I want to capture the https traffic using Fiddler, however when I open the Fiddler, the https site cannot be display. It works well when I close the Fiddler. Is there any setting to protected this please?
the https site cannot be display
What exactly happens in the browser (and which browser was it)?
What do you see in Fiddler in this case, both in the Web Sessions list and in Fiddler's Log tab?
Related
When I pass an URL to load a website, say, http://yoururl.com, it redirects to https://yoururl.com
I mean, passing an URL with HTTP automatically redirects as https://yoururl.com in the browser URL.
#driver.get("http://yoururl.com")
Browser used: Chrome
Is there a way to stop redirecting the HTTP url as HTTPS?
The Chrome 63 and above versions will no longer take HTTP with domain .dev since you are in the local/dev environment.
https://iyware.com/dont-use-dev-for-development/
Chrome 63 (out since December 2017), will force all domains ending on
.dev (and .foo) to be redirected to HTTPS via a preloaded HTTP Strict
Transport Security (HSTS) header
https://ma.ttias.be/chrome-force-dev-domains-https-via-preloaded-hsts/
There are couple of reasons this would happen.
Redirection at load balancer or reverse proxy level.
This can be fixed by altering web server or LB configuration.
As browsers getting smarter everyday, when you open an https url is browser then next time if you even want to open http url it'll by default go to https because browser already knows that the site supports https as well. So it'll prefer to use secured communication rather text when it is available.
Here is some help for second case https://superuser.com/questions/565409/chrome-how-to-stop-redirect-from-http-to-https
I'm using sipml5 to connect to a sip phone service and one of the setting is the service websocket server URL. the problem is that the server url is not secured (ex. ws://123.123.123.123:9999/ws) and it cannot be accessed on wss://. Because of that, when loading my site on a HTTPS connection, the browser blocks the request automatically, it doesn't behave like it does when loading let's say, an image over http, and then shows a warning.
Error is: [blocked] The page at 'X' was loaded over HTTPS, but ran insecure content from 'ws://....': this content should also be loaded over HTTPS.
I need to know if there is a way to make the browser connect to ws:// even though the page initializing the request is loaded over https.
Please help.
EDIT:
What I'm looking for is a flag or something like that, in Chrome or Firefox for example, which lets the user access insecure resources even though the page is loaded on https.
Why you are using http? You can get an ssl certificate from https://letsencrypt.readthedocs.org/en/latest/intro.html
then add the following details to http.conf
tlsenable=yes
tlsbindaddr=0.0.0.0:8089
tlscertfile=/path-to/cert.pem
tlsprivatekey=/path-to/privkey.pem
I'm trying to figure out why Chrome (26.0.1410.64) and IE10 don't seem to recognize the cookie I set in my response from an ASP.NET Web API controller. Here is the situation:
I have a drop-down menu login form on my page that makes an ajax call to my Web API method (via HTTP POST) and that Web API method returns some JSON data and also sets a cookie in the response (using the HTTP headers). It works perfectly in Firefox and Safari (so, WebKit) but not in Chrome or IE. Chrome and IE appear to completely ignore the cookie that's sent back in the response. I've verified (using Fiddler) that the cookie is sent back on the response so I know it's there - I can't figure out why IE10 and Chrome don't pick it up though.
Any ideas? Does it have something to do with how Chrome and IE10 handle response cookies in ajax requests?
So I figured out the issue, although it's not something I really would like to accept as a solution. I guess I will just have to deal with it and always test the site on my local machine using Firefox.
So here's the issue:
When I run my site locally by running it from Visual Studio and IIS on my local machine, it creates a website at an address like http://localhost:1839/. For some reason, ajax cookies get ignored by IE10 and Chrome when it's "localhost" - but not when it's a real-looking host name or IP Address. So if I edit my host file and create a generic entry like localhost.com and point it at 127.0.0.1:1839 then everything works fine in IE and Chrome (and Firefox still as well).
It's when I use the localhost:1839 address that ajax cookie only works in Firefox.
So what I ended up doing was deploying my website to a different test IIS server (on another machine) that I have a test.mydomain.com entry in my local host file for - that points to the test IIS server's IP address. Now IE, Chrome and Firefox all accept the ajax cookie from this faked "test.mydomain.com" domain.
So for those of you sending cookies back on an ajax request - beware of this "localhost" issue with Chrome and IE.
The Domain on the set cookie is most likely conflicting against using localhost. If you edit your hosts file and add a alias it will make test.mydomain.com point to your local machine:
Within c:\windows\System32\drivers\etc\hosts add the following:
127.0.0.1 test.mydomain.com
Start your webserver within Visual Studio
Close all browsers, then load test.mydomain.com
When I submit a form on a site I want to know what HttpRequest was sent from the browser to the server, is this possible from any browser, or is there any firefox addon to do this ?
IE9 has this functionality in the Developer Tools (press F12). In Firefox you can use the extension Firebug. For Opera you can use Dragonfly.
There is also an application that has much more functionality and allows you to change any values in the request: Fiddler. Fiddler works with pretty much all browsers on Windows.
For Firefox there is the Live HTTP Headers extension.
For Internet Explorer, there is the ieHTTPHeaders extension which shows you HTTP requests and responses.
I just wanted to check if my HTTP caching for my website is working especially since I moved to a CDN.
Now I used both Fiddler and Firebug and what I am seeing is that requests for ALL scripts and images on my page every time I navigate to it. Response code is 200.
If I open the page in Chrome, the developer tools also show me all these requests but Chrome also tells me that the requests are served from the Cache. Chrome requests are not listed in Fiddler (while FF and IE requests are).
My original assumption was that if Firefox or Internet Explorer get a file from their cache that request wouldn't show up at all in Fiddler.
I checked my caching headers and since Chrome behaved exactly like I expected I am asking myself if my assumption about Fiddler was wrong. Are FF/IE behaving differently when Fiddler is started? Is Fiddler showing cache hits?
As a network proxy, Fiddler is not able to show anything that comes out of the cache. If you see a request in Fiddler, then that request was sent over the wire.
One thing to keep in mind is that if you're refreshing the page (e.g. with the button or F5) then the cache can be bypassed; see http://blogs.msdn.com/b/ieinternals/archive/2010/07/08/technical-information-about-conditional-http-requests-and-the-refresh-button.aspx