How to implement a http proxy for localhost in windows? - c++

So that all browser request(no matter firefox or IE) will be sending out via the proxy automatically without any configuration.
Is it kind of thing possible?

What do you want with the proxy? Fiddler is automaticly set as a proxy for ie when it is active. Firefox needs manual configuration. But there is no traffic possible as long fiddler is active without using the proxy.
fiddler

Related

Is it possible to capture requests with Postman standalone app?

I was wondering - is it possible to capture requests with Postman standalone app, when requests are issued NOT by a browser, but a Console App or a Windows service? My app is making AJAX calls to a server, I want these calls to be captured with Postman app.
Can you set a proxy for your Console App/Windows service? If yes, then it might be possible.
You need to get the port number from Postman's proxy setting and the IP address from your computer. Apply these two as the proxy for your app, and Postman should hopefully be able to listen in to your requests.
Here's the blogpost from where I found this out.

can proxy server set cookie?

can the proxy server intercept my https request and set cookies before actually sending the request?
I'm going a GET on an url from chrome browser. In the development tools, under "Network", I noticed that the first request, the one that I made, has cookies set. but I did not set any cookies.
any thoughts?
No it can't. To proxy HTTPS requests your browser issues HTTP CONNECT command (https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/CONNECT). Proxy then creates a tunnel between the browser and a target server.
A conventional proxy can neither view nor manipulate a TLS-encrypted data stream, so a CONNECT request simply asks the proxy to open a pipe between the client and server. The proxy here is just a facilitator - it blindly forwards data in both directions without knowing anything about the contents. The negotiation of the TLS connection happens over this pipe, and the subsequent flow of requests and responses are completely opaque to the proxy.
It cannot modify or see what is being transferred as it is protected by TLS encryption.
The only way to modify HTTPS conenctions on the fly is if you install some external CA certificates on your computer. This is known as MITM Attack.

CORS HTTPS-to-HTTP webservice in Chrome Extension

I am writing a 'Content Script' based extension for Chrome that works on GMail (HTTPS). It needs to access a web service on our website, which is currently on HTTP only. Other than getting an SSL, is there any alternative to get an AJAX GET/POST call working between these two?
I think you can : https://developer.chrome.com/extensions/xhr
But be aware that without https someone can see and change everything your extension send or receive with your website.
You should implement https as soon as possible to avoid any security issue.

Fiddler blocks some HTTPS connections like Dropbox

I work on a project which make ajax query to a webservice so I use fiddler to see JSON responses.
But I have encounter troubles using Fiddler. When I launch it on my laptop, Dropbox can't synchronize my files anymore but I can debug my ajax requests. The real problem is when I use Fiddler on my desktop computer, all my requests to my WebService are blocked. My WebService runs on localhost.
I don't understand how it works, can you help me?
Dropbox connections don't work because that application uses a feature called "Certificate Pinning" that reject's Fiddler's HTTPS interception certificate. Why this happens is discussed in the Fiddler book, but you can configure Fiddler not to decrypt dropbox.exe's connections which resolves the issue.
To avoid blocking DropBox App traffic while Fiddler is running, you can use Tools > Fiddler Options > HTTPS to either only decrypt Browser traffic or you can configure Fiddler not to decrypt traffic to *.dropbox.com.
The issue with your "WebService" is almost certainly completely unrelated. You need to be far more specific for anyone to help: What is the client? What is the service written in? What do you see in Fiddler when this happens?

Disabling HTTPS in Axis2 web service

I have created an Axis2 web service from Netbeans and deployed it successfully in Tomcat 6 on my web server.
When I use for instance SoapUI or Taverna to consume the web service, the server offers both HTTP and HTTPS methods to invoke it. However, using the HTTPS method renders a 404 error. (Probably because there is a server admin panel running on port 8443, but that doesn't matter right now.)
The problem is that my web service clients default to using the HTTPS service. I figured the simplest thing I could do to get the basic service to work, would be to disable the HTTPS endpoint, as the HTTP version runs flawlessly and I don't need the added security. But now I've spent hours on finding out how to do that, without success. The WSDL returned by Axis2 contains entries for HttpsSoap11Endpoint but the WSDL that's bundled in my .AAR file after the build does not.
Does anybody know how to make Axis2 offer just HTTP endpoints?
In axis2.xml, comment out the https transport receiver to disable the HTTPS endpoint.