Fiddler proxy behind load balancer

4 posts, 0 answers
  1. Carlos
    Carlos avatar
    14 posts
    Member since:
    Jan 2019

    Posted 25 Sep 2019 Link to this post

    Hello there.. big fan of fiddler proxy.. for an experiment I want to have 2 or more instances of fiddler running on different servers behind a load balancer.  The issue I have noticed because I'm capturing and decrypting HTTPS traffic every time I point my client to a different instance of fiddler (server), I need to download the root certificate generated for that instance otherwise it doesn't work.  This seems not to be the case always, sometimes I'll put a new instance and everything will just work but other times I need to re-download the certificate.  I've tried to export/import the certificate from one server into the other but couldn't make it work this way either.  Not sure if there is some specific procedure or steps I need to follow or if this is just not possible (not really a certificate expert).  My goal is to be able to setup my client (iPhone) with the certificate from one single server and then if I point to a different server or to a load balancer with N different instances of fiddler proxy have it working without having to install several different certificates for different servers.. I can take the task of installing the instance of fiddler and importing a specific certificate to be used by the instance/server but installing on each client every time is becoming hard to keep up.  Any suggestions?
  2. Eric R | Senior Technical Support Engineer
    Admin
    Eric R | Senior Technical Support Engineer avatar
    396 posts

    Posted 30 Sep 2019 Link to this post

    Hi Carlos,

    In this situation, I would try setting up Fiddler as a Reverse Proxy on the Load-Balancer. This way, the requests and responses would pass through Fiddler to the appropriate downstream Server. See the Use Fiddler as a Reverse Proxy documentation for details on how to do this.

    Please give this a try and let me know the results. Thank you for using the Fiddler Forums.

    Regards,


    Eric R | Technical Support Engineer
    Progress Telerik

    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  3. Carlos
    Carlos avatar
    14 posts
    Member since:
    Jan 2019

    Posted 02 Oct 2019 in reply to Eric R | Senior Technical Support Engineer Link to this post

    Hi Eric,

    Thanks for taking the time to read my post and question.  I'm not sure how reverse-proxy will work.  I'm using the load balancer to split the traffic between different Fiddler Proxy instances. Something like:

     

    Client ==> LB ==> (n) instances of Fiddler Proxy ==> different multiple web sites and apis

     

    Each instance of fiddler proxy has its own root certificate.  I was wondering if there was a way to have all of them working using the same certificate so on the client side I only need to install one and not one for every instance not knowing where the client is going to end.  I hope it's more clear now.

  4. Eric R | Senior Technical Support Engineer
    Admin
    Eric R | Senior Technical Support Engineer avatar
    396 posts

    Posted 04 Oct 2019 Link to this post

    Hi Carlos,

    Thank you for the provided explanation. It does make more sense. Although, it is possible to Export the Root Certificate, it isn't possible to set Fiddler to use a specific Certificate because the Certificate is generated. See the Certificates in Fiddler FAQ blog post for more information.

    With that said, it may work to use Fiddler as a Reverse Proxy which wouldn't require reconfiguring the client application or maintaining multiple instances of Fiddler. This would look like the below.

    Client ==> Fiddler ==> LB ==> Web Sites

    To elaborate more, Fiddler would receive the Request from the Client, capture it, forward the Request to the LB and await a response. The LB then send this off to the web server which would do stuff and respond to the LB. At this pont, the LB passes the Response to Fiddler and Fiddler would capture it then pass the Response to the Client. Using a Reverse Proxy obfuscates the internal workings to the Client which removes the need to configure it. Let me provide the steps to get this to work with an example. 

    Step 1. Start Fiddler on the Load Balancer Machine.

    Step 2. Change Fiddler to Allow Remote Computers to Connection using Tools -> Fiddler Options

    Step 3. Change the Port Fiddler Listens on to Port 80 using Tool -> Fiddler Options -> Connections Tab

    Step 4. Change the Load Balancer to run on Port 81

    Step 5. Because the client is using HTTPS, Fiddler will need an additional network listener to receive HTTPS connections. Use the following QuickExec command to open this up. NOTE: Substitute the Load_Balancer_Server_Name for the actual name of the Server. 

    !listen 443 Load_Balancer_Server_Name 

    Step 6. Add a Custom Rule in the OnBeforeRequest Handler to forward inbound Requests to Port 81. NOTE: Substitute the Load_Balancer_Server_Name for the actual name of the Server.  

    if (oSession.HostnameIs("Load_Balancer_Server_Name")) oSession.host = "Load_Balancer_Server_Name:81";

     Step 7. After the above steps are configured, navigate to the website URL on the client machine.  

    Please let me know if you need any additional information. Thank you. 

    Regards,


    Eric R | Technical Support Engineer
    Progress Telerik

    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Back to Top