I'm trying to use Fiddler to capture traffic that comes to my machine on its external ip address, and redirect it to the loopback interface without affecting the host header.
I have added the following to the OnBeforeRequest method:
if (oSession.HostnameIs("MyMachineName")){
oSession.bypassGateway = true;
oSession["x-overrideHost"] = "localhost";
}
This works fine for http traffic: I do indeed see a request to http://MyMachineName hit the loopback adaptor with its host header intact.
However, when intercepting https traffic I get the following in the response raw view:
fiddler.network.https> HTTPS handshake to auth.time-wise.net failed. System.IO.IOException The handshake failed due to an unexpected packet format.
I have Fiddler configured to capture and decrypt https traffic.
Does anyone know why this problem occurs and how it can be remedied?
Edit: in response to Eric's request for more information
Fiddler is running as a proxy (i.e. as standard), listening on port 8888.
The clients are (currently) web browsers on the same machine, and so are automatically using the Fiddler proxy, as they've picked up the change in default proxy.
You've left out some important details (e.g. what port is Fiddler running on, and how did you configure the remote client to send its traffic to Fiddler?)
Having said that, you will probably want to change your use of x-overrideHost to x-overrideHostname such that the port number of the traffic being retargeted is preserved.
Related
I am running a Groovy script to capture traffic over proxy port in OWASP ZAP.
For https site, I am setting the proxy as given below and I can see the traffic in ZAP when I run my script.
System.setProperty('https.proxyPort', '8083')
System.setProperty('https.proxyHost', '127.0.0.1')
For http site, I am setting the proxy as given below but I can not see the traffic.
System.setProperty('http.proxyPort', '8083')
System.setProperty('http.proxyHost', '127.0.0.1')
The same settings although work fine when configured on Chrome. I have tried using the IP address instead of 127.0.0.1 but that also did not help. What could be going on wrong here ?
I have build a Go server using Echo framework, i get TLS certificades and a domain name, but when i try a request i get the message "Client sent an HTTP request to an HTTPS server." and when i try acces the server from the IP address of the EC2 using the port 443, it says that the connection is not secure:
And when i change the server to the port 80 to acces through the domain name, i get the following error:
I'm starting the server using the StartTLS func
e.Logger.Fatal(e.StartTLS(":80", "/etc/letsencrypt/live/anltcsprod.enrtt.com/fullchain.pem", "/etc/letsencrypt/live/anltcsprod.enrtt.com/privkey.pem"))
Is it something wrong with my domain or certificade?
Port 80, by default, communicates over HTTP. 443 is reserved for HTTPS traffic. Assuming nothing else is wrong, you should be able to simply change your e.StartTLS() to this:
e.Logger.Fatal(e.StartTLS(":443", "/etc/letsencrypt/live/anltcsprod.enrtt.com/fullchain.pem", "/etc/letsencrypt/live/anltcsprod.enrtt.com/privkey.pem"))
For example localhost:4000
Instead use https://localhost:4000
i have a windows 10 computer and a program, that sends to a server (xxx.com aka x.x.x.x) a request. server responses with, for example, "false". that program reads that response and based on that gives output. I need to locally (not on the server, only for me) change that value for, for example, "true". I tried Charles, but it doesn't work for my soft (in browser same requests that go through Charles give "true"). What is the problem here?
Charles "doesn't work" for your program because the HTTP request sent from your program is not intercepted. Charles can autoconfigure the proxy setting for browsers, that's why in your browser "same requests that go through Charles give true".
In order to make Charles intercept your program's HTTP request, a reverse proxy need to be configured:
Step 1. Launch Charles, and go to Proxy - Reverse Proxies...
Step 2. Check Enable Reverse Proxies and click Add.
Step 3. Configure a reverse proxy:
Local port: 59110 // any unused local port
Remote host: xxx.com // the target server
Remote port: 80 // the port opened in target server
Step 4. In your program, send all HTTP requests to localhost:59110.
In this way, Charles can intercept all HTTP requests sent from your program, and you can change the HTTP response data.
If the target server provides HTTPS service instead of HTTP, some additional work need to be done:
SSL-Step 1. In Charles, go to Proxy - SSL Proxying Settings - SSL Proxying
SSL-Step 2. Check Enable SSL Proxying and click Add:
SSL-Step 3. Configure an SSL proxy:
Host: xxx.com // the target server
Port: 443 // the SSL port opened in target server
SSL-Step 4 (1). go to Help - SSL Proxying - Install Charles Root Certificate. This will allow your program trust the self-generated certificate from Charles.
or
SSL-Step (2). If you don't want to install Charles' root CA, you can change your program to prevent certificate error. For example, in Node.js, the following code can prevent program from rejecting unauthorized certificate:
process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
I am using WebAuthenticationDetails in my application.The method of WebAuthenticationDetails's getRemoteAddress() returns same IP address even if i login in application from different client machine.This may be due to proxy server.Can anybody help me to resolve this issue?
If your app is working behind a reverse proxy (for example nginx, Apache, etc.) then you'll always see IP of the reverse proxy machine in the WebAuthenticationDetails object. To solve this problem you can configure your reverse proxy in such a way that it will send client's IP address to your application server using a HTTP header. Then in your webapp get clinet's IP from this header.
http://ipfuck.paulds.fr/
We've been recently getting hammered by this Firefox plug-in. It sends a fake IP in the headers so when our nginx web server picks up the IP it is a fake one.
Is there any way to get a real IP address or block out requests that have this plug-in installed?
There is actually no client IP entries in any HTTP Headers. There are only some un-official proxy headers which are added to a request, so that a proxy server can tell you the real ip of the connecting client (since the tcp socket will only reveal the IP address of the proxy server).
The plugin you linked to adds those proxy headers, to "fake" a proxy request, by adding a X-Real-IP: 1.2.3.4 or X-Forwarded-For: 1.2.3.4 header to the request. But no one forces you to use that IP address (which can be fake, like the 1.2.3.4 example here), you can always use the IP address of the socket that initiated the connection - which will be the client's real IP address if he uses the mentioned plugin.
Within the location section of your nginx configuration, you get the socket IP address through the $remote_addr variable. To retrieve the "fake" IP address, you can use $http_x_forwarded_for or $http_x_real_ip variable.
If you are using any application/cgi backend, you usually can examine the full headers and the socket IP address (i.e. in PHP you should check $_REQUEST and $_HEADERS variables)