Capture HTTPS traffic from VSTO in fiddler - fiddler

I am using an Excel VSTO add-in and I want to capture the HTTPS traffic using Fiddler (v4.5.0.0). The add-in downloads data (reports) from the server into the spreadsheet, it has also a pop-up that allows authentication and selection of the elements of the reports.
I am able to capture and decode traffic from all browsers and I have already imported the cert using Internet Options...
I have set Excel's Trust Centre options to the minimum security allowing as much a I could.
Yet when I enable capturing in Excel, no matter if with or without decoding, the addin does not work, and if I enable it after log in using the VSTO's pop-up it shows me a "connection impossible" error.
Any suggestions?
Thanks

I believe the issue is not related to VSTO because there is no difference between a regular .Net application and VSTO add-ins from the Fiddler point of view. Try to reproduce the issue with a regular .net application and Fiddler.

I have found a (temporary and shabby) workaround:
I try several times enabling and disabling the decrypt option and after a few attempts it works. Note that I had already tried to repeat the request without disabling decryption with no result.
I have also enabled all the SSL and TLS versions supported by Fiddler for good measure.
I will try EmilLaw's suggestion to see what IE says, but for now I am under time pressure as I need to debug a few reports for customers.
Thanks guys for the suggestions!!

Related

Database info not showing when previewing site on mobile?

I have made a simple full stack application that uses a postgreSQL database. When previewing the site on desktop it works fine and is able to retrieve all the information with no problem so long as my backend server is on. I am trying to preview the site on my phone using my IP address followed by the port number and it comes up just fine but only the frontend is displaying on my phone. I am unable to see any information from my backend or database. Does anyone know why that is or how I can fix that to display on my phone (without hosting the site)?
1.Maybe it's just cashing issue.
check your mobile phone browser cash setting.
In general, browsers use caching technology for performance reasons. Caching refers to storing values that you previously requested locally and then reusing old values without using new values when a similar request comes in.
2.Maybe it's a front-end css problem.
If design-related elements such as css are not accurate, problems that cannot be seen on the screen may occur even if server data is imported normally.
3.Or maybe front-end can't get data from the server at all.
In this case, it is necessary to debug the server source, check whether it is sent normally on the screen, and check whether the response is received normally through the network terminal.
After checking the three above, even if you can't solve the problem,
At least you'll know exactly what the problem is.

Office add-in without SSL

I have created a manifest for a Word add-in that refers to a web page that is not secured by https. I get errors in the Word host and can tell Word to temporarily accept this but cannot find how to tell it to ignore the warning on every launch.
It will actually be an issue in the Online versions of Office because the apps themselves are always https, and thus generate mixed content (both http and https) if your app isn't.
Also, it is generally a bad idea to have an unsecured add-in. You're allowing an application to read the documents you're working on, without https you'd never know if you're actually allowing a 'fake add-in' to read all your data and save it somewhere else.
Lastly, the Office store does not allow non-https add-ins at all, so if you're planning in distributing your app through the store you will definitely need SSL.
What are the error that you get in Wordhost? Word does normally not complain when a http:// address is used in a taskpane. Do you maybe have mixed content in the website?

Can I send multiple requests at one time using Fiddler?

Using Fiddler, I want to send multiple requests in one hit, to check the response time from the server, if too many requests are sent at one time. Basically, I want to perform a, kind of, load testing on my service. Is there any way to perform this action? I want to repeat the process of hitting the server, again and again.
In Fiddler, you can repeat a request as many times as you like by hitting SHIFT+R on the selected Web Session. You'll be prompted for a repeat count and then Fiddler will issue the specified number of requests.
Caveat: Having said that, generally speaking, you'd want to use a tool like Telerik Test Studio's Load Test tool for a task like this. Alternatively, you could use Fiddler's Export architecture to generate a script for VS WebTest or Microsoft's free WCAT tool and use those tools to generate the load. You can then run these scripts on multiple machines from multiple networks and generate a more-realistic set of load than you could by simply running on a single client.
I've been load testing with StresStimulus today. Overall, I'm quite impressed.
It's now a standalone application (it used to be a fiddler extension). There's a 7 day free trial which allows up to 50 virtual users. Also, the setup wizard is great for beginners.
For basic load testing the trial should be fine. Consider upgrading for extensive/professional use.

Apple iCal's "Delegation" tab -- disabled checkboxes?

I am trying to access a CalDAV account in iCal and everything works fine except for the Delegation tab. I can see the account(s) I have access to (including the correct read/write properties), but the checkboxes are disabled and the calendars cannot be selected. Has anyone seen this before & know what the cause is?
This is a custom CalDAV implementation, so it is likely due to a disconnect between what iCal expects and what our server is sending -- but there are no error/warning messages in the console to indicate what the problem might be.
Any advice would be appreciated.
iCal queries the permissions and methods available on the server. To query the permissions on a collection resource you will need to have the DAV::read-current-user-privilege-set permission. Assuming iCal can read the permissions it will be looking for the DAV::read permission for reading and the DAV::bind, DAV::unbind and DAV::write permissions to indicate the ability to write.
The best way to debug this is probably to read RFC3744 about half a dozen times, interspersed with using iCal against a working server and sniffing the TCP communication as it does it. A good way is to use some kind of man-in-the-middle proxy so you can sniff the communication with (e.g.) Mobile Me or iCloud.
In my limited experience, this happens when the account used for sharing is functional (not personal) in Microsoft Exchange Server 2010. An example, where two of three are functional:
I do use various CalDAV implementations but have never encountered the same limitation, so this may be not a good answer. Also Exchange Web Services (EWS) for calendaring and delegation are probably not comparable to CalDAV. Still, it's food for thought.
The Debug menu of iCal 5.x offers CalDAV logging options.
To enable that menu, you could use the Secrets preference pane.

Why won't Entourage work with Exchange 2007?

So this is IT more than programming but Google found nothing, and you guys are just the right kind of geniuses.
My Exchange Server 2007 and Entourage clients don't play nice.
Right now the big issue is that the entourage client will not connect to Exchange 2007 ( Entourage 2004 or 2008)
The account settings are correct and use the proper format of https://exchange2007.mydomain.com/exchange/user#domain.com
The issue is with a dll called davex.dll when it is where it belongs, the OWA application pool crashes a whole bunch of nasty things happen.
When it isn’t there, I can connect to everything fine - and the OWA app pool doesn’t crash - but Entourage never propogates the folders in the mailbox and doesn't send or receive.
Any help or ideas would be appreciated: Microsoft support is silent on the issue, and Google doesn't turn up much.
Try it without using the /exchange in the server properties field. Here's a link with relevant info.
davex.dll is the legacy webdav component for Exchange server, which Entourage uses. Your first step should be investigating why the application pool crashes. My guess is that Entourage can't do anything when the dll isn't present because webdav is not responding to any requests.