I am using ASP.Net + .Net 3.5 + VS 2008 + IIS 7.0 + C# to develop a web application. I want to use Fiddler to debug (i.e. monitor request and response Http traffic) local traffic -- i.e. when I test web application inside VSTS 2008's built-in test ASP.Net web server. Is that feasible? If yes, how to monitor such traffic? For example, in VSTS 2008's built-in ASP.Net test web application server, the Url I want to monitor request traffic sent to http://localhost:1870/Default.aspx and its response (i.e. when F5 is pressed in VSTS 2008).
BTW: I previously think Fiddler could only be used to monitor port 80 Http traffic, not sure whether port 1870 could be monitored?
Have you tried adding a dot after the localhost? Quick test on my machine seems to indicate this is needed in IE but might not be in Firefox actually.
If you change your URL to 'http://ipv4.fiddler:1870/..' instead of 'http://localhost:1870/...' then fiddler will intercept your traffic and display the requests. Localhost doesn't go through wininet (I believe) which fiddler will then ignore. Fiddler registers ipv4.fiddler as localhost so you can monitor local traffic.
You can also add an entry to your hosts file and direct some URL (e.g. mysite.com 127.0.0.1) and use it as your URL (e.g. http://mysite.com:1870/...) and fiddler will pick that up, too.
Doesn't fiddler ignore 'Localhost' try changing the url's to your machines hostname.
Related
I use Fiddler to inspect app traffic for extracting API (headers, body, response and..) but on Xamarin apps, Fiddler does not work because the app does not accept system proxy.
How can I do that?
You can use burp to intercept traffic on a windows machine. Here's a guide on how to achieve that: https://resources.infosecinstitute.com/topic/windows-mobile-application-penetration-testing-part-5-intercepting-httphttps-traffic-of-uwp-apps-on-windows-desktop/
Basically you route all traffic through burp and install the certificate on the machine to let burp know how to decrypt the outgoing traffic.
If it's not proxy aware, then you can use this DNS trick here:https://portswigger.net/support/using-burp-suites-invisible-proxy-settings-to-test-a-non-proxy-aware-thick-client-application
I have a web app made in C# using asp.net core 2.0.
This app is hosted in IIS, as this is the recommended way to expose it to the internet.
I am now making some services hosted in the same local lan as the webapp, which need to connect to the above webappp. I can connect to the public iis server which of course works. However, would it also be possible to directly connect to the Kestrel server managed by IIS? So instead of connecting to public_ip/somewhere, connect to kestrel-local-ip:port/somewhere. The advantages would be:
avoid an extra hop
the kestrel app is still hosted and managed by IIS, so no worrying about self-hosting/management.
Reading the documentation here: https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/aspnet-core-module?view=aspnetcore-2.1 it states: "Additional checks are performed, and requests that don't originate from the module are rejected.". Reading the Github repro, this seems to be an HTTP header called "MS-ASPNETCORE-TOKEN".
So is this scenario possible somehow? To connect directly to IIS but ALSO to kestrel directly?
If it is possible, should I do this? The performance gains seem immense as I have a lot of small requests which Kestrel can handle really well.
I have test this scenario。
when APP kestrel behind iis,
you can use netstat command get the kestrel process "port".
and then curl the "localhost:port" , you will get the 400 bad request, also you can get a error log indicate the MS-ASPNETCORE-TOKEN token .
you can curl the "localhost:port"again with the MS-ASPNETCORE-TOKEN request header.
I am trying to test some new code between my iOS app and my new server code. It would greatly simplify things if I could submit requests to my local testing server while I am debugging so I can fix things quickly on the fly.
Is this possible?
This is not possible by design - which is a good thing.
However, if you are hell bent on doing this, you can do so by setting up a proxy on the development machine that will redirect the traffic to your localhost as required.
The full details steps are described here - http://encosia.com/using-an-iphone-with-the-visual-studio-development-server/.
Summary
Get Fiddler/Install Fiddler on the development machine - http://www.fiddler2.com
Determine the fiddler port and ensure it is configured to accept connections.
Determine your ip address.
On the iphone configure the proxy with the info from steps 2/3. (Connections > Proxy > Manual).
You may need to a period(.) to the address eg, http://localhost.:4543/website to make it work.
this is my question:
i need to invoke a web service hosted on HostA from a web browser on HostB.
i create a web service on HostA, i started it with F5 and this is the local url:
http://localhost:55432/Service1.svc
On HostB, i used the same url changing localhost with the HostA IP (pingable).
But it doesn't work. The Page return a "Unable To Connect to IP-Address".
i don't think it's a code problem, but it look like a connection/security problem.
Thanks for helps.
By default, the Visual Studio web servers (Cassini for older implementations, IIS express for newer implementations) do not even bind to your network adapter's IP address, instead only binding to localhost. So, by default, they do not accept remote connections.
If you're using Cassini, you can refer to how to access cassini server remotely in LAN for demo? for more information.
IIS express is handled differently, as evidenced in IIS Express enable external request.
I have an asp.net application working in https (SSL). This is working well in my local computer and Amazon AWS(production environment).
But when I host this application in office (for testing) some strange things happens.
I can see the https in browser and the lock sign.
Fiddler also showing that the output is encrypted and shows port 443.
But HttpContext.Current.Request.IsSecureConnection returns false
And HttpContext.Current.Request.Url.Scheme returns http.
In the office we are using Juniper SSG firewall and TMG 2010 (Forefront Threat Management Gateway 2010). So server receive request through Juniper and TMG 2010. Thanks in advance.
To reduce costs I suspect that the SSL certificate is installed on the TMG Gateway and that this gateway is simply rewriting the request to standard HTTP when passing it to the actual web server. So by the time the request hits IIS and your web application it is a standard plain HTTP request.
This tripped my up after deploying to Amazon's Elastic Beanstalk environment. I couldn't see any way to get the load-balancer to allow the SSL request straight through to the server. Instead it was always terminating the SSL at the load-balancer and passing plain http back to the server.
I found this documentation: Elastic Load Balancing Concepts - X-Forwarded Headers.
Essentially the load-balancer injects a number of additional HTTP Headers into each request before forwarding it to the back-end server. The most relevant one is X-Forwarded-Proto which tracks the protocol used to connect from the client's browser to the load-balancer. This can be checked like so:
var loadbalancerReceivedSSLRequest = string.Equals(Request.Headers["X-Forwarded-Proto"], "https");
var serverReceivedSSLRequest = Request.IsSecureConnection;
if (loadbalancerReceivedSSLRequest || serverReceivedSSLRequest)
{
// SSL in use.
}
else
{
// SSL not in use.
}
Well another way to check is to check the port
if(context.Request.Url.Port == 443)
Note: check which port is used for secure connections, usually it is 443