Fiddler4 doesn't capture HTTPs traffic on Windows 10

4 Answers 8013 Views
Windows
Kevin
Top achievements
Rank 1
Kevin asked on 09 Dec 2015, 06:34 AM

I just installed the latest Fiddler4 on Windows 10 and enabled HTTPS decrypt, but no HTTPS traffic is captured.

Anything to do with firewall or cert? Thanks.

Eric Lawrence
Telerik team
commented on 09 Dec 2015, 05:49 PM

Hi, Kevin--

Nothing to fear-- many folks use Fiddler with Windows 10 every day, so there's something interesting wrong in your config. Can you have a look at the questions here and reply with your answers here?

Thanks!
Eric Lawrence
Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Kevin
Top achievements
Rank 1
commented on 10 Dec 2015, 12:20 AM

Hi, Eric,

Thanks much for prompt reply. Fiddler captures localhost traffic just fine. Just that it doesn't captures HTTPs traffic to: https://pipe.int.trafficmanager.net/. I am using a native app on Windows 10. Not sure something to do with Proxy server or not and I am in corpnet behind the firewall.

-Kevin 

 

Eric Lawrence
Telerik team
commented on 10 Dec 2015, 07:18 PM

Hi, Kevin--

   1. On Fiddler’s Help menu, click Troubleshoot... and load the client. Does any traffic appear in Fiddler?
   2. Do you see HTTPS traffic from your browser to any secure host?
 
Regards,
Eric Lawrence
Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
john
Top achievements
Rank 1
commented on 10 May 2016, 09:57 PM

https://www.microsoft.com/en-au/dynamics/crm-sales.aspx

this page gives errors and wants a proxy

Lee
Top achievements
Rank 1
commented on 05 Jan 2018, 08:33 PM

Hi Eric,  I'm having the same problem as Kevin. 

1. When I click Help->Troubleshoot I still do not see any https traffic from my UWP app.  
2. When I navigate to the exact same SSL enabled URL via a website I do see the traffic

Furthermore if I navigate to the URL without HTTPS in my UWP app the traffic shows up.  And if I request a URL from the local loopback address it shows up in Fiddler. 

In other words it seems to be a problem specific to UWP and HTTPS.  I know this is an old thread, but I thought it might be more appropriate than starting a new one.  Is there any updated information on this issue in the last two years?

 

Thanks,
Lee

Lee
Top achievements
Rank 1
commented on 05 Jan 2018, 08:35 PM

p.s. I'm on Fiddler 5.0.20073.50948
Lee
Top achievements
Rank 1
commented on 05 Jan 2018, 08:36 PM

p.s. I'm on Fiddler v5.0.20173.50948
Lee
Top achievements
Rank 1
commented on 08 Jan 2018, 04:09 PM

I got a little more information on this issue.  The problem (SSL traffic not showing up in Fiddler for UWP apps) happens when I use Windows.Web.Http.HttpClient, but everything works perfectly when I use System.Net.Http.HttpClient.  Is this a known issue?  Are there any workarounds?
Yannick
Top achievements
Rank 1
commented on 14 Jan 2018, 03:25 PM

@EricLaw Fiddler v5.0.20173.50948 has the WinConfig button still and I 'enabled' (checked) all AppComponents + enabled capturing HTTPS. However none of the traffic of Microsoft Power BI Desktop is showing up. I am trying to troubleshoot the API calls sent to Google BigQuery as there are many open issues that neither Microsoft or Google want to acknowledge. So I need facts and thought Fiddler could help.

Would appreciate it if you could give it a try. PBI Desktop is free, as is the use of BigQuery (1TB/month - you can test with any public dataset)

Mark
Top achievements
Rank 1
commented on 17 Jan 2018, 06:05 PM

I have a windows 10 OEM device with fiddler2 on it running v5.0.20173.50948. Two weeks ago I was able to capture both http and https traffic from my iPhone. Using the same two devices, it no longer collects https traffic. Http is fine. I redownload and installed the cert, decrypt https traffic and capture https is enabled. The connection is not through our company network. I checked and proxy is on address is http:127.0.0.1:8888;https:127.0.0.1:8888. Very odd. I do see http traffic from my phone.

