Error:
[Fiddler] The connection to '<the site>.com' failed.
System.Security.SecurityException Failed to negotiate HTTPS connection with server.fiddler.network.https> HTTPS handshake to <the site>.com (for #3) failed. System.IO.IOException Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. < An existing connection was forcibly closed by the remote host
I can hit fine in web browser. I do see it is rather strong SSL (FireFox reports it as TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 256 bit keys, TLS 1.2)
Why isn't Fiddler able to make this connection?
Seems that your client didn't try to connect via 1.2
Check: Tools > Fiddler Options > HTTPS
It's set to <client>;ssl3;tls1.0
Add "tls1.2" to the protocols list
Edit:
Refer to the image below for where to find the option:
Related
I'm currently connected to a local proxy 127.0.0.1:5034 using a socket, and through it I send a connect request to another external proxy server by using:
CONNECT 192.168.1.2:5043 HTTP/1.1
Host:192.168.1.2
After that I receive The following message:
HTTP/1.1 200 OK
But the problem is after that, when I try to end my connection with the remote proxy by this:
Connection: close
it seems like even the local proxy 127.0.0.1:5034 is closed and causing a socket error, I've searched for some time to find a way to end just the connect request but can't seem to find it.
Is there a way to close the connection just for the remote proxy and keep the local proxy connection alive?
No, this is impossible. By design, CONNECT transforms the HTTP/1.1 connection into a tunnel, and requests inside that tunnel are opaque to 127.0.0.1:5034: it merely forwards bytes back and forth until the tunnel is closed. RFC 7231 § 4.3.6 says (emphasis mine):
A tunnel is closed when a tunnel intermediary detects that either
side has closed its connection: the intermediary MUST attempt to send
any outstanding data that came from the closed side to the other
side, close both connections, and then discard any remaining data
left undelivered.
Good day
I'm completely new to ejabber. I have installed ejabber on debian (on virtual machine) but when I tried to check it with localhost (http://localhost:5280/admin) mozilla responded with the announcement "the connection was interrupted". I checked logs of ejabber and it had multiple lines of accepting connection on port 5280.
2018-06-02 14:27:50.526 [info] <0.491.0>#ejabberd_listener:accept:333 (#Port<0.12507>) Accepted connection ::1:32948 -> ::1:5280
2018-06-02 14:27:50.534 [info] <0.635.0>#ejabberd_http:init:163 started: {fast_tls,{tlssock,#Port<0.12507>,#Port<0.12508>}}
What is the reason of it and how could I get past this issue?
You have configured ejabberd to use TLS on port 5280 (see: tlssock in your logs), but you are using plain HTTP when trying to connect to it (http://localhost:5280).
You should use HTTPS to connect to it, assuming your cert is properly configured in ejabberd.
My bluemix securegateway client installed on linux , gives an error as :
[2017-10-03 04:08:05.791] [DEBUG] (Client ID 16583) The Secure Gateway client will fetch its configuration from https://sgmanager.ng.bluemix.net/sgconfig/[masked]
[2017-10-03 04:09:08.882] [ERROR] (Client ID 16583) The response is code: ETIMEDOUT, message: connect
This was working earlier , but suddenly stopped connecting.
Does the client use curl to get to the above configuration url ?
The SG Client doesn't use curl specifically, but it does make an HTTPS request to sgmanager.ng.bluemix.net as part of the initial connection process. Following this request, a second HTTPS request is made to cap-sg-prd-#.integration.ibmcloud.com:9000 where # is 1-5 depending on the details of your specific gateway.
ETIMEDOUT is typically caused by something like a firewall blocking your requests, so you could use something like telnet to confirm your connectivity. A successful connection should be similar to:
telnet sgmanager.ng.bluemix.net 443
Trying 169.54.245.68...
Connected to ng.bluemix.net.
Escape character is '^]'.
and
telnet cap-sg-prd-1.integration.ibmcloud.com 9000
Trying 169.55.54.176...
Connected to cap-sg-prd-1.integration.ibmcloud.com.
Escape character is '^]'.
