Hi guys
We use ninitepro which runs in the background and updates applications like Chrome/Adobe etc on our computers. Since it doesn't have an active window I can't see what it is connecting to via Fiddler and I'm trying to figure out how to enable scanning of background processes so Fiddler will pick it up.
Thanks
Gerry
10 Answers, 1 is accepted
Hi Gerry,
When Fiddler launches it opens under the current user and configures their proxy settings. If the process is being ran under a different user then you can edit the machine.config file and add the defaultProxy settings as described in the Capturing Traffic from .NET Services with Fiddler blog post.
Please give this a try and let me know the results. Thank you and I look forward to your reply.
Regards,
Eric R | Technical Support Engineer
Progress Telerik
Rank 1
Hi Eric
Thanks for the reply - I tried this however it didn't work.
ninite.exe ran in the background again without being tracked by Fiddler. I changed the .config file as per the blog article. I wasn't able to find the services or the Test Studio app so I restarted the PC and tested it that way but no joy.
Thanks
Gerry
Rank 1
Hi Eric
For clarity - I'm trying to monitor those processes that run under SYSTEM account as shown in the details tab of Task Manager.
Thanks
Gerry
Hi Gerry,
I am not entirely familiar with Ninite. However, it appears that their Security Measures have specifically configured their connection which may be blocking Fiddler from seeing the traffic. This can be don with things like Certificate Pinning. I recommend reaching out to Ninite and seeing if Fiddler is able to inspect the sessions. Alternatively, you could try something more robust like WireShark Process Attribution.
I hope this helps. Please let me know if you need any additional information. Thank you for using the Fiddler Forums.
Regards,
Eric R | Technical Support Engineer
Progress Telerik
Rank 1
Hi Eric
Thanks for the message and update. When I run Ninite manually Fiddler can see the traffic just not when it runs in the background. There are other processes that run in the background under the local system account and Fiddler can't see or report on this traffic either. Any reason by background processes are not captured?
Thanks
Gerry
Hi Gerry,
Background Processes should be captured as long as Fiddler knows which Process to look for. It could be that when Ninite is run as a service it spawns a new background process which isn't being picked up by Fiddler because its being ran as a Service Account. I recommend configuring Fiddler to Capture From a Different Account. For example, to point all WinHTTP traffic to fiddler use the following command:
netsh winhttp set proxy 127.0.0.1:8888
I hope this helps. Please let me know if you have any additional questions. Thank you.
Regards,
Eric R | Technical Support Engineer
Progress Telerik
Rank 1
Hi Eric
Thanks - is there a way to tell Fiddler what process to look at specifically?
Thanks
Gerry
Hi Gerry,
Unfortunately, because I suspect Ninite is spawning an alternate process under a different account it wouldn't be known before hand. The only option configuring Fiddler to Capture from a Different Account, capture all traffic and Filter it out by Process Id. Note that the Process Id could change on each run depending on how Ninite has built their application logic. Filtering the traffic by Process Id can be accomplished in different ways. The Specific Traffic Is Missing documentation shows different approaches.
Additionally, per Ninite's Security documentation they are using TLS for all communication which means that Fiddler will also need to decrypt the traffic. You can try performing the following steps but it is likely that Certificate Pinning is in use which will mean that the traffic cannot be decrypted and will bypass Fiddler. There would be no workaround in such a case as this is a security measure and is outside of Fiddler's control.
Step 1. Open Fiddler
Step 2. Enable Traffic Decryption
Step 3. Configure the machine.config file as specified in the Capturing .NET Services documentation.
Step 4. Configure WinHTTP to point to Fiddler as specified in the Configure a WinHTTP Application documentation.
Please let me know if you need any additional information. Thank you.
Regards,
Eric R | Technical Support Engineer
Progress Telerik
Rank 1
Hi Eric
Thanks for that. We also have monitoring software (connectwise automate) and remote support software (connectwise control) processes that I'm also looking to monitor with fiddler - they all run under the local system account. I presume the same applies?
Thanks
Gerry
Hi Gerry,
You are correct. The same caveats would apply for any application. Although, from my understanding there is no Debugging of sessions going on here and it appears that a Network Monitoring tool would work better for these scenarios. There is a great tool, WhatsUp Gold that is a better choice. Alternatively, WireShark is also suitable. However, these would fall outside of Fiddler Support.
Please let me know if you have any additional questions. Thank you.
Regards,
Eric R | Technical Support Engineer
Progress Telerik