HTTPS to HTTP back to HTTPS Chaining
224 views
Skip to first unread message
Cody Nichols
Feb 7, 2012, 4:18:37 AM2/7/12
to httpf...@googlegroups.com
Good day all,
My questions is very similar to https://groups.google.com/forum/#!searchin/httpfiddler/https/httpfiddler/oFMwo2UyinI/yoZOn0frouMJ
The answer was understandable and straight forward. I however need to add a few extra steps and I'm confused on the best way to accomplish this. If possible I need to accomplish this on one machine.
The Browser makes a HTTPS request to Fiddler. Fiddler sends request forward to actual server via HTTPS. Fiddler receives HTTPS response, decrypts and then forwards to a server that does some work on the response and then sends the modified response back to Fiddler which converts back to HTTPS to send to browser.
Orginally I was going to chain and modify responses in Fiddler.
[Local Machine: Browser<---HTTPS--->Fiddler<----HTTP---->Work (DO STUFF) Server<---HTTP---->Fiddler]<-----HTTPS---CLOUD--->CONTENT_SERVER
However only one Fiddler proxy instance can be ran. Is there a way to implement this using one Fiddler instance on one machine?
Some other options I think I might have....
1. Eliminate work server, incorporate work server code into a new FiddlerCore program. (time consuming)
2. Use VM or another computer as two have two instances of Fiddler. (want to avoid this/keep all on one machine)
3. Have Fiddler send the decrypted HTTPS data to the work server with a special header. The work server does it thing and then send the data back to Fiddler. If the data has the special header Fiddler forwards back to orginal requesting client. (not sure how to implement this)
4. Use another proxy to encrpyt/decrpt responses... Squid/Apache maybe?
Right now I'm leaning towards incorporating the server code into a FiddlerCore program.
Any advice would be greatly appeciated. Thanks!
EricLaw
Feb 8, 2012, 9:02:29 AM2/8/12
to Fiddler
You shouldn't try to do this in Fiddler with just one session, and
doing it from script will be extremely hard. You should be able to do
this with a carefully written Fiddler IAutoTamper extension.
What you do is get your HTTPS request in Fiddler, send it to the
server, and get back its response. In the handler for its
OnBeforeResponse event, you create a NEW session (using
oProxy.SendRequest) and keep a reference to it. Your code blocks and
waits for that session to hit its AutoTamperResponseBefore state
(attach an event listener to its OnStateChanged event), and when it
does, copy whatever data you need out of that response into the first
session and let it proceed back to the client.
-Eric
> My questions is very similar tohttps://groups.google.com/forum/#!searchin/httpfiddler/https/httpfidd...
doing it from script will be extremely hard. You should be able to do
this with a carefully written Fiddler IAutoTamper extension.
What you do is get your HTTPS request in Fiddler, send it to the
server, and get back its response. In the handler for its
OnBeforeResponse event, you create a NEW session (using
oProxy.SendRequest) and keep a reference to it. Your code blocks and
waits for that session to hit its AutoTamperResponseBefore state
(attach an event listener to its OnStateChanged event), and when it
does, copy whatever data you need out of that response into the first
session and let it proceed back to the client.
-Eric
> My questions is very similar tohttps://groups.google.com/forum/#!searchin/httpfiddler/https/httpfidd...
Reply all
Reply to author
Forward
0 new messages