How to capture all inbound traffic to IIS

1 Answer 1536 Views
Windows
Jason Rodman
Top achievements
Rank 1
Jason Rodman asked on 30 Jan 2020, 08:24 PM
I have read and tried every flavor I can find on how to make this work, but nothing does. I don't care about traffic leaving my server, on the requests coming into IIS for all sites listening on that server. AND all traffic inbound is SSL so its over port 443. We have nothing bound to port 80 at all. Every example I found only mentions port 80 and I suspect that is why its not working. What are the steps to get this to work on a Windows Datacenter Server 2016 server for request that come from external sources? 

1 Answer, 1 is accepted

Sort by
0
Simeon
Telerik team
answered on 05 Feb 2020, 08:45 AM

Hi Jason,

Sorry for the late response. You need to configure Fiddler to work as a reverse HTTPS proxy for the IIS server. The procedure is described here. I am going to write it here, as well, for your convenience. Here are the steps to achieve this:

  1. Configure the IIS to listen to a new port (e.g. 444)
  2. Inside Tools > Fiddler Options > Connections, tick Allow Remote Clients to Connect. Restart Fiddler.
  3. Inside Fiddler's QuickExec box, type !listen 443 ServerName where ServerName is whatever the server's hostname is; for instance, for https://foobar you would use foobar for the server name.
  4. Inside your FIddlerScript's OnBeforeRequest method , add:

if ((oSession.HostnameIs("foobar")) &&
    (oSession.oRequest.pipeClient.LocalPort == 443) ) 
{
   oSession.host = "foobar:444";
}

The !listen command instructs Fiddler to create a new endpoint that will perform a HTTPS handshake withe the client upon connection and Fiddler will present itself as the foobar server. The default proxy endpoint doesn't do that because when a proxy receives a connection for HTTPS traffic it gets a HTTP CONNECT request instead of a handshake.

One more thing - if you do not want to configure the IIS serve to listen to a different port you can leave it listening on 443 and instead open the new Fiddler endpoint on 444 for example like this: !listen 444 foobar Then in the OnBeforeRequest method if the LocalPort is 444 you have to change the host to "foobar:443". And finally, from your browser you will have to navigate to https://foobar:444 in order to capture the request and response with Fiddler.

Regards,
Simeon
Progress Telerik

Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Jason Rodman
Top achievements
Rank 1
commented on 05 Feb 2020, 02:33 PM

Thank you so much for this, this is much more clear and makes sense. You essentially have fiddler intercepting all traffic as the actual web server and then forwarding to IIS. Pretty cool. I would have never pulled that together from what I had found online. 
Tags
Windows
Asked by
Jason Rodman
Top achievements
Rank 1
Answers by
Simeon
Telerik team
Share this question
or