search

telerik / fiddler-everywhere

This public repository aims at providing a convenient way for users of Fiddler Everywhere to report issues they may encounter while using the tool.
7 stars 0 forks source link

HTTP/2 Without TLS #16

Open Leonardo-Ferreira opened 2 months ago

Leonardo-Ferreira commented 2 months ago

Is your feature request related to a problem? Please describe. Problem: Fiddler Everywhere only sends HTTP/2 requests if the scheme is HTTPS

Describe the solution you'd like Just send the HTTP/2 request without TLS

Additional context I know its not the standard good practice, but its a part of life

NickIliev commented 2 months ago

@Leonardo-Ferreira,

Currently, Fiddler only supports HTTP/2 over HTTPS. Most client applications, including most browsers, do not support HTTP/2 over HTTP, which is why we are not planning on releasing this feature at the moment. However, we are open to reconsidering this decision if the demand for this feature increases in the future.

anadius commented 2 months ago

I'm trying to open a PCAP file with HTTP/2 traffic with no encryption (h2c). Sadly that doesn't work in Fiddler. I know there are a lot of challenges with proxying traffic like that but what about only parsing it in imported sessions?

NickIliev commented 2 months ago

@anadius Indeed, at this very moment, Fiddler Everywhere does not support HTTP/2 traffic over HTTP (no TLS), which is why similar PCAP files can't be opened.

The team will research and consider implementing support for HTTP/2 over HTTP or at least having the option to load and visualize such sessions. That said, if possible, please share a sample PCAP file with the h2c session.

anadius commented 2 months ago

I'm afraid I can't share my own PCAP file since it contains sensitive data (I'll explain below why there's sensitive data and no TLS). Thankfully Wireshark provides some sample file on their page together with instructions how to reproduce it yourself.

As for my traffic - I have a program that I couldn't get to work with Fiddler. Turns out it doesn't use system proxy. It implements custom connect, send and recv functions. I've found a project that hooks to those functions and dumps unencrypted data - it's saved into a valid PCAP file (TCP handshake, proper seq and ack values, all is there). HTTP/1 traffic was correctly shown in Fiddler, HTTP/2 was not.

I was able to parse the traffic with scapy, but that only parses the frames, it doesn't give you request-response pairs. After testing several other programs I gave up and went back to square one. I was looking for a way to force all internet traffic through a proxy and finally found a solution that works and doesn't even require a second machine. mitmproxy in a local redirect mode. With that I can capture the traffic from everything or just selected programs, including non-HTTP traffic, both TCP and UDP. HTTP/2 traffic is displayed properly, it even parses protobuf data in gRPC traffic (the same way protoc --decode_raw does, since it doesn't have access to the .proto files).