I am trying to connect to a Visual Studio server from a remote machine using Fiddler and HTTPS. I followed this tutorial (http://docs.telerik.com/fiddler/Configure-Fiddler/Tasks/UseFiddlerAsReverseProxy) which works perfectly for HTTP. When I moved my project to HTTPS, the connection stopped working. I have tried several solutions, including:
Proxying HTTPS traffic through Fiddler fails for remote clients?
http://lifelongprogrammer.blogspot.com.au/2014/04/using-fiddler-as-https-reverse-proxy.html
but haven't been able to get it to work. Can someone help?
You haven't explained what happens, but my guess is that your client is trying to do a HTTPS handshake with Fiddler, which is expecting HTTP because you didn't tell it to do anything else.
In Fiddler's QuickExec box, type
!listen 444 FiddlerMachineName
This will create a new HTTPS-accepting endpoint running at https://FiddlerMachineName:444 and Fiddler will perform a HTTPS handshake on all inbound connections. You can then use FiddlerScript to forward requests to the target service.
Related
I'm trying to expose my local web server IIS Express using ngrok.
Followed steps from https://ngrok.com/docs and fired the tunnel, but can't get response.
Screenshot - ngrok fired
I'm using Visual studio via IIS Express. (Debug mode, local website works well.)
If local website not started, access to XXXXX.eu.ngrok.io will get error directly:
Failed to complete tunnel connection
The connection to https://2713343d.eu.ngrok.io was successfully tunneled to your ngrok client, but the client failed to establish a connection to the local address localhost:44320.Make sure that a web service is running on localhost:44320 and that it is a valid address.The error encountered was: dial tcp [::1]:44320: connectex: No connection could be made because the target machine actively refused it.
No errors shows on Ngrok's Web Interface too.
Is there any way to check where the problems are? or see ngrok's log?
Indeed it works with http, but it is strongly recommended to work with https, so you should properly start ngrok in order to work with https:
ngrok http -host-header=localhost https://localhost:{your_IIS_express_port}
After this you should be able to access your URL:
https://{id}.ngrok.io
Credits
Try make your service as http, not https.
I have a corporate proxy using Squid and kerberos for authentication, the proxy is configured for standard use, I.E allow http, https, a few others and block everything else. Now, there are many applications that support basic proxy authentication, but do not support Kerberos based authentication and many others that connect directly to the internet. I used Proxifier before the upgrade to kerberos to make my applications use the proxy, but I cannot do so now. I then installed an application called PX to create a proxy that connects to kerberos, but the proxy it creates is a simple HTTP Proxy and proxifier doesn't work correctly with it. Anyone has a setup for a situation like this?. I use Windows 10 and I obviously don't have access to the server where squid is configured. The application I need to connect to the internet uses standard https ports, it's not a torrent application nor anything that uses the ports blocked by squid. Thanks in advance.
Ok, for this particular case I've found the following setup to solve 99% of my problems.
First get Px here https://github.com/genotrance/px
Next get Fiddler: http://www.getfiddler.com/dl/Fiddler4BetaSetup.exe
Configure PX with your user and your domain and run it. By default it creates a running proxy on 127.0.0.1:3128
Configure your sistem proxy to use the proxy supplied by PX.
Execute fiddler, it should create ANOTHER proxy at 127.0.0.1:8888
Use this proxy in your apps. Proxifier should work as well.
Why use fiddler and not the direct 127.0.0.1:3128?, PX creates a pure http proxy and fiddler allows to tunnel https and connect request through it.
Any requests will pass through fiddler which will redirect them to the PX proxy which will redirect them to the squid proxy (So expect very slow speeds).
In the end since you're just redirecting your apps towards your proxy, if your proxy bans using regex expressions or direct IP connections some apps will NOT work, and in these cases using TOR or a VPN is the only real solution. Hope it helps someone avoid all the headaches I went through.
I'm trying t use Ngrok to create a local tunnel to an SSL Virtual host I have on my local machine, but can't seem to get it to work.
My Vhost works perfectly. The site is https://local.mysite.com
Any of the command I try to use to predefine the pointing url on Ngrok, e.g.
./ngrok http -host-header=rewrite local.mysite.com:443
or
./ngrok http -subdomain=local.mysite.com local.mysite.com:443
always seems to return:
Bad Request
Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
I get that this is happening because I am trying to access a HTTPS connection via a HTTP call but I can't see alternatives in the ngrok docs.
https://ngrok.com/docs#expose
You need to use tls which is only available in the pro subscription.
If you use Vagrant, you can use the share function which is free and support https.
I followed the example in the following SO question to successfully set up an Apache forwarding proxy: Setting up an Apache Proxy with Authentication
It works well, except that when accessing sites via https, it says it cannot find the site. For example, Chrome gives
Error 111 (net::ERR_TUNNEL_CONNECTION_FAILED): Unknown error.
And on the server, I do not even see something in the access logs. For my proxy settings, I have configured the same for http and https (i.e. port 80 on my proxy server).
Do you perhaps have an example of how to set up a forward proxy with Apache for https?
It seems the only thing I was missing is that I had not enabled mod_proxy_connect which was achieved with
sudo a2enmod proxy_connect
To quote the mod_proxy_connect documentation page:
This module requires the service of mod_proxy. It provides support for
the CONNECT HTTP method. This method is mainly used to tunnel SSL
requests through proxy servers.
Are you attempting to terminate the SSL or just trying to create a forward proxy without handling any SSL certs? The issue that you are having is because during HTTPS proxying, the browser attempts to create an HTTP tunnel and it seems that your server is not correctly configured to handle tunneling. You can see another example here: Implementing a Simple HTTPS Proxy Application.
Here is another helpful thread on proxying HTTPS traffic with HTTP tunneling: Tunnel over HTTPS.
If you can choose something else other than Apache, I would suggest you use a robust forward proxy such as Squid or TrafficServer that are built to handle this type of setup.
I made a proxy server,and I'm testing it using a client name Proxifier.
I made the first part with autentication to work,but i don't know what to do next.
I called Connect() an the address received from the client,but that is from a webpage.
So i need to connect to the webpage? What next then? I can't browse the net with the proxy on.
So i hope someone could help me an what to do next.Thanks.
to test a proxy server is simple as these.
In your browser, configure the proxy settings to the ip:port of your proxy server, in these case if you are testing on local machine, your ip is 127.0.0.1 and you are listening on port 80.
browse a webpage mostly google with the browser and see if it loads properly, if it does, then you proxy server is working