Fiddler4 doesn't capture HTTPs traffic on Windows 10

20 posts, 0 answers
  1. Kevin
    Kevin avatar
    2 posts
    Member since:
    Dec 2015

    Posted 09 Dec 2015 Link to this post

    I just installed the latest Fiddler4 on Windows 10 and enabled HTTPS decrypt, but no HTTPS traffic is captured.

    Anything to do with firewall or cert? Thanks.

  2. Eric Lawrence
    Admin
    Eric Lawrence avatar
    832 posts

    Posted 09 Dec 2015 Link to this post

    Hi, Kevin--

    Nothing to fear-- many folks use Fiddler with Windows 10 every day, so there's something interesting wrong in your config. Can you have a look at the questions here and reply with your answers here?

    Thanks!
    Eric Lawrence
    Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  3. Kevin
    Kevin avatar
    2 posts
    Member since:
    Dec 2015

    Posted 09 Dec 2015 in reply to Eric Lawrence Link to this post

    Hi, Eric,

    Thanks much for prompt reply. Fiddler captures localhost traffic just fine. Just that it doesn't captures HTTPs traffic to: https://pipe.int.trafficmanager.net/. I am using a native app on Windows 10. Not sure something to do with Proxy server or not and I am in corpnet behind the firewall.

    -Kevin 

     

  4. Eric Lawrence
    Admin
    Eric Lawrence avatar
    832 posts

    Posted 10 Dec 2015 Link to this post

    Hi, Kevin--

       1. On Fiddler’s Help menu, click Troubleshoot... and load the client. Does any traffic appear in Fiddler?
       2. Do you see HTTPS traffic from your browser to any secure host?
     
    Regards,
    Eric Lawrence
    Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  5. john
    john avatar
    1 posts
    Member since:
    May 2016

    Posted 10 May 2016 in reply to Eric Lawrence Link to this post

    https://www.microsoft.com/en-au/dynamics/crm-sales.aspx

    this page gives errors and wants a proxy

  6. Lee
    Lee avatar
    5 posts
    Member since:
    Jan 2018

    Posted 05 Jan 2018 in reply to Eric Lawrence Link to this post

    Hi Eric,  I'm having the same problem as Kevin. 

    1. When I click Help->Troubleshoot I still do not see any https traffic from my UWP app.  
    2. When I navigate to the exact same SSL enabled URL via a website I do see the traffic

    Furthermore if I navigate to the URL without HTTPS in my UWP app the traffic shows up.  And if I request a URL from the local loopback address it shows up in Fiddler. 

    In other words it seems to be a problem specific to UWP and HTTPS.  I know this is an old thread, but I thought it might be more appropriate than starting a new one.  Is there any updated information on this issue in the last two years?

     

    Thanks,
    Lee

  7. Lee
    Lee avatar
    5 posts
    Member since:
    Jan 2018

    Posted 05 Jan 2018 in reply to Lee Link to this post

    p.s. I'm on Fiddler 5.0.20073.50948
  8. Lee
    Lee avatar
    5 posts
    Member since:
    Jan 2018

    Posted 05 Jan 2018 in reply to Lee Link to this post

    p.s. I'm on Fiddler v5.0.20173.50948
  9. Lee
    Lee avatar
    5 posts
    Member since:
    Jan 2018

    Posted 08 Jan 2018 Link to this post

    I got a little more information on this issue.  The problem (SSL traffic not showing up in Fiddler for UWP apps) happens when I use Windows.Web.Http.HttpClient, but everything works perfectly when I use System.Net.Http.HttpClient.  Is this a known issue?  Are there any workarounds?
  10. Lee
    Lee avatar
    5 posts
    Member since:
    Jan 2018

    Posted 09 Jan 2018 Link to this post

    Finally figured it out.  Feeling a little dumb here, but wanted to follow up and hopefully help someone else out.  The problem for me was that Windows.Web.Http.HttpClient caches pretty aggressively by default, and it just wan't make subsequent requests to an https address that it's hit before.  The solution for me as like:

     

