the WebSocket connection is an HTTP upgrade you will always see the WebSocket's session protocol to be HTTP or HTTPS.

    I hope that this answers your question.

    Regards,
    Simeon
    Progress Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  7. guennole
    guennole avatar
    2 posts
    Member since:
    Feb 2018

    Posted 05 Feb 2018 Link to this post

    Hi,

     

    I got the exact same problem and I have not been able to find a solution.

    Regarding the context, I am using a virtual machine on Azure and I am trying to monitor the websockets of a software I made. I can't see any. The HTTP/HTTPS trafic is well displayed.

  8. guennole
    guennole avatar
    2 posts
    Member since:
    Feb 2018

    Posted 05 Feb 2018 in reply to guennole Link to this post

    I have been trying both fiddler 4.5 and 5
  9. Ar
    Ar avatar
    1 posts
    Member since:
    May 2011

    Posted 12 Apr 2018 Link to this post

    same here

    no websocket tab

    is there any workaround or solution?

  10. Simeon
    Admin
    Simeon avatar
    234 posts

    Posted 24 Apr 2018 Link to this post

    Hello,

    I am able to capture WebSocket traffic from this echo service: https://websocket.org/echo.html. Please, let me know if this is the case for you, as well.

    Regards,
    Simeon
    Progress Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  11. Dr.YSG
    Dr.YSG avatar
    213 posts
    Member since:
    Dec 2009

    Posted 04 Jul 2018 in reply to Simeon Link to this post

    I also do not see the websocket icon, so I cannot add the tab. But I know that the traffic is flowing (localhost to localhost
  12. Simeon
    Admin
    Simeon avatar
    234 posts

    Posted 06 Jul 2018 Link to this post

    Hello Yechezkal,

    Could you, please, provide me with steps how to reproduce the problem. If you can provide me with a (demo) app, which uses WebSockets, and you are unable to capture its traffic with Fiddler, that would be great.

    It seems that this issue is affecting many users, so we really need to reproduce it in order to solve it.

    Regards,
    Simeon
    Progress Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  13. Dr.YSG
    Dr.YSG avatar
    213 posts
    Member since:
    Dec 2009

    Posted 06 Jul 2018 in reply to Simeon Link to this post

    Can you wait a few days? I would like to help, but I have a slightly more urgent requirement to meet.
  14. Simeon
    Admin
    Simeon avatar
    234 posts

    Posted 06 Jul 2018 Link to this post

    Thank you! I will wait. Do not worry :)
  15. Dr.YSG
    Dr.YSG avatar
    213 posts
    Member since:
    Dec 2009

    Posted 06 Jul 2018 Link to this post

    My situation might be a bit odd. I have two C++ programs I wrote using NanoMSG. If they are on the same machine. One a client and the other a server. If I do ws://localhost:2018 then there seems to be an IPC short-circuit so I am not surprised that Fiddler does not see that.

    So I put the second on a VPN connected machine. Now I can get the packets via RawCap.exe (yes this is all windows 10, with the latest 5.0.2 Fiddler). I am going to attach the rawcap output which you can look at in wireshark.I changed the extension from .pcap to .jpg so that I could attach it.

    Of course, now I have two interfaces, and this uses the xecond one (The TAP connector). So maybe that is the problem I am having with Fiddler.

     

    D:\>ipconfig/all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : YSG4206
       Primary Dns Suffix  . . . . . . . : xxx
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : xxx

    Ethernet adapter Ethernet 3:

       Connection-specific DNS Suffix  . : x
       Description . . . . . . . . . . . : Killer E2200 Gigabit Ethernet Controller
       Physical Address. . . . . . . . . : F8-B1-56-FF-8B-36
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 10.4.30.239(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.254.0
       Lease Obtained. . . . . . . . . . : Thursday, July 5, 2018 4:09:07 PM
       Lease Expires . . . . . . . . . . : Friday, July 6, 2018 10:15:23 PM
       Default Gateway . . . . . . . . . : 10.4.31.254
       DHCP Server . . . . . . . . . . . : 140.102.100.111
       DNS Servers . . . . . . . . . . . : 10.10.20.11
                                           10.10.20.12
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter Ethernet:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : TAP Adapter OAS NDIS 6.0
       Physical Address. . . . . . . . . : 00-FF-91-E7-8A-38
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 172.27.225.77(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . :
       NetBIOS over Tcpip. . . . . . . . : Enabled

    D:\>



















     

     

  16. Simeon
    Admin
    Simeon avatar
    234 posts

    Posted 24 Jul 2018 Link to this post

    Hi Yechezkal,

    Sorry for the late response and thank you for your time and effort to provide us with the RawCap output. I examined the traffic and I realized that I need some more information before I can reproduce the issue.