I'm new to RADIUS, servers, and the like. There doesn't seem to be that much documentation on FreeRadius, and I need to get FreeRadius server (3.0.8) running RADSEC for test purposes.
I moved etc/raddb/sites-available/tls to etc/raddb/sites-enabled/ in order to enable "RADSEC".
Questions:
I understand that I need to have a server certificate as well as a public key. I am wondering on if I could get a fake certificate/key just for testing.
Also I'm not sure how I can test the actual server, there's the radtest command (I've been trying to run radtest -P tcp -x testing password 127.0.0.1:2083 10 testing123 but it's returns:
... new connection request on TCP socket
Listening on auth+acct from client (127.0.0.1, 40542) -> (*, 2083, virtual-server=default)
Waking up in 0.4 seconds.
(0) Initiating new EAP-TLS session
(0) Setting verify mode to require certificate from client
(0) Non-TLS data sent to TLS socket: closing
Closing TLS socket from client port 40542
Client has closed connection
... shutting down socket auth+acct from client (127.0.0.1, 40542) -> (*, 2083, virtual-server=default)
Waking up in 2.9 seconds.
... cleaning up socket auth+acct from client (127.0.0.1, 40542) -> (*, 2083, virtual-server=default)
Ready to process requests
Do I need to set up another server as a client so that they can perform the TLS negotiation? And once I do that, how do I get that server to communicate with this RADSEC server?
radtest is attempting a non TLS connect to the server. And thats the reason you are seeing that the server disconnects the connection immediately.
You can explore radsecproxy. It supports TLS (RadSec), as well as RADIUS over TCP. So it can happen as intermediary for the non TLS client and TLS server.
I have been trying to set Fiddler as a Reverse Proxy, I've been following these instructions, but I just don't understand the point 3.
Option #1: Configure Fiddler as a Reverse-Proxy
Fiddler can be configured so that any traffic sent to http://127.0.0.1:8888 is automatically sent to a different port on the same machine. To set this configuration:
Start REGEDIT
Create a new DWORD named ReverseProxyForPort inside HKCU\SOFTWARE\Microsoft\Fiddler2.
Set the DWORD to the local port you'd like to re-route inbound traffic to (generally port 80 for a standard HTTP server)
Restart Fiddler
Navigate your browser to http://127.0.0.1:8888
How can I set the DWORD to the local port??? Sorry Im novice in network connections, please hope some good fellaw could explain step by step how can I do that. Do I have to do it inside Fiddler? Do I have to do it in windows? Im using windows8.1
PD: I know Im missing that step, cuz after doing steps 4 and 5 I get this message in the browser: "[Fiddler] The connection to '127.0.0.1' failed.
Error: ConnectionRefused (0x274d).
System.Net.Sockets.SocketException No connection could be made because the target machine actively refused it 127.0.0.1:8888"
EDIT>
When I set on fiddler>Fiddler Options>Connections>Fiddler listens on port: 8888
I get the same message, but instead of 127.0.0.1:8888 now I get 127.0.0.1:80
[Fiddler] The connection to 'localhost' failed.
Error: ConnectionRefused (0x274d).
System.Net.Sockets.SocketException No connection could be made because the target machine actively refused it 127.0.0.1:80
I have notice that in fiddler set reverse proxy page, it says...
Configure Fiddler as Reverse Proxy:
To use this method, the hostname for the request to reroute must be 127.0.0.1:8888, localhost:8888, [::1]:8888, or the machine's NETBIOS hostname on port 8888.
Is perhaps that why I can't get it to work? how can I set my machine NETBIOS hostname on port 8888?
I had the same issue... this fixed it...
In the menu click 'Tools' >> 'Fiddler options' >> 'Connections'
Find out the port number
Use the port number noted here instead! e.g. http://127.0.0.1:[port number]
Let's step back a bit. Why specifically are you trying to run Fiddler as a Reverse Proxy? What service are you trying to pass traffic into (e.g. IIS?) What port did you move that service to? What is the exact (original) URL of the traffic you're trying to collect?
You don't need to mess with the registry if you're going to write FiddlerScript.