Fiddler suddenly cannot capture anything from broswers - google-chrome

Fiddler had worked well on my laptop, but all of a sudden it cannot capture anything from my browsers. I have no ideas about what I have done may cause this problem.
The version of my fiddler is v4.6.0.5, it cannot capture http requests from all of my browsers, chrome, IE and Edge. My system is Windows 10.
I've carefully read the webpage Fiddler not capturing traffic from browsers
However, solutions works well for others do not work in my situations.
I've tried reinstalled fiddler and reset chrome hundreds of times
http://localhost.fiddler:8888/ cannot be found
http://127.0.0.1:8888 returns "This page returned a HTTP/200 response
Originating Process Information: chrome:79748"
I didn't use any filters
I have no extensions on chrome and close all kinds of VPN software.
I've checked 'Decrypt HTTPS traffic'
Anybody knows how can I solve the problem? Thank you!
I found that some of the software's http request is captured. It seems like that only the browsers' requests are not captured.
I temporarily use the developer tools in chrome for replacement(Ctrl+Shift+I, choose "NetWork"). It can capture the requests missed in Fiddler.

Your output indicates that:
Fiddler is running, and
It isn't blocked by a firewall or other software
Fiddler is not set as your system's proxy
On Fiddler's File menu, does the Capture traffic item have a checkmark next to it? While Fiddler is running, if you click Tools > WinINET Options > LAN Settings, what do you see?
Do you have any third-party antivirus software installed? Is this machine under the control of Group Policy (e.g. on a corporate network)?
If you start Chrome like so: chrome --proxy-server=http://127.0.0.1:8888, what happens?

Related

Fiddler capturing traffic from a specific process stopped working in Chrome

Open Chrome and navigate to google.com
In Fiddler use the "Any Process" button to select that Chrome tab
In Fiddler the "Any Process" button changes to something like "chrome: 11788"
In the Chrome tab search for something
I expect traffic to be captured by Fiddler but no sessions are displayed. If I use "Any Process", traffic is captured from all applications.
The "Use Filters" checkbox is unchecked in the Filters tab.
I uninstalled and reinstalled Fiddler.
I have the latest version installed.
What else could I do?
Modern versions of Google Chrome use separate process for making requests; so the process of the main window, detected by the 'Any Process' tool, is different.
The team is considering a fix, but it is currently not implemented, see "Target Any Process" feature no longer working with Chrome.
Possible workarounds meanwhile are:
Use other filtering functionality - e.g. capture a request from Chrome, and from the Sessions view choose right click -> Filter now -> Show only process=<process number>.
Filter everything else. In Fiddler, uncheck Tools -> Options -> Connections -> Act as system proxy on startup. Then Start Chrome with manually specified proxy settings, pointing to the port on which Fiddler is listening:
chrome --proxy-server=http://localhost:8888
This way the only captured traffic will be from this instance of Chrome.
Detailed version: Why Fiddler's Process Picker tool doesn't work with Chrome anymore
Brief version: For security and performance reasons Chrome now handles network requests through a separate network service. So when you are pointing the 'Any Process' tool of Fiddler on any Chrome window/tab, you are actually pointing to the UI (browser process) of Chrome browser.
There is one quick workaround for this:
Navigate to chrome://flags/#network-service-in-process in your Chrome browser. You would see Runs network service in-process and its value would be set to Default.
Change the value from Default to Enabled. By doing this you are telling Chrome to handle network requests from the browser process which also handles the UI.
Restart Chrome. You should now be able to capture network requests by pointing the Any Process tool on any Chrome tab.
Once you are done with your development activities do not forget to set the flag back to Default. This would give better performance.
NOTE: At the point of writing this, I am using Chrome 84.

Burp Interception does not work for localhost in Chrome

I can't intercept requests made by Chrome version 73.0.3683.86 to my localhost site.
Local host site is running on IIS on http://127.0.0.3:80
Burp proxy lister is default one on 127.0.0.1:8080
Interception rules are default one as well
In my LAN settings, "Bypass proxy server for local addresses" is not enabled
When Interception is turned ON and I reload page in Chrome browser, no request is "caught" by Burp, my local site loads and only the external requests are intercepted, such as loading external scripts from CDN.
Also under "Proxy" > "HTTP History" there is only request to external sites, and all requests to http://127.0.0.3:80 are not recorded.
When I reload same page by Internet Explorer 11, initial GET request is intercepted by Burp, as expected. Also "Proxy" > "HTTP History" shows all the requests to local site http://127.0.0.3:80
What is the problem with the Chrome? Thanks!
Found the solution late yesterday. I am using the Chrome extension ProxySwitchy, but it doesn't matter if you use that or the system proxy configuration. The solution works the same way.
You can solve this problem by adding an entry in /etc/hosts file like below
127.0.0.1 localhost
127.0.0.1 somehostname
Now burp will intercept request from somehostname
Which version of Chrome are you using?
Have you tried using the FoxyProxy Chrome extension?
As a workaround, you could modify the hosts file on your machine.
I experienced the same issue when I upgraded from Opera 58.0 to 60.0. I think that this is Chrome related, because I've also experienced it in all other Chrome browsers. Opera 58 utilizes Chrome 71.0.3578.98. Opera 60 utilizes version Chrome 73.0.3683.103. Something was definitely updated in Chrome between these versions to cause this problem to happen.
You have to subtract the implicit bypass rules defined in Chrome (https://chromium.googlesource.com/chromium/src/+/master/net/docs/proxy.md#Implicit-bypass-rules)
Requests to certain hosts will not be sent through a proxy, and will
instead be sent directly.
We call these the implicit bypass rules. The implicit bypass rules
match URLs whose host portion is either a localhost name or a
link-local IP literal. Essentially it matches:
localhost
*.localhost [::1]
127.0.0.1/8
169.254/16
[FE80::]/10
https://chromium.googlesource.com/chromium/src/+/master/net/docs/proxy.md#Bypass-rule_Subtract-implicit-rules
Whereas regular bypass rules instruct the browser about URLs that
should not use the proxy, Subtract Implicit Rules has the opposite
effect and tells the browser to instead use the proxy.
In order to be able to proxy through the loopback interface, you have to add the entry
<-loopback>
in the list of hosts for which you don't want to a proxy. It is a bit confusing, indeed.
Make sure you haven't enabled socks proxy option, it happened with me too and i found the solution when i disabled the socks proxy option, just make sure it's disabled!
Example:
It helped me
I turned on this settings

