{"id":18023,"date":"2014-11-06T10:12:39","date_gmt":"2014-11-06T15:12:39","guid":{"rendered":"https:\/\/nuxx.net\/blog\/?p=18023"},"modified":"2014-11-06T10:15:57","modified_gmt":"2014-11-06T15:15:57","slug":"fiddler-for-chained-proxy-authentication","status":"publish","type":"post","link":"https:\/\/nuxx.net\/blog\/2014\/11\/06\/fiddler-for-chained-proxy-authentication\/","title":{"rendered":"Fiddler for Chained Proxy Authentication"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone\" title=\"Using Fiddler to forcibly inject a Basic authorization header into all HTTP\/HTTPS sessions to work around an application which does not prompt for proxy credentials.\" src=\"https:\/\/nuxx.net\/gallery\/d\/106562-1\/fiddler_proxy-authorization_injection.png\" alt=\"\" width=\"586\" height=\"334\" \/><\/p>\n<p>I recently had an\u00a0issue where an application which supports proxies but doesn&#8217;t prompt for credentials needed to\u00a0use a proxy server\u00a0to communicate with the\u00a0internet. The solution? Use <a href=\"http:\/\/www.telerik.com\/fiddler\">Fiddler<\/a> and its <a href=\"http:\/\/fiddlerbook.com\/Fiddler\/Dev\/ScriptSamples.asp\">built in scripting language<\/a> as a secondary proxy chained to the primary, forcibly sending a valid\u00a0authentication header to the proxies.<\/p>\n<p>How does one\u00a0this? Here&#8217;s how, which is a bit more detailed writeup than what&#8217;s found <a href=\"https:\/\/stackoverflow.com\/questions\/2989466\/configuring-fiddler-to-use-company-networks-proxy\">here at Stack Overflow<\/a>. Note that this presumes basic familiarity with Fiddler:<\/p>\n<ol>\n<li>Use Fiddler to watch a session that uses <a href=\"https:\/\/en.wikipedia.org\/wiki\/Basic_access_authentication\">Basic authentication<\/a> to the proxy. Look at one of the requests headers after successful authentication and find the line which\u00a0contains <code>Proxy-Authorization: Basic<\/code>. Copy this value\u00a0to the clipboard. (Example line:\u00a0<code>Proxy-Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQxMg==<\/code>)<\/li>\n<li>In Fiddler, click <em>Rules<\/em>\u00a0\u2192\u00a0<em>Customize Rules<\/em> to open <code>CustomRules.js<\/code> in an editor.<\/li>\n<li>Locate the function <code>OnBeforeRequst<\/code>. The line beginning this will read something like\u00a0<code>static function OnBeforeRequest(oSession: Session)<\/code>\u00a0and is line 159 in the rulset that ships with Fiddler v4.4.9.2 (latest as of November 6, 2014).<\/li>\n<li>Below this, add a line as follows, with the secondary part being the string that was copied in step 1. In this example the bolded portion is what we&#8217;ve added:<br \/>\n<code>[...]<\/code><br \/>\n<code>static function OnBeforeRequest(oSession: Session) {<\/code><br \/>\n<strong><code> \/\/ Inject a Basic\u00a0authentication header<\/code><\/strong><br \/>\n<strong><code> oSession.oRequest[\"Proxy-Authorization\"] = \"Basic Yno5eWw1Oldyb25nLmdvLldheSsyNDA=\";<\/code><\/strong><br \/>\n<code>\/\/ Sample noRule: Color ASPX requests in RED<\/code><br \/>\n<code> \/\/ if (oSession.uriContains(\".aspx\")) { oSession[\"ui-color\"] = \"red\"; }<\/code><br \/>\n<code>[...]<\/code><\/li>\n<li>Save and close <code>CustomRules.js<\/code>. Fiddler will now begin using this modified ruleset. You can observe that this header is now included with every request.<\/li>\n<li>Ensure that your application using Fiddler as its proxy. If the application is local to the computer on which Fiddler is running and uses\u00a0<a href=\"http:\/\/msdn.microsoft.com\/en-us\/library\/windows\/desktop\/aa383630(v=vs.85).aspx\">WinINET<\/a>\u00a0then this is likely automatic.\u00a0If not, it will need to be manually pointed to the\u00a0local proxy. Fiddler can also\u00a0accept connections from computers elsewhere on a network (<em>Tools<\/em>\u00a0\u2192 <em>Fiddler Options&#8230;<\/em>\u00a0\u2192 <em>Connections<\/em>), but configuration of this is beyond the scope of this article. See the Fiddler documentation for more information.<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>I recently had an\u00a0issue where an application which supports proxies but doesn&#8217;t prompt for credentials needed to\u00a0use a proxy server\u00a0to communicate with the\u00a0internet. The solution?&#8230;<\/p>\n<div class=\"more-link-wrapper\"><a class=\"more-link\" href=\"https:\/\/nuxx.net\/blog\/2014\/11\/06\/fiddler-for-chained-proxy-authentication\/\">Continue reading<span class=\"screen-reader-text\">Fiddler for Chained Proxy Authentication<\/span><\/a><\/div>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[],"class_list":["post-18023","post","type-post","status-publish","format-standard","hentry","category-computers","entry"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/nuxx.net\/blog\/wp-json\/wp\/v2\/posts\/18023","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nuxx.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nuxx.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nuxx.net\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nuxx.net\/blog\/wp-json\/wp\/v2\/comments?post=18023"}],"version-history":[{"count":6,"href":"https:\/\/nuxx.net\/blog\/wp-json\/wp\/v2\/posts\/18023\/revisions"}],"predecessor-version":[{"id":18029,"href":"https:\/\/nuxx.net\/blog\/wp-json\/wp\/v2\/posts\/18023\/revisions\/18029"}],"wp:attachment":[{"href":"https:\/\/nuxx.net\/blog\/wp-json\/wp\/v2\/media?parent=18023"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nuxx.net\/blog\/wp-json\/wp\/v2\/categories?post=18023"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nuxx.net\/blog\/wp-json\/wp\/v2\/tags?post=18023"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}