6

I would like to connect to a HTTP Proxy with Fiddler Core.

I'm using the oSession['X-OverrideGateway'] = "HOSTNAME:PORT" code to do it.

Now authentication is needed for the proxy. I see in other question a solution. It says:

oSession.oRequest["Proxy-Authorization"] = "Basic sOMeBASE64eNCODEdSTRING=";

Where the hash at the end is the Base64 coding of the 'username:password'

My question about this workaround:

It results a HTTP_PROXY_AUTHORIZATION HTTP header to my requests. Not just from fiddler to the proxy, but also from the proxy to the web.

Shouldn't it be removed by the proxy?

Is there a workaround with Fiddler so I can connect a HTTP Proxy with credentials without HTTP headers?

I would like to use Fiddler Core.

UPDATE:

As I can see the image

Http Proxy Authentication process

I only have to provide the Proxy-Authorization header if a Proxy Authentication header was in a response with a status code. It seams ok. But in fiddler core how can I reach the previous response? If I just simply save into a field variable it won't work, since the order of the traffic is not

Request, Response, Request, Response, etc.

But mor like

Request, Response (407), Request, Request, etc.

In the 2nd example on the 3rd Request we shouldn't send the Proxy Authorization header but we will, since the last Response was a 407.

Any ideas?

Borislav Ivanov
  • 4,684
  • 3
  • 31
  • 55
Tomi
  • 3,370
  • 1
  • 16
  • 26

1 Answers1

2

HTTP_PROXY_AUTHORIZATION header is required for proxy to work.

Please refer to the HTTP RFC section 4.4 https://www.rfc-editor.org/rfc/rfc7235#section-4.4

As it mentions, if there are multiple proxies in a chain, your proxy server may forward the headers ahead.

The difference you see with Fiddler Core and Proxifier could be due difference in their configuration.

Community
  • 1
  • 1
Amol
  • 1,084
  • 10
  • 20
  • It is not involved in the fiddler **core**. Or am I missing something? – Tomi Dec 05 '18 at 14:41
  • @Tomi not sure, do you mean by it is not involved in fiddler core? Yes, this header is related to HTTP protocol and not specific to fiddler – Amol Dec 06 '18 at 02:48
  • Then how Proxifier works? I can connect to a http proxy with proxifier and this header is not visible – Tomi Dec 06 '18 at 17:26
  • Perhaps your proxy settings for Proxifier and FiddlerCore are different. I have updated my answer with more detail on this. – Amol Dec 07 '18 at 16:51
  • Both the Proxifier and FiddlerCore are connecting to the same proxy. Then I connect to a website. With Fiddler Core the HTTP_PROXY_AUTHORIZATION header is still present while with Proxifier it doesn't. It says: *the Proxy-Authorization header field applies only to the next inbound proxy that demanded authentication using the Proxy-Authenticate field*. I guess it should disappear when the the proxy connects the web. So I guess the proxy is not working well (it not consumes the header). But then how is this being consumed when I do it with Proxifier? No multiple proxies no further configuration – Tomi Dec 09 '18 at 19:19
  • 1
    I am not entirely sure. Either fiddler thinks there’s one more proxy in the chain or it’s a Fiddler Core bug/defect? Maybe it would be worth posting this on fiddler forums at https://www.telerik.com/forums/fiddler – Amol Dec 09 '18 at 19:56
  • Updated the question – Tomi Jan 04 '19 at 17:48