Making fiddler work with chrome

I want to use fiddler to monitor api calls made by my browser when it visits some pages.
The technology - Fiddler 4.6x, Chrome 56, Firefox 51, Windows 7 64 bit.
The problem - Fiddler does not work with chrome. When I open any page on chrome, I get the error "Your connection is not private: Attackers might be trying to steal your information from website (for example, passwords, messages, or credit cards). NET::ERR_CERT_AUTHORITY_INVALID". FYI, I easily fixed a similar issue with firefox.
Solutions I tried that failed -
Four hours of google and stack overflow did not give me any solutions.
Convert the fiddler cert to pk 7 ??? format.
Import fiddler cert into chrome. Also, grant the cert all kinds of advanced permissions.
Install the fiddler cert with admin rights on windows, by "running" it.
Run chrome and ignore cert errors.
Regenerating the fiddler cert and restarting fiddler and browsers as given in the official fiddler book.
In 2,3 the cert never appeared in trusted cert store, but appeared in personal and immediate cert store. In 1, nothing even happened. Please tell me how I can make this work. Any links to the basics of all this would help.
I was facing similar issue with Fiddler v4.6 and followed these steps:
Fiddler 4.6.1.5+
Click Tools > Fiddler Options.
Click the HTTPS tab.
Ensure that the text says Certificates generated by CertEnroll engine.
Click Actions > Reset Certificates. This may take a minute.
Accept all prompts
Fiddler 4.6.1.4 and earlier
Click Tools > Fiddler Options.
Click the HTTPS tab
Uncheck the Decrypt HTTPS traffic checkbox
Click the Remove Interception Certificates button. This may take a minute.
Accept all of the prompts that appear (e.g. Do you want to delete these certificates, etc)
(Optional) Click the Fiddler.DefaultCertificateProvider link and verify that the dropdown is set to CertEnroll
Exit and restart Fiddler
Click Tools > Fiddler Options.
Click the HTTPS tab
Re-check the Decrypt HTTPS traffic checkbox
Accept all of the prompts that appear (e.g. Do you want to trust this root certificate)
Reference:
https://textslashplain.com/2015/10/30/reset-fiddlers-https-certificates/
I used these two stack overflow posts -
https://superuser.com/questions/145394/windows-7-will-not-install-a-root-certificate
https://superuser.com/questions/647036/view-install-certificates-for-local-machine-store-on-windows-7
I don't know what is happening. One of these posts worked and I got the fiddler cert into the trusted store. But, fiddler still cannot decrypt many websites https traffic, especially that of google.
After I reinstalled fiddler and did what Abir suggested Fiddler still didn't capture any traffic.
In my case it stopped working because I installed a chrome extension named Tunnel Bear, uninstalling the extension solved it for me.
Firefox has its own certificate store so I assume you just installed the DO_NOT_TRUST... Fiddler root cert there and everything worked. Pretty much you should do the same with Windows certificate store in order for Chrome to work. So make sure you remove all the fiddler certificates you previously generated and regenerate.
if fiddler do not capture chrome traffic, one solution is checking extensions. in my case i use zenmate vpn. when i disable this extension, fiddler capture all traffic in chrome

Chrome + gmail high network outbound traffic at startup

I'm fighting against a strange behavior in our office network.
Every morning when we switch on our computers, our network was overload on outbound traffic.
After several test I found a possible cause.
I noticed that when we start Chrome (and gmail?) there is a high traffic generated from my computer to Google servers (e.g.: 74.125.133.132). Here a resource monitor screenshot:
The network traffic doesn't go down until I stop chrome and I start it again.
No extensions installed and every possible traffic generating feature is disabled.
Monitoring the network and restart Chrome every morning is quite annoying. Does someone have a similar behavior and a solution/workaround?
On start up chrome checks weather new update or fixes are available or not..
Or you might be having an chrome extension like _toolbar type, these type of extensions causes a lot of traffic..
Go to settings => extensions => and disable unnecessary and unrecognized extensions..
Hope it solve your problem..

How can I debug an indefinite HTTP request in Chromium/Chrome?

I am troubleshooting an issue where I believe an HTTP request is waiting an indefinite amount of time for a response. In Chromium's developer console, the Network tab does an excellent job at displaying completed traffic and events, but not current ones (that I can see).
How can I debug a lingering HTTP request using Chromium's developer console?
I have had the same issue for quite sometime. On the developer tools Network tab, I can see that all requests match the response on my server log and none is waiting. I even tried to shutdown the server while it is happening, and it still waits indefinitely.
This doesn't happen with Firefox and Opera so I'm inclined to say that it's a chrome bug.
Added: I have also noticed that when I close chrome then open it again, the issue disappears.