Http tunneled traffic is not captured

haga-rak / fluxzy.core

Fast and fully streamed Man-On-The-Middle engine and a CLI app to intercept, record and alter HTTP/1.1, H2, websocket traffic over plain or secure channels.

https://docs.fluxzy.io

Other

107 stars 5 forks source link

Http tunneled traffic is not captured #289

Open Tucaninho opened 2 weeks ago

Tucaninho commented 2 weeks ago

Describe the bug The traffic of some applications captured by Fiddler are not shown in Fluxzy, Fiddler marks the traffic as tunneled

Describe the tool and the environment Windows 11, using Fluxizy.Core and Fluxzy.Ddesktop

To Reproduce Steps to reproduce the behavior:

Installed an application that has tunneled traffic, for example metatrader 5
start Fluxzy
start installed application
no traffic is captured

Screenshot This is how Fiddler shows the traffic

Expected behavior capture tunneled traffic as Fiddler does

haga-rak commented 2 weeks ago

Hello,

Even if the traffic is tunneled and not deciphered, Fluxzy Desktop does not show CONNECT requests in the exchange panel. It's by design because CONNECT requests are made between the client and Fluxzy; captured exchanges are only related to communication between Fluxzy and the remote servers.

In the case of Metatrader 5, even if the software is using HTTP CONNECT to initiate a remote connection, I suspect that the underlying protocol is not a regular HTTP/1.1 or H2. That's why no connection can me made.

I'm sorry I can't help you more.

Tucaninho commented 2 weeks ago

I´m still not familiar with your codebase, could you point to the code where I can investigate the HTTP CONNECT message? As I said Fiddler reports it as HTTP so I´d like to understand more