How to make certain hosts bypass Fiddler? - fiddler

I have the Fiddler filters setup to "hide" the host "roaming.officeapps.live.com" and it does not show while I am debugging.
But the Fiddler proxy is still causing security issues (incorrect ssl certificate) to office, message relates to that host.
How can get a specific host to bypass Fiddler?
Or is the nature of a proxy based system that all requests go through it regardless?

Tools > Fiddler Options > Connections > Bypass Fiddler for hosts that start with or use the HTTPS tab to Skip decryption for.

Related

Fiddler not capturing traffic from certain host

I want to capture traffic from a host using HTTP, but I do not see a response coming back. If I close fiddler, my application runs as normal.
I see '-' in the Result section, where it should have been an HTTP response code. If I manually execute the request using Composer, I get a 200 response. Fiddler is able to capture traffic from all other web applications without issue.
I have installed Fiddler certificate. Troubleshooting Mode returns 200. The host does not use HTTPS, but I have enabled Capture HTTPS Connects anyways.
I am using Fiddler v5.0.20182
Some applications performs certificate pinning. Also web applications can perform certificate pinning e.g. via HTTP Public Key Pinning (HPKP). If you have ever used the web application in your browser without Fiddler, the web app public key has been downloaded and cached in the web-browser.
Afterwards the Fiddler root certificate is no longer accepted for that site/app even it it has been installed correctly. You should be able to identify such problematic connections in Fiddler if you only see a CONNECT request but no subsequent requests to the same domain.
To delete the HPKP in your web browser you should use a fresh profile or clear the complete browser cache. Afterwards only use it with activated Fiddler proxy and SSL decryption. As far as I know Fiddler will remove HPKP data from responses so that the web application should also work with Fiddler in between.
I think you should be able to uncheck the options for https, uncheck the boxes which appear checked here? Or you might be able to skip decryption by adding the host in the box below where it says Skip decryption for the following hosts

How to use Fiddler in C# with a proxy?

I've been using Fiddler in C#.
So far I'm able to intercept requests. However, I need to set a proxy. I did so, the proxy is set.
In Proxy Settings Windows' form, I have for HTTP and Secure: 127.0.0.1 for Proxy address to use and for the Port, 8888.
This is the same that is done when I use Fiddler application directly.
However, when I set it through my C# code, instead of using Fiddler, I can't navigate. My pages give me the message:
Your connection is not secure
What more do I need to do? What Fiddler do that I'm missing to correctly set a proxy?
Usually if it cant make a secure connection, you need to trust Fiddler's root certificate on your development PC. If you are using Firefox you will have to do an additional step to trust the certificate inside FF.

Requests sent from Advanced Rest Client for Chrome are not visible in Fiddler

I have a Web API application running locally. When I access it through a browser, the requests are visible in Fiddler. When I do it through the Advanced Rest Client for Chrome - nothing appears in Fiddler.
I am using IIS Express with localhost.
How do I make requests issued by ARC visible in Fiddler?
I tried with https://graph.facebook.com/test and it worked fine for me after making some setup changes. Here is what I have setup:
IE > Internet options > Connection > Lan Settings >
a. Automatically detect - Check
b. Use proxy server for your lan - check with fiddler host and port for http/s
Advanced Rest Client with ARC ( Without ARC it wont even be able to connect)
Fiddler > File > Capture Traffic
It worked even for the extension Postman (without even needing ARC).
Can you try these?

Fiddler2: Decrypt HTTPS traffic and Tunnel to host:443

I use Fiddler2 to analyse some pages that use https connections. I enabled HTTPS decryption, but I still see some Tunnel to host:443 entries in my log. I can see decrypted HTTPS traffic in the log, so I assume the decyption works.
I think, that a Tunnel to host:443 entry is created in addition to the decrypted log entry when the connection is opened.
Is my assumption correct or did I miss something?
Yes, this is expected.
If you click on Tunnel to Host:443 you'll see the following on the Statistics tab:
The selected session is a HTTP CONNECT Tunnel. This tunnel enables a client to
send raw traffic (e.g. HTTPS-encrypted streams or WebSocket messages) through
a HTTP Proxy Server (like Fiddler).
You can automatically hide these tunnels if you like by clicking Rules > Hide Connects.
My HTTPS interception and decryption stopped working and this message was also in my logs.
Perhaps it is unrelated but I was able to resolve but exporting the Fiddler certificate to Desktop (Tools > Fiddler Options > Export Root Certificate to Desktop), double clicking it to install it and restarting Fiddler and my Browser.

How to create Man in the Middle instrumentation

I'm trying to see how a certain application is talking to a server in SSL. Basically, the process just hangs when it claims to have done some SSL communication. I want to debug the problem by catching the traffic, but I can't really use a sniffer since SSL will probably look like a hexdump.
Is there a good man-in-the-middle tool that I could use as instrumentation? I just need something that will show me the decrypted communication. Hopefully very easy to setup. I could even point the application to any IP address/port available to my machine (eg localhost:8888), so proxies would be fine. Also, I can probably configure the application to accept any certificate.
What do you use to simulate a man-in-the-middle (mitm) SSL attack?
UPDATE: I tried fiddler and can't get it to work. I installed openssl and typed the following command:
openssl s_client -connect smtp.gmail.com:465
Gmail responds with their certificate and a 220 mx.google.com ESMTP .... However, Fiddler does not capture the traffic. I set the WinINET options in fiddler to "Use the same proxy server for all protocols". Can anyone else get this to work (or not work)? I think I need to find a way to have openssl use a proxy.
Fiddler allows you to implement a man in the middle attack against yourself to see what is inside the SSL tunnel.
Fiddler generates a unique root SSL certificate for your computer, and then creates a session certificate signed by the root. When you configure Fiddler to decrypt SSL for you it acts as a proxy between you and the destination, decrypting the traffic using the site's SSL certificate and then re-encrypting it using its own certificate.
Your browser/application will see an untrusted certificate error. You can get around this error by choosing to trust Fiddler's root certificate.
The folks over at .Net Rocks did a great podcast episode on using Fiddler to sniff your traffic.
I haven't use it for this purpose but Fiddler should be able to do what you want.
Fiddler is a Web Debugging Proxy which
logs all HTTP(S) traffic between your
computer and the Internet. Fiddler
allows you to inspect all HTTP(S)
traffic, set breakpoints, and "fiddle"
with incoming or outgoing data.
Fiddler includes a powerful
event-based scripting subsystem, and
can be extended using any .NET
language.
Fiddler is freeware and can debug
traffic from virtually any
application, including Internet
Explorer, Mozilla Firefox, Opera, and
thousands more.
If you are using the amazingly useful Wireshark sniffer, then you can have it decrypt SSL if you are able to provide it the appropriate key files.