I'm trying to use Fiddler version 5.0.20202.18177 (latest as of writing) to determine the URLs used by various online / web installers.
This works fine in most cases. For example, with SpotifySetup.exe:
However, this does not work in some cases. For example, with DropboxInstaller.exe and bitdefender_online.exe:
I have ensured that:
HTTPS decryption is set up for all processes:
All types of connections are being captured:
Windows' proxies are set as expected.
All Windows 10 AppContainer Loopback exemptions are in place:
Running Fiddler as administrator doesn't make a difference.
I would have guessed that the executables simply aren't utilising the proxy but, as far as I'm aware, if the proxy is set at the Windows level then they can't override that?
A program can use of the proxy defined in the Windows Internet settings but it also can ignore those settings and directly connect to the Internet.
The proxy settings are only used automatically for programs that use an HTTP client provided by Microsoft (e.g. WinHTTP for C/C++ or a Dot.net Http client implementation).
All other programs that use their own HTTP client can query the Windows proxy settings and apply them but this is optionally. From a Windows perspective those programs just open TCP connections, what protocol is used on the connection is unknown to Windows hence Windows could not enforce that a proxy is used even if it would try to do so.
By default even programs that come with Windows like the command-line too curl ignore the Windows proxy settings.
Dropbox for example has their own proxy settings within the Dropbox client. There you have to configure Fiddler as proxy.
Bitdefender also seem to have it's own proxy settings where you have to configure Fiddler.
After my discussion with Robert, I ended up abandoning Fiddler, setting up a VirtualBox VM running pfSense Community Edition (free) + Squid3 with HTTPS Interception and Access Logging, installing the pfSense's root CA certificate in my test Windows VM, and changing my test Windows VM's default gateway to the LAN IP address of the pfSense which worked.
In the case of the Dropbox example, it was initially logging TCP_TUNNEL_ABORTED/200 client.dropbox.com:443 so I added client.dropbox.com to the whitelist in the ACLs then it worked and I could see the full EXE URL:
Related
I am updating libraries to include proxy headers such as host, port, username and password because some users of the library are running behind corporate proxy / firewall. Anyone have a good way of testing this on a Mac? I am not behind any proxy.
I tried setting the web proxy in Network in System Preferences on the Mac but that only seems to affect browser requests. I'm finding that curl requests and anything run in terminal does not go through that proxy.
Is there any way to configure Windows to redirect all internet traffic through a SOCKS5 tunnel (unauthenticated) without any third party tools (i.e. Proxifier, Freecap, etc.) and without dealing with any UI (purely using command line) in such a way that DNS resolution would be also pushed through the tunnel (similar to what Proxifier does)?
DNS resolution cannot be done by changing the Lan Settings in the Internet Options
I have tried netsh winhttp set proxy and it didn't work (the IP address did not change to the one associated with the SOCKS tunnel)
I also tried using the route command, but it turned out that it does not support port configuration.
As the title says, I couldn't get mitm proxy to log ssl traffic of windows apps.
I tested an app working with ssl on both Android and Windows + Windows mobile.
Even in fiddler, I exempted the app but it couldn't track the requests either.
as I was searching I saw someone using a program (I couldn't find) to track the requests from a process called WinUAPEntry.exe that's used by universal apps for requests.
Any solutions?
I have installed the mitm proxy's ssl cerifitcaion
I have set the wifi proxy to the ip of the device where mitmproxy is running
I have forwarded the 80, 443 in iptables as mentioned in mitmproxy tutorials
You should be able to get this running with https://loopback.codeplex.com/. This is the same as Fiddler's EnableLoopback Utility though, so if that didn't work YMMV.
Searching a month I found out Windows Apps bypass proxy settings, tested on both Desktop and Mobile. I came up with solutions like MAC IP binding and setting NIC Ip of the host as a gateway but none worked.
I want an app I am testing to use Win (10) OS system proxy settings. I'm watching packets on the proxy and see HTTPS browsing traffic on Chrome (I've installed a self signed cert on Win).
I can also see a few other OS requests coming through the proxy server. For some reason though, some apps don't pay attention to the system proxy settings.
Is there any way to force all connections through the proxy server? The app I'm testing uses Qt - QWebView. I found a reference here that you need to change the source to use a proxy. This won't work for me as I only have access to the production binary for this test.
How can I force an OS proxy connection, or otherwise route that traffic through my proxy?
Note my OS is in a virtual machine.
Edit: I'm wondering if editing the hosts file could route the traffic for a particular URL to my Proxy? I'm trying Acrylic but I'm not having any luck.
I am successfully connecting to the internet using an application called tether for a jailbroken iphone. (I know there's better options now).
My iphone is connected to my laptop's wifi "device network".
I have in my OS X network settings a location called iphone and the proxy is configured to use the correct IP and port for the phone.
I can browse the internet using Chrome over http and https perfectly.
iTerm cannot ping google. Git cannot pull. I've googled for days and don't see anything "easy" or that I understand. Any advice is appreciated.
Command-line tools usually only support HTTP proxy. For providing a HTTP proxy out of a SOCKS one you have Privoxy. After you've set up Privoxy you have an HTTP proxy. In terminal usually saying export http_proxy=ip:port is enough for most applications. For Git specifically consult here.
But if that's too much for you, you can use sshuttle. It transparently transfers all your connections through a SOCKS proxy. That is, all the connections in your computer, and after that you don't have to change proxy settings for your GUI apps.
I use Homebrew as my package manager in Mac, and both Privoxy and sshuttle are available in it.