Fiddler not showing websocket protocol using ws prefix

16 posts, 0 answers
  1. Eric
    Eric avatar
    4 posts
    Member since:
    Sep 2009

    Posted 31 Oct 2017 Link to this post

    I use fiddler to review many of the http and https communications from our application. We have a websocket implementation connected to a phoenix/elixir server using the ws prefix. So our url looks like ws://{ip}:4000/socket/websocket. None of the communications from our application to this end point are visible in Fiddler. I can see any and all http and https traffic we're doing, but not the websocket calls. The websocket connections are working and the app is sending and receiving messages correctly, but I'd like to be able to see the messages to monitor this part of the application. Any thoughts would be great. Thank you.

  2. Simeon
    Admin
    Simeon avatar
    116 posts

    Posted 08 Nov 2017 Link to this post

    Hello,

    In order to see the WebSocket messages, you should double-click on the WebSocket session in the Web Session list of Fiddler. The WebSocket tab will appear. For more information, please, read the WebSockets section of What's New in Fiddler 4.5 page.

    Regards,
    Simeon
    Progress Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  3. Eric
    Eric avatar
    4 posts
    Member since:
    Sep 2009

    Posted 08 Nov 2017 in reply to Simeon Link to this post

    The problem is there is no WebSocket message to double-click. The ws prefix calls are not showing in Fiddler. I've read the What's New page and all of the examples show WebSocket messages that have an http or https prefix, not a ws prefix. Any idea how I get the ws prefix WebSocket messages to show in the list?
  4. Simeon
    Admin
    Simeon avatar
    116 posts

    Posted 27 Nov 2017 Link to this post

    Hello Eric,

    Sorry for the late replay, could you please, elaborate on what is your network setup and the proxy settings for each client and server. 

    Regards,
    Simeon
    Progress Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  5. Eric
    Eric avatar
    4 posts
    Member since:
    Sep 2009

    Posted 27 Nov 2017 in reply to Simeon Link to this post

    Simeon,

    How is this related to what I'm asking? What kind of network setup are you asking for? What kind of network configuration would keep Fiddler from seeing the ws prefixed messages? Can you see ws prefixed communications in your version or configuration of Fiddler? I'm just not sure it's supported. Can you let me know if it's supported?

  6. Simeon
    Admin
    Simeon avatar
    116 posts

    Posted 06 Dec 2017 Link to this post

    Eric,

    This is relevant to what you are asking because you claim that you do not see the WebSocket session in Fiddler. I asked for the network setup to understand if Fiddler is a proxy between the two sides which upgrade their HTTP connection into WebSocket connection. If Fiddler is not a proxy for the side which requests the upgrade, it will not be able to see the WebSocket traffic because it will be circumventing it.

    Correct me if I am wrong, but I suppose that you expect to see a session in the Fiddler's session list whose protocol is WS. However, Fiddler does not read the protocol from the URI scheme but from the start line. Because the WebSocket connection is an HTTP upgrade you will always see the WebSocket's session protocol to be HTTP or HTTPS.

    I hope that this answers your question.

    Regards,
    Simeon
    Progress Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  7. guennole
    guennole avatar
    2 posts
    Member since:
    Feb 2018

    Posted 05 Feb Link to this post

    Hi,

     

    I got the exact same problem and I have not been able to find a solution.

    Regarding the context, I am using a virtual machine on Azure and I am trying to monitor the websockets of a software I made. I can't see any. The HTTP/HTTPS trafic is well displayed.

  8. guennole
    guennole avatar
    2 posts
    Member since:
    Feb 2018

    Posted 05 Feb in reply to guennole Link to this post

    I have been trying both fiddler 4.5 and 5
  9. Ar
    Ar avatar
    1 posts
    Member since:
    May 2011

    Posted 12 Apr Link to this post

    same here

    no websocket tab

    is there any workaround or solution?

  10. Simeon
    Admin
    Simeon avatar
    116 posts

    Posted 24 Apr Link to this post

    Hello,

    I am able to capture WebSocket traffic from this echo service: https://websocket.org/echo.html. Please, let me know if this is the case for you, as well.

    Regards,
    Simeon
    Progress Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  11. Dr.YSG
    Dr.YSG avatar
    213 posts
    Member since:
    Dec 2009

    Posted 04 Jul in reply to Simeon Link to this post

    I also do not see the websocket icon, so I cannot add the tab. But I know that the traffic is flowing (localhost to localhost
  12. Simeon
    Admin
    Simeon avatar
    116 posts

    Posted 06 Jul Link to this post

    Hello Yechezkal,

    Could you, please, provide me with steps how to reproduce the problem. If you can provide me with a (demo) app, which uses WebSockets, and you are unable to capture its traffic with Fiddler, that would be great.

    It seems that this issue is affecting many users, so we really need to reproduce it in order to solve it.

