https to http proxy using fiddlercore

2,243 views
Skip to first unread message

Kevin Radke

unread,
Jun 16, 2013, 12:54:08 AM6/16/13
to httpf...@googlegroups.com
I have been able to use fiddlercore to very easily construct an http proxy.  It works great for both http and https traffic.  I even have MITM decryption working and can see the actual https traffic decoded.  I'd now like to force all the https traffic to use http to the server.  I've tried to rewrite the connect port and/or URL in the BeforeRequest handler and it then connected to port 80 on the server, but is still trying to speak SSL.  How can I get it to not try and SSL handshake with the server?

Both these work:

  client -> http -> fiddler -> http -> server
  client -> https -> fiddler (mitm) -> https -> server

I want to do this:

client -> https -> fiddler (mitm) -> http -> server


I feel I'm missing something obvious, so any pointers would be appreciated.

Thanks!
Kevin R.

EricLaw

unread,
Jun 17, 2013, 8:43:58 AM6/17/13
to httpf...@googlegroups.com
Step #1 would be to automatically reply to any HTTP CONNECT requests from the client without contacting the server. This will allow the client to believe that there's a HTTPS connection to the server. Step #2 would be to change the HTTPS requests you receive to use HTTP and pass those along to the server. I believe we concluded that the simplest way to do that is to use the BeforeRequest handler to change the Session's URL (changing the scheme, and if present, the port)

Kevin Radke

unread,
Jun 17, 2013, 11:53:48 AM6/17/13
to httpf...@googlegroups.com
This seems to sorta work in the BeforeRequest handler:

if (oS.isHTTPS)
{
 oS.fullUrl = oS.fullUrl.Replace("https://", "http://").Replace("443", "80");
}

Two observed things:
  1. A connection to the original port is opened to the server, but not handshaked - It is closed when the warning below happens
  2. Warnings received in log: "Detaching server pipe. Had: HTTPS:server:443 but needs: server:80"
I assume there is some performance penalty in opening the original port and it also requires to original server to support both ports.

I originally tried the above when oS.HTTPMethodIs("CONNECT"), but didn't get it to work.  I may re-visit it again.

Kevin R.

EricLaw

unread,
Jun 17, 2013, 12:29:56 PM6/17/13
to httpf...@googlegroups.com
Do this inside your OnBeforeRequest handler:
 
  // Handle CONNECT Tunnels
  if (oS.HTTPMethodIs("CONNECT"))
  {
    oS["x-replywithtunnel"] = "FakeTunnel";
    return;
  }
 
  // Handle HTTPS requests
  if (oS.isHTTPS)
  {
    oS.fullUrl = "http://" + oS.hostname + oS.PathAndQuery;
  }
 

Kevin Radke

unread,
Jun 17, 2013, 12:41:56 PM6/17/13
to httpf...@googlegroups.com
Perfect!  I was just missing the FakeTunnel part.

Thanks!
Kevin R.

syed khalid

unread,
Apr 14, 2017, 10:29:47 AM4/14/17
to Fiddler
Hello Kevin,

Is this possible to achieve the same using Burp Suite proxy. I am using a linux machine and i can't switch to Fiddler. 

Syed
Reply all
Reply to author
Forward
0 new messages