    ````

         using (var filter = new HttpBaseProtocolFilter())
         {
             filter.CacheControl.ReadBehavior = HttpCacheReadBehavior.NoCache;
             var httpClient = new Windows.Web.Http.HttpClient(filter);

    ````

  11. Yannick
    Yannick avatar
    2 posts
    Member since:
    Jan 2018

    Posted 14 Jan 2018 Link to this post

    @EricLaw Fiddler v5.0.20173.50948 has the WinConfig button still and I 'enabled' (checked) all AppComponents + enabled capturing HTTPS. However none of the traffic of Microsoft Power BI Desktop is showing up. I am trying to troubleshoot the API calls sent to Google BigQuery as there are many open issues that neither Microsoft or Google want to acknowledge. So I need facts and thought Fiddler could help.

    Would appreciate it if you could give it a try. PBI Desktop is free, as is the use of BigQuery (1TB/month - you can test with any public dataset)

  12. Simeon
    Admin
    Simeon avatar
    195 posts

    Posted 15 Jan 2018 Link to this post

    Hi,

    Please, make sure that the Power BI Desktop proxy settings point to Fiddler. For more information about how to configure the Power BI Desktop proxy settings, please refer to the following link: https://docs.microsoft.com/en-us/power-bi/service-gateway-proxy

    Regards,
    Simeon
    Progress Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  13. Mark
    Mark avatar
    1 posts
    Member since:
    Jan 2018

    Posted 17 Jan 2018 in reply to Simeon Link to this post

    I have a windows 10 OEM device with fiddler2 on it running v5.0.20173.50948. Two weeks ago I was able to capture both http and https traffic from my iPhone. Using the same two devices, it no longer collects https traffic. Http is fine. I redownload and installed the cert, decrypt https traffic and capture https is enabled. The connection is not through our company network. I checked and proxy is on address is http:127.0.0.1:8888;https:127.0.0.1:8888. Very odd. I do see http traffic from my phone.
  14. Yannick
    Yannick avatar
    2 posts
    Member since:
    Jan 2018

    Posted 17 Jan 2018 in reply to Simeon Link to this post

    @Simeon. You are mixing the desktop standalone product with the gateway that allows the Power BI service (in the cloud) to connect and import from sources which are on-premise. The gateway has nothing to do here.

     

    It is the Power BI Desktop software which is used to build dashboard (like Tableau, Qlik) that is at stake. It uses the proxy of WinInet like other (Microsoft) apps. One cannot change the proxy as it uses the default of Windows/IE.

     

  15. Simeon
    Admin
    Simeon avatar
    195 posts

    Posted 24 Jan 2018 Link to this post

    Hi Yannick,

    Sorry for the late reply. According to this discussion https://community.powerbi.com/t5/Integrations-with-Files-and/PBI-Desktop-connect-to-Azure-via-Proxy/td-p/301510 it seems that Power BI Desktop is not proxy aware. However, there are some proposed solutions regarding this issue. Maybe you could try them in order to redirect the traffic to Fiddler. Unfortunately, configuring Power BI Desktop is out of my competence and I am unable to help you further.

    Regards,
    Simeon
    Progress Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  16. Joe
    Joe avatar
    3 posts
    Member since:
    Mar 2018

    Posted 22 Mar 2018 Link to this post

    I'm using version v5.0.20181.14850 for .NET 4.6.1
    Built: Tuesday, March 20, 2018

    I am finding that if I only check to capture HTTPS it doesn't capture HTTPS.  But if I check to capture and decrypt, it will capture and decrypt.  But if I turn off decrypt, it will no longer capture (even with capture still checked).  Of course I have to restart Fiddler between each of those configuration changes as the UI mentions.

     


  17. Simeon
    Admin
    Simeon avatar
    195 posts

    Posted 23 Mar 2018 Link to this post

    Hi Joe,

    I tried to reproduce the behavior of Fiddler, not capturing the HTTP CONNECT requests, but I couldn't. So I would need some more information.