4 Answers, 1 is accepted

Sort by
0
Lee
Top achievements
Rank 1
answered on 09 Jan 2018, 06:56 PM

Finally figured it out.  Feeling a little dumb here, but wanted to follow up and hopefully help someone else out.  The problem for me was that Windows.Web.Http.HttpClient caches pretty aggressively by default, and it just wan't make subsequent requests to an https address that it's hit before.  The solution for me as like:

 

````

     using (var filter = new HttpBaseProtocolFilter())
     {
         filter.CacheControl.ReadBehavior = HttpCacheReadBehavior.NoCache;
         var httpClient = new Windows.Web.Http.HttpClient(filter);

````

0
Simeon
Telerik team
answered on 15 Jan 2018, 05:32 PM
Hi,

Please, make sure that the Power BI Desktop proxy settings point to Fiddler. For more information about how to configure the Power BI Desktop proxy settings, please refer to the following link: https://docs.microsoft.com/en-us/power-bi/service-gateway-proxy

Regards,
Simeon
Progress Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Yannick
Top achievements
Rank 1
commented on 17 Jan 2018, 07:23 PM

@Simeon. You are mixing the desktop standalone product with the gateway that allows the Power BI service (in the cloud) to connect and import from sources which are on-premise. The gateway has nothing to do here.

 

It is the Power BI Desktop software which is used to build dashboard (like Tableau, Qlik) that is at stake. It uses the proxy of WinInet like other (Microsoft) apps. One cannot change the proxy as it uses the default of Windows/IE.

 

Simeon
Telerik team
commented on 24 Jan 2018, 03:52 PM

Hi Yannick,

Sorry for the late reply. According to this discussion https://community.powerbi.com/t5/Integrations-with-Files-and/PBI-Desktop-connect-to-Azure-via-Proxy/td-p/301510 it seems that Power BI Desktop is not proxy aware. However, there are some proposed solutions regarding this issue. Maybe you could try them in order to redirect the traffic to Fiddler. Unfortunately, configuring Power BI Desktop is out of my competence and I am unable to help you further.

Regards,
Simeon
Progress Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
0
Joe
Top achievements
Rank 1
answered on 22 Mar 2018, 07:10 PM

I'm using version v5.0.20181.14850 for .NET 4.6.1
Built: Tuesday, March 20, 2018

I am finding that if I only check to capture HTTPS it doesn't capture HTTPS.  But if I check to capture and decrypt, it will capture and decrypt.  But if I turn off decrypt, it will no longer capture (even with capture still checked).  Of course I have to restart Fiddler between each of those configuration changes as the UI mentions.

 


Simeon
Telerik team
commented on 23 Mar 2018, 09:58 AM

Hi Joe,

I tried to reproduce the behavior of Fiddler, not capturing the HTTP CONNECT requests, but I couldn't. So I would need some more information.

Firstly, let me clarify what the "Capture HTTPS CONNECTs" and the "Decrypt HTTPS traffic" options do. When Fiddler starts, it changes the system proxy for each protocol (HTTP, HTTPS, FTP) settings to 127.0.0.1:8888 by default. And the "Capture HTTPS CONNECTs" option controls whether Fiddler registers as the system proxy for the secure traffic. With this in mind, it is clear that all applications, which use the system proxy settings (the browsers by default), will make HTTP CONNECT requests to Fiddler, in order to make SSL connection with the server. And when there is no system proxy for the HTTPS protocol (the "Capture HTTPS CONNECTs" option is off), the applications will send SSL client handshakes straight to the server.

And the "Decrypt HTTPS traffic" option makes Fiddler to perform Man-In-The-Middle attack in the tunnel requested with the HTTP CONNECT message.