    Firstly, I would like to explain in general how a WebSocket Connection is established via an HTTP proxy like Fiddler to make sure that we are all on the same page. 

    When the client is configured to use an HTTP proxy and it wants to establish a WebSocket connection with a server, firstly it opens a TCP connection to the proxy and sends an HTTP CONNECT request to the proxy. The request contains the hostname and the port of the server. Then the proxy opens a TCP connection to the server on the specified port. After this, the proxy responds to the client with 200 Connection established and it keeps both TCP connections (to the client and the server) open. Now the proxy is expected to forward the bits flowing in these TCP connections which creates a tunnel between the client and the server.

    Now the client knows that it can communicate with the server and it sends HTTP GET request with a Connection:Upgrade and Upgrade: websocket headers and the server responds with HTTP 101 status code which means that they have just upgraded to the WebSocket protocol. Please, note that I am purposely skipping the WebSocket handshake requirements to keep this post focused.

    In your pcap file I could not find the HTTP CONNECT request from the client to the proxy. Then I remembered that RawCap can sniff only one network interface at a given time and I realized that you were sniffing your Ethernet network interface. However, your client app and Fiddler communicate on the Loopback pseudo-network interface, which I believe you did not sniff in this pcap file.

    Could you, please, make another sniff, this time on the loopback interface. Could you, please, also let me know if you see a "Tunnel to" session in Fiddler for the WebSocket connection. If there is no such session most probably your client is not configured to use the system proxy (WinINET) which Fiddler sets by default. It is possible that your client goes direct to the server or it could use a SOCKS proxy which Fiddler currently does not support.

    You could examine the pcap to check if there is any communication between the client and Fiddler. You can add this to your C# FiddlerScript:
    [BindUIColumn("Client port")]
    public static string FillClientPortColumn(Session session)
    {
        return session.clientPort.ToString();
    }

    Which will make a 'Client port' column in the Fiddler's Session list and you will be able to get the port which your app uses to communicate with Fiddler. Then in the pcap file look for packets with that port as destination or source port and 8888 (the default Fiddler listen port) as the source/destination port.

    And finally, if you could provide us with some demo app and server and source code to reproduce the issue this would be great.

    Regards,
    Simeon
    Progress Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  17. Pankaj
    Pankaj avatar
    1 posts
    Member since:
    Nov 2018

    Posted 26 Nov 2018 Link to this post

    I'm also facing the same problem. Fiddler is not able to capture Websocket traffic..
  18. Alexander
    Admin
    Alexander avatar
    383 posts

    Posted 29 Nov 2018 Link to this post

    Hi Pankaj,

    Is your app's traffic going through Fiddler? This can be easily checked by checking if there is normal HTTP/S traffic showing up. If yes - could you, please, attach a sample SAZ file where you made some WS traffic and it didn't show up?

    Regards,
    Alexander
    Progress Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  19. Colin
    Colin avatar
    5 posts
    Member since:
    Feb 2019

    Posted 08 Feb Link to this post

    One thing that hasn't been mentioned - in the fiddler options dialog, make sure that the "Parse WebSocket Messages" options is checked under the "Performance" tab.

    I had the same problem - WS connections appeared in the session inspector, were marked as WS and showed the http 101 response, but the web socket inspector didn't open on double clicking the session, Setting the check, closing and reopening Fiddler seemed to solve the problem (you might have to try double clicking a few times, first click didn't seem to work - maybe because there were no messages from the socket?)

    The "Parse WebSocket Messages" is documented in the fiddler book, under Fiddler Options Performance Tab.

     

     

     

     

  20. Carina
    Carina avatar
    3 posts
    Member since:
    May 2019

    Posted 05 May in reply to Colin Link to this post

    Hi Colin,

    Seems capturing  WebSocket works on your fiddler. Could you please share how you configured and got it work? :)

    By searching the solutions, find someone says add several lines code in Fiddler script, a WebSocket tab will appear next to Timeline tab. But I don't find new tab shows after adding codes. No WebSocket session is captured. I think the code doesn't work. 

    The code added: 

    static function OnWebSocketMessage(oMsg: WebSocketMessage) {
    // Log Message to the LOG tab
    FiddlerApplication.Log.LogString(oMsg.ToString());
    }

    That may be the reason why I don't see the "Parse WebSocket Messages" options under the "Performance" tab.

  21. Colin
    Colin avatar
    5 posts
    Member since:
    Feb 2019

    Posted 06 May in reply to Carina Link to this post

    Hi Carina,

    I've just tested capturing WebSocket traffic in Fiddler on a new installation and it's working fine. Here's what I did:

    - Make sure "Parse WebSocket Messages" is checked in Fiddler Options -> Performance.

