Using Fiddler for NodeJS Application

2 posts, 0 answers
  1. Tony
    Tony avatar
    20 posts
    Member since:
    Jul 2015

    Posted 07 Jun 2019 Link to this post

    Hi All,

    I need to reverse engineer HTTPS web requests that a node-JS application is making.  Unfortunately the app hasn't been coded with Proxy support and it does not respect system proxy settings.

    I'd like to redirect all requests for "BuggedDomain" through fiddler and pipe them to 192.168.0.10.

     

    My understanding is that I need to do the following:

    1.  Add this to my host file:

    127.0.0.1 BuggedDomain

    2. Run this command in Fiddler:

    !listen 443 BuggedDomain

    3.

    Add something like this to my Fiddler Script:

    if ((oSession.HostnameIs("buggeddomain")) && (oSession.oRequest.pipeClient.LocalPort == 443) ) 
            {
                oSession.bypassGateway = true;
                oSession["x-overrideHost"] = "192.168.0.10";
                
            }

     

    But i'm not seeing any of the requests from the app show up.

    Any thoughts?

  2.
  3. Simeon
    Admin
    Simeon avatar
    238 posts

    Posted 21 Jun 2019 Link to this post

    Hi Tony,

    I tried to reproduce your issue by using Fiddler as a reverse proxy for a web site dir.bg and opening it from a web browser and I succeeded. I did the following:
    1. Added 127.0.0.1 dir.bg to my hosts file in C:\Windows\System32\drivers\etc
    2. Added this inside the OnBeforeRequest handler:

    • if (oSession.HostnameIs("dir.bg") && oSession.oRequest.pipeClient.LocalPort == 443) {

          oSession["x-overrideHost"] = "194.145.63.12";
      }
    Please, note that I do not need to bypass the gateway. If there are any proxies and firewalls in your organization they will stop Fiddler to forward the request to the server.
    3. From Tools\Options HTTPS I checked the 'Ignore server certificate errors' option - this is because in the FiddlerScript we are overriding the host with an IP address and Fiddler will expect the server to authenticate with a certificate with a Subject CN = "194.145.63.12" but the server is authenticating with a Subject CN = "dir.bg"
    4. Turned off the capturing to make sure that the browser will not use the proxy settings pointing to Fiddler listenning on the 8888 port.
    5. Ran the command !listen 443 dir.bg

    Then when I opened the website from the browser, Fiddler captured the HTTPS session. However, I have to mention that while I was testing I opened the website with Chrome without the setup and I believed that Chrome cached the IP of the site for some time because the session didn't show up. I had to use other browsers.

    So maybe your node-JS app "knows" the IP of the server and does not respect the hosts file as well.

    I hope I was helpful.

    Regards,
    Simeon
    Progress Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Back to Top