So, could you please, make sure that, when the "Capture HTTPS CONNECTs" option is checked, after restart of Fiddler and it is running, it has registered as the system secure proxy. You could check this by typing "Configure proxy server" into the Windows' taskbar search textbox and pressing enter. Then click on the "LAN settings" button. The "Use a proxy server for your LAN" option should be checked. Click the "Advanced" button and observe if you have a proxy address and port set for the "Secure" type in the "Proxy Settings" window.

If the proxy settings are correct and you still do not see HTTP CONNECT messages in Fiddler, it is possible that there is a filter applied. The first one which comes to my mind is the "Hide CONNECTs" in the "Rules" menu of Fiddler. Make sure this one is not checked.

Regards,
Simeon
Progress Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Joe
Top achievements
Rank 1
commented on 23 Mar 2018, 11:16 AM

My proxy settings (including Secure) have been set.  See the attached image named ProxySettingsAfterFiddlerHasStarted.png.

Perhaps this is working but I am mistaking what I am seeing.  See the attached image named HTTPSSession.png.  I see a session labeled as HTTP not HTTPS.  Why would it now show the session as HTTPS?

When I turn on decryption I see an additional session labeled as HTTPS that contains my HTTPS request.

Joe
Top achievements
Rank 1
commented on 23 Mar 2018, 11:23 AM

Also, I notice that additional HTTPS requests to the server do not appear in the list.
Simeon
Telerik team
commented on 23 Mar 2018, 01:31 PM

Hi,

I see a session labeled as HTTP not HTTPS.  Why would it now show the session as HTTPS?
The HTTP CONNECT is just a HTTP request send to the proxy (Fiddler) itself. The CONNECT method tells the proxy that the client wants to establish a connection with a given host. When the proxy establishes TCP connection with the host, it returns '200 Connection Established' response to the client and the client and the proxy keep the TCP connection between them opened. Now the client knows that whatever it sends into the TCP connection with the proxy, it will be forwarded to the host, and whatever it receives from the TCP connection it originates from the host. Of course, the first thing the client and the host do is to make a SSL handshake in order to negotiate how to encrypt the data. After this, the proxy is no longer able to read the data because it is encrypted. However, because the tunnel is already established, the proxy knows that it only have to forward the data between the client and the host. If there was no tunnel established, when the proxy receives an encrypted HTTP request it won't be able to read the HTTP header and will have no idea what to do with the request. This is the main reason the HTTP CONNECT was invented - to tell the proxy where to forward the encrypted data.

I hope that now it is clear why the HTTP CONNECT request cannot be HTTPS indeed.

Also, I notice that additional HTTPS requests to the server do not appear in the list.
Could you, please, elaborate on this. What HTTPS requests you expect to see in the Fiddler's session list. Is Fiddler set as secure proxy for the originator of these requests? If so, do you see the HTTP CONNECTs for these HTTPS requests? Please, also confirm that there are no filters applied in Fiddler for these requests.

Regards,
Simeon
Progress Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
0
Issac
Top achievements
Rank 1
answered on 25 Nov 2019, 06:29 AM

Hi,

I'm having trouble to capture all my traffic in Windows 10. The version I installed is v5.0.20194.41348 for .NET 4.6.1. I have tried all the settings recommend on this forum but it still not capturing any traffic. I have run the troubleshoot and able to capture the traffic. I hope someone could help me on this. My company itself are using some filtering pac and I don't know whether it will affect the Fiddler capturing traffic or not. 

 

Warm regards
Issac

 


Eric R | Senior Technical Support Engineer
Telerik team
commented on 27 Nov 2019, 11:09 PM

Hi Issac,

This most likely has something to do with the PAC filter used by your company. Essentially, that is a scripted proxy controlled by your company. I recommend working with your company and confirming if Fiddler can be Chained to the Upstream Proxy.

I hope this helps. Please let me know if you need any additional information. Thank you for using the Fiddler Forums.

Regards,


Eric R | Technical Support Engineer
Progress Telerik

Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Tags
Windows
Asked by
Kevin
Top achievements
Rank 1
Answers by
Lee
Top achievements
Rank 1
Simeon
Telerik team
Joe
Top achievements
Rank 1
Issac
Top achievements
Rank 1
Share this question
or