    - With capture enabled, navigate to http://websocket.org/echo.html (to prevent problems due to https, make sure you've really loaded the page over http - you should see a security warning somewhere, in chrome in the address bar. If you load the page over https you can change manually change the web socket location to use ws instead of wss, but the browser will probably refuse to connect over ws - with Chrome in the console you will see a warning about trying to initiate an insecure connection from a page loaded over https.)

    - Click on the connect button for default location ws://echo.websocket.org. The request should appear in Fiddler's sessions list, but note that at this point double clicking the ws session did not open the inspector tab for me.)

    - Click on the Send button to send the default message "Rock it with HTML5 WebSocket"

    - Go to Fiddler and double click on the ws session (there will still only be one session open.) At this point the WebSocket session tab opens showing details of all the messages sent over the socket.

    Tested with Fiddler v5.0.20182.28034 on Windows 10 using Chrome Canary. Fiddler book has some pretty good information on capturing Web Sockets and is highly recommended - make sure you have at least v 2.03 (the Performance Tab for example is not described in v4.01 of the book.) 

     

     

  22. Colin
    Colin avatar
    5 posts
    Member since:
    Feb 2019

    Posted 06 May in reply to Colin Link to this post

    One thing I forgot to include in my last message - if you just want to capture websocket sessions, it shouldn't be necessary to modify fiddler script. If you don't see the "Parse WebSocket Messages" option, make sure you have the latest version of Fiddler.
  23. Simeon
    Admin
    Simeon avatar
    234 posts

    Posted 08 May Link to this post

    Hi Colin,

    As a token of gratitude for the feedback you shared with us, I added some Telerik points to your account.

    Regards,
    Simeon
    Progress Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  24. Carina
    Carina avatar
    3 posts
    Member since:
    May 2019

    Posted 28 May in reply to Colin Link to this post

    Hi Colin,

    Thanks for your reply and the detailed steps, and sorry for the late response. I tried the steps in your post, indeed Websocket for web can be captured, and I captured Websocket of my company's production, also web end. BTW, is there any chance you happen to know how to capture WS of mobile APP? Though my developer colleague has developed a tool to capture WS from the APP, I still want to find if there is a way to do that via fiddler. :D

     

    Thanks,

    Carina

  25. Colin
    Colin avatar
    5 posts
    Member since:
    Feb 2019

    Posted 29 May in reply to Carina Link to this post

    Hi Carina,

     

    Good to hear you got the WebSocket capture working.

    In principal capturing connections from an app is fairly simple, although it will depend on having a common wi-fi connection for your mobile device and the PC running fiddler. Steps to do this on Android are (iOS should be similar, but I haven't tried it):

    1. In Fiddler options, tab Connections, make sure "Allow remote computers to connect" is checked. You may need to restart Fiddler. Note the port being used by Fiddler - default is 8888. You can disable capturing in Fiddler - the mobile device will send its requests directly to Fiddler.
    2. Find the IP address of Fiddler. You can get this by clicking the "Online" button in the tool bar, or typing "about:network" in the QuickExec box. Note the IP address being used by the wi-fi network.
    3. In the mobile device, go to Settings -> Wi-fi, select the current wi-fi connection, and choose the option to modify connection. Enable Advanced Options, select Manual proxy, and fill in the IP address of Fiddler as host, and the port being used by fiddler. Save changes and you're set.
    4. Go to Chrome and load any page. You should see the requests appearing in Fiddler. 

    That's it, now all network requests from the mobile device should go through fiddler. Remember to disable the proxy in you wi-fi settings when you finish testing!

    Colin

     

  26. Carina
    Carina avatar
    3 posts
    Member since:
    May 2019

    Posted 29 May in reply to Colin Link to this post

    Hi Colin,

    Thanks for your quick reply. You are so helpful ;)

    Yes I can capture requests from browser/application on mobile, but I don't find the way to capture Websocket from my company's software, can capture HTTP/S, but no Websocket in session list. If you know how to capture Websocket of software, that would be great.

  27. Colin
    Colin avatar
    5 posts
    Member since:
    Feb 2019

    Posted 29 May in reply to Carina Link to this post

    OK, I've just tried with the websocket.org echo page:
    http://websocket.org/echo.html

    and it works as with the browser - I can see the ws session in the session list, and on sending a message to the socket the WebSocket tab appears in the inspector.

    Can you see WebSocket sessions on connecting to http://websocket.org/echo? Does you application use secure wss protocol? (I haven't been able to trace wss connections from the mobile device, probably due to a problem with certificates.)

    Colin

Back to Top