    Firstly, let me clarify what the "Capture HTTPS CONNECTs" and the "Decrypt HTTPS traffic" options do. When Fiddler starts, it changes the system proxy for each protocol (HTTP, HTTPS, FTP) settings to 127.0.0.1:8888 by default. And the "Capture HTTPS CONNECTs" option controls whether Fiddler registers as the system proxy for the secure traffic. With this in mind, it is clear that all applications, which use the system proxy settings (the browsers by default), will make HTTP CONNECT requests to Fiddler, in order to make SSL connection with the server. And when there is no system proxy for the HTTPS protocol (the "Capture HTTPS CONNECTs" option is off), the applications will send SSL client handshakes straight to the server.

    And the "Decrypt HTTPS traffic" option makes Fiddler to perform Man-In-The-Middle attack in the tunnel requested with the HTTP CONNECT message.

    So, could you please, make sure that, when the "Capture HTTPS CONNECTs" option is checked, after restart of Fiddler and it is running, it has registered as the system secure proxy. You could check this by typing "Configure proxy server" into the Windows' taskbar search textbox and pressing enter. Then click on the "LAN settings" button. The "Use a proxy server for your LAN" option should be checked. Click the "Advanced" button and observe if you have a proxy address and port set for the "Secure" type in the "Proxy Settings" window.

    If the proxy settings are correct and you still do not see HTTP CONNECT messages in Fiddler, it is possible that there is a filter applied. The first one which comes to my mind is the "Hide CONNECTs" in the "Rules" menu of Fiddler. Make sure this one is not checked.

    Regards,
    Simeon
    Progress Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  18. Joe
    Joe avatar
    3 posts
    Member since:
    Mar 2018

    Posted 23 Mar 2018 in reply to Simeon Link to this post

    My proxy settings (including Secure) have been set.  See the attached image named ProxySettingsAfterFiddlerHasStarted.png.

    Perhaps this is working but I am mistaking what I am seeing.  See the attached image named HTTPSSession.png.  I see a session labeled as HTTP not HTTPS.  Why would it now show the session as HTTPS?

    When I turn on decryption I see an additional session labeled as HTTPS that contains my HTTPS request.

  19. Joe
    Joe avatar
    3 posts
    Member since:
    Mar 2018

    Posted 23 Mar 2018 in reply to Joe Link to this post

    Also, I notice that additional HTTPS requests to the server do not appear in the list.
  20. Simeon
    Admin
    Simeon avatar
    195 posts

    Posted 23 Mar 2018 Link to this post

    Hi,

    I see a session labeled as HTTP not HTTPS.  Why would it now show the session as HTTPS?
    The HTTP CONNECT is just a HTTP request send to the proxy (Fiddler) itself. The CONNECT method tells the proxy that the client wants to establish a connection with a given host. When the proxy establishes TCP connection with the host, it returns '200 Connection Established' response to the client and the client and the proxy keep the TCP connection between them opened. Now the client knows that whatever it sends into the TCP connection with the proxy, it will be forwarded to the host, and whatever it receives from the TCP connection it originates from the host. Of course, the first thing the client and the host do is to make a SSL handshake in order to negotiate how to encrypt the data. After this, the proxy is no longer able to read the data because it is encrypted. However, because the tunnel is already established, the proxy knows that it only have to forward the data between the client and the host. If there was no tunnel established, when the proxy receives an encrypted HTTP request it won't be able to read the HTTP header and will have no idea what to do with the request. This is the main reason the HTTP CONNECT was invented - to tell the proxy where to forward the encrypted data.

    I hope that now it is clear why the HTTP CONNECT request cannot be HTTPS indeed.

    Also, I notice that additional HTTPS requests to the server do not appear in the list.
    Could you, please, elaborate on this. What HTTPS requests you expect to see in the Fiddler's session list. Is Fiddler set as secure proxy for the originator of these requests? If so, do you see the HTTP CONNECTs for these HTTPS requests? Please, also confirm that there are no filters applied in Fiddler for these requests.

    Regards,
    Simeon
    Progress Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Back to Top