oSession["x-OverrideGateway"] do not work with https sessions?

Progress® Telerik® Fiddler™ Classic Feedback Portal

Create an account Log In

Request a Feature Report a Bug

Declined

Last Updated: 15 Nov 2019 06:26 by wu

wu

Created on: 04 Nov 2019 03:01

Type: Bug Report

oSession["x-OverrideGateway"] do not work with https sessions?

As subject means,oSession["x-OverrideGateway"] does not work with https sessions.Ive searched google and docs of fiddler.none of them can solve this,and i've tried such as oSession["x-OverrideGateway"] = "https=127.0.0.1:8080",but it just causes errors.By setting oSession["x-OverrideGateway"] = "127.0.0.1:8080",all http session works fine,but https session will just bypass this setting and go through directly.how can i deal with it?thx for your reply.

6 comments

wu

Posted on: 15 Nov 2019 06:26

thx @Simeon and @Eric.In fact,I've repacked the request of session,and send them by FiddlerObject.utilIssueRequest,of which has the same effect of SendRequests.When resending,it should come to "OnBeforeRequest",where I add

 s["x-OverrideGateway"] = "127.0.0.1:8080"

and it seems work fine with http,just the cause of connect and https makes it error.

ADMIN

Simeon

Posted on: 12 Nov 2019 14:38

Thanks for noticing, Eric! My intent was only to show how you can create context menus with the ContextAction attribute. Now I see that actually Wu wants to send the session through the other proxy. The FiddlerApplication.oProxy.SendRequest method could be used for this:

ContextAction("Send To Other Proxy")
static function SendToOtherProxy(selectedSessions: Session[]) {
  for (var i=0; i < selectedSessions.Length; i++) {
    var s: Session = selectedSessions[i];
    if(s.oRequest.headers.Exists("User-Agent")
    && s.oRequest.headers["User-Agent"].EndsWith("ByProxy")) {
      s.oRequest.headers["User-Agent"] = s.oRequest.headers["User-Agent"].Substring(0,s.oRequest.headers["User-Agent"].Length - 7);
      s["x-OverrideGateway"] = "127.0.0.1:8080";

      FiddlerApplication.oProxy.SendRequest(s.oRequest.headers, s.requestBodyBytes, s.oFlags);
    }
  }
}

Regards,
Simeon
Progress Telerik

Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items

Eric

Posted on: 12 Nov 2019 14:17

The "Send to Other Proxy" context action proposed here doesn't really make much sense, because setting the OverrideGateway after a session has completed doesn't do anything.

I suppose this might work if you set a request breakpoint on every request, but that would be very annoying.

ADMIN

Simeon

Posted on: 12 Nov 2019 09:34

You can add a context menu for the web sessions list by modifying the FiddlerScript. You need to introduce a static function with the ContextAction attribute. Here is an example in JScript:

ContextAction("Send To Other Proxy")
static function SendToOtherProxy(selectedSessions: Session[]) {
  for (var i=0; i < selectedSessions.Length; i++) {
    var s: Session = selectedSessions[i];
    if(s.oRequest.headers.Exists("User-Agent")
    && s.oRequest.headers["User-Agent"].EndsWith("ByProxy")) {
      s.oRequest.headers["User-Agent"] = s.oRequest.headers["User-Agent"].Substring(0,s.oRequest.headers["User-Agent"].Length - 7);
      s["x-OverrideGateway"] = "127.0.0.1:8080";
    }
  }
}

Regards,

Simeon
Progress Telerik

Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items

wu

Posted on: 06 Nov 2019 02:51

@Eric,thank you very much...I've found it's because of CONNECT and HTTPS.I add an extra contextmenu of session named "Send To Other Proxy"--since I want to procedure with some binary request or large request by burp.When I click it,the script modifies the User-Agent by adding an extra "ByProxy".after that,I remove the extra flag,and set it to new gateway

if(oSession.oRequest.headers.Exists("User-Agent")){
     if(oSession.oRequest.headers["User-Agent"].EndsWith("ByProxy")){
     oSession.oRequest.headers["User-Agent"] = oSession.oRequest.headers["User-Agent"].Substring(0,oSession.oRequest.headers["User-Agent"].Length - 7);
     oSession["x-OverrideGateway"] = "127.0.0.1:8080";
     }
}

now I've found the problem,but it's also hard for me to solve it.all I want to do is "add a context menu,and when i click it,I can replay it by burp"

Eric

Posted on: 05 Nov 2019 21:58

What's your exact script look like? Is your override getting applied to both the CONNECT tunnel and the HTTPS Request itself?

Note that "https=127.0.0.1:8080" is never going to work (because Fiddler does not support TLS-to-the-Proxy).