winhttp-traffic-in-fiddler

November 13, 2018 21:22

On a day to day basis at work I'm involved in testing a couple of products which consist of a server and many clients, these clients talk to the server using HTTP REST requests and responses are typically encoded in JSON. Occasionally for specific tests, we need to monitor this traffic to ensure the correct API endpoints are being used for example. In the past, I've always used Wireshark which is great for this purpose, however in order to help reproduce a bug I needed to simulate delayed responses from the server and in some cases no response from the server at all. I didn't want to block everything so couldn't just pull my network cable out, so after speaking with one of my colleagues I decided to give Fiddler a try. It's a web debugging proxy which logs all HTTP(s) traffic between your computer and the Internet, and best of all it's free!

It was fairly simple to install, just hit next next next and off you go. I had it up and running fairly quickly, it logs all the HTTP traffic being sent from your machine and if you so wish you can have it block all traffic by default until you manually allow each request (or indeed responses) to go through, this sounded ideal to help me simulate this scenario I needed. It works by running a local server at 127.0.0.1:8888 which can then be set as the proxy server for any Internet connections (this is done automatically when you enable Fiddler).

It worked for any traffic from any of my web browsers, however it wouldn't capture any traffic which was going from our application. I couldn't understand why, I knew for a fact that we were connected to the application server using HTTP (not even HTTPS) and so figured I had got something wrong in setting up Fiddler. After a little bit of digging and speaking with our developers, I found out that we use WinHTTP services to handle our HTTP communication in our Windows client. After a quick Google, I came across a blog post about Using Fiddler with WinHTTP which explained that by default most applications use the WinINET network stack and usually even other applications respect the WinINET proxy settings. It seems that WinHTTP doesn't do this automatically, you have to open an elevated command prompt (run Command Prompt as Administrator) and run netsh winhttp import proxy ie to import the WinINET proxy settings into WinHTTP. As soon as I made these changes and restarted the capture in Fiddler, our clients traffic started showing up in Fiddler and I could manipulate it by controlling what was sent and received.

I'm sure there's much more that can be done with Fiddler and I will be using it in the future (hint hint - expect more blog posts about it), but hopefully this served as a quick introduction to Fiddler for anyone else who hadn't heard of it and if, like me, you end up using an application that makes use of WinHTTP then hopefully this is of some use to you.