    Regards,
    Simeon
    Progress Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  13. Dr.YSG
    Dr.YSG avatar
    213 posts
    Member since:
    Dec 2009

    Posted 06 Jul in reply to Simeon Link to this post

    Can you wait a few days? I would like to help, but I have a slightly more urgent requirement to meet.
  14. Simeon
    Admin
    Simeon avatar
    116 posts

    Posted 06 Jul Link to this post

    Thank you! I will wait. Do not worry :)
  15. Dr.YSG
    Dr.YSG avatar
    213 posts
    Member since:
    Dec 2009

    Posted 06 Jul Link to this post

    My situation might be a bit odd. I have two C++ programs I wrote using NanoMSG. If they are on the same machine. One a client and the other a server. If I do ws://localhost:2018 then there seems to be an IPC short-circuit so I am not surprised that Fiddler does not see that.

    So I put the second on a VPN connected machine. Now I can get the packets via RawCap.exe (yes this is all windows 10, with the latest 5.0.2 Fiddler). I am going to attach the rawcap output which you can look at in wireshark.I changed the extension from .pcap to .jpg so that I could attach it.

    Of course, now I have two interfaces, and this uses the xecond one (The TAP connector). So maybe that is the problem I am having with Fiddler.

     

    D:\>ipconfig/all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : YSG4206
       Primary Dns Suffix  . . . . . . . : xxx
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : xxx

    Ethernet adapter Ethernet 3:

       Connection-specific DNS Suffix  . : x
       Description . . . . . . . . . . . : Killer E2200 Gigabit Ethernet Controller
       Physical Address. . . . . . . . . : F8-B1-56-FF-8B-36
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 10.4.30.239(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.254.0
       Lease Obtained. . . . . . . . . . : Thursday, July 5, 2018 4:09:07 PM
       Lease Expires . . . . . . . . . . : Friday, July 6, 2018 10:15:23 PM
       Default Gateway . . . . . . . . . : 10.4.31.254
       DHCP Server . . . . . . . . . . . : 140.102.100.111
       DNS Servers . . . . . . . . . . . : 10.10.20.11
                                           10.10.20.12
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter Ethernet:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : TAP Adapter OAS NDIS 6.0
       Physical Address. . . . . . . . . : 00-FF-91-E7-8A-38
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 172.27.225.77(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . :
       NetBIOS over Tcpip. . . . . . . . : Enabled

    D:\>



















     

     

  16. Simeon
    Admin
    Simeon avatar
    116 posts

    Posted 24 Jul Link to this post

    Hi Yechezkal,

    Sorry for the late response and thank you for your time and effort to provide us with the RawCap output. I examined the traffic and I realized that I need some more information before I can reproduce the issue.

    Firstly, I would like to explain in general how a WebSocket Connection is established via an HTTP proxy like Fiddler to make sure that we are all on the same page. 

    When the client is configured to use an HTTP proxy and it wants to establish a WebSocket connection with a server, firstly it opens a TCP connection to the proxy and sends an HTTP CONNECT request to the proxy. The request contains the hostname and the port of the server. Then the proxy opens a TCP connection to the server on the specified port. After this, the proxy responds to the client with 200 Connection established and it keeps both TCP connections (to the client and the server) open. Now the proxy is expected to forward the bits flowing in these TCP connections which creates a tunnel between the client and the server.

    Now the client knows that it can communicate with the server and it sends HTTP GET request with a Connection:Upgrade and Upgrade: websocket headers and the server responds with HTTP 101 status code which means that they have just upgraded to the WebSocket protocol. Please, note that I am purposely skipping the WebSocket handshake requirements to keep this post focused.

    In your pcap file I could not find the HTTP CONNECT request from the client to the proxy. Then I remembered that RawCap can sniff only one network interface at a given time and I realized that you were sniffing your Ethernet network interface. However, your client app and Fiddler communicate on the Loopback pseudo-network interface, which I believe you did not sniff in this pcap file.

    Could you, please, make another sniff, this time on the loopback interface. Could you, please, also let me know if you see a "Tunnel to" session in Fiddler for the WebSocket connection. If there is no such session most probably your client is not configured to use the system proxy (WinINET) which Fiddler sets by default. It is possible that your client goes direct to the server or it could use a SOCKS proxy which Fiddler currently does not support.

    You could examine the pcap to check if there is any communication between the client and Fiddler. You can add this to your C# FiddlerScript:
    [BindUIColumn("Client port")]
    public static string FillClientPortColumn(Session session)
    {
        return session.clientPort.ToString();
    }

    Which will make a 'Client port' column in the Fiddler's Session list and you will be able to get the port which your app uses to communicate with Fiddler. Then in the pcap file look for packets with that port as destination or source port and 8888 (the default Fiddler listen port) as the source/destination port.

    And finally, if you could provide us with some demo app and server and source code to reproduce the issue this would be great.

    Regards,
    Simeon
    Progress Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Back to Top