I have a ASP.NET MVC based web site which runs on http.
From the above web site I'm making a https call to a web API
Configured fiddler as a proxy and trying to monitor the traffic using Fiddler Web Debugger (ver 4.4.8.4)
I only see "tunnel to" requests to the https web api sent from the MVC web application. Why am I not able to see other https traffic including request/response headers/body?
I have enabled decrypting https setting in fiddler. I have followed this link:
http://fiddlerbook.com/Fiddler/help/faq.asp
Is there anything else I can check?
Let's step back a bit:
Is the HTTPS request to the web API being made from JavaScript on the client, or from ASP.NET code on the server?
Did the request actually succeed?
What, if anything, do you see in Fiddler's LOG tab?
Related
Scenario:
CORS is disabled. API is hosted in Azure. Why I'm allowed to post to the web api from my machine, that, that I suppose is localhost domain? Can someone let me know if I have a complete misunderstanding of what CORS does?
Thank you!
While CORS is configured on the server, it is up to the client to enforce it.
Most web browsers do enforce it, and fall back to the same origin policy if it is not enabled on the server.
If you make a request with an HTTP client like Postman, or code running in some other application, CORS is not a factor.
I have a spring boot application which works over http.I do not want to touch the application - so no keystore etc. I want to use reverse proxy - i.e. the request will land at some other machine over TLS and
will get redirected to my spring boot application over secure socket layer. How it could be done?
Edit: When I try to login to that site, developer tool console tells me:
"Mixed Content: The page at 'https://xxxx-uat.xxxx.com:4200/login' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://151.253.73.106:9091/login'. This request has been blocked; the content must be served over HTTPS."
Nginx reverse proxy is being used.
Best way to do it is to use cloudflare. Cloudflare is free for basic use. You can create a new site, point to your HTTP URL and configure SSL as flexible. So, now your service is behind https. Cloudflare will act as proxy. Request will go to cloudflare via https, then it will be routed to your http.
I am using the Postman native app on Windows 10 and am struggling with trying to capture https requests. Postman's Documentation for this is for Mac and not Windows.
In particular, I am working on a web application that creates a session cookie upon login that needs to be included in most requests in order to be authorized. When I was using the Chrome App, Postman Interceptor achieved this (see https://stackoverflow.com/a/32436131/3816779).
Here's what I've tried so far:
Turn on the Proxy in Postman with port 5555.
Configured windows to send http and https requests through Postman's proxy server (127.0.0.1:5555).
This allows http requests to be captured in Postman
But when trying to connect to https sites, I get an error
Here are my Postman settings if that helps.
Update I ended up switching back to the Chrome App, which uses the "Interceptor" instead of a "Proxy Server" to capture traffic.
Unfortunately, capture https requests with postman native app is impossible in some case according to the official doc: Capturing HTTP requests
Note: for the Postman native apps, request captures over HTTPS will not work if the website has HSTS enabled. Most websites have this check in place.
Postman's proxy now supports HTTPS traffic - https://blog.postman.com/postmans-proxy-now-fully-supports-https-endpoints/
Once you install a CA certificate that Postman generates for your installation, capturing HTTPS requests should be seamless.
Disclaimer: I work at Postman
With Google Chrome i don't know how to fix the issue. But you can use to open the web page for example IE..
EDIT:
Or MAYBE you can start Google Chrome with parameter --ignore-certificate-errors to ignore the error message.
Postman Interceptor is available for Postman native apps which supports both features:
1. Capturing requests
2. Syncing cookies
Learn more here.
Just check HTTPS in setting and will work for you
Am using WSO2 API Manager 1.9.1 and have defined a service that can be access over both http and https. When I try to "test" it through the API Console under https://localhost:9443/store/apis/..., the API call fails as the REST AJAX call is send over http instead of https.
Chrome complains that the page was loaded over HTTPS but requested an insecure XMLHttpRequest. The request is blocked as it should be served over HTTPS.
Firefox likewise blocks the request with a "mixed active content" error.
Safari fails with a more obscure message: "Failed to load resource: The network connection was lost.".
A workaround is to set the API scheme to https only but this is not particularly desirable. Is there a fix or other way to cope with this issue?
This issue occurs when you're trying to access a HTTPS URL from the web browser
but the end point is actually HTTP. This is not the default behavior of swagger console in API manager 1.9.
Usually when you are accessing from the web browser using HTTPS, API console
(swagger console) calls an end point of HTTPS by default.
Try to expose the service as both HTTP and HTTPS(Manage Tab) when you are publishing an API.
Thanks
Ojith
I am using an api and I noticed that when I use RestSharp and do a call from my asp.net web api project my request fails.
I turned on fiddler and for whatever reason the api I am requesting thinks I am a mobile device and thus is redirecting me to the mobile site that does not support api calls.
I then did a request in fiddler and I can access the api. I changed my user-agent to fiddler through restsharp and now my requests go through when using my web api.
I don't want to leave it fiddler though. What should I use instead?
You are in-effect creating your own user-agent, so invent your own identifier. E.g. choboAgent/1.0