Ok, strange one here. Someone asked me if they could use Fiddler to see the HTTPS traffic going back and forth between their machine and the O365 environment.
Yep of course! You just turn Fiddler on, use the guide to decode the HTTPS traffic using the tool. Like here – https://docs.telerik.com/fiddler/configure-fiddler/tasks/decrypthttps.
Simple I say… then the person asked, “when I’m using PowerShell to access my Teams environment”.
Ok that’s slightly more complicated, but after looking around and trying to work around the technology, I figured it out.
Force Fiddler to see the PowerShell Commands
First run up a Windows PowerShell session in administrator mode. Then type this in:
netsh winhttp set proxy localhost:8888
Then close all the PowerShell sessions. Every single one of them please. That previous command should have sent all traffic going via winhttp to the localhost on 8888 (which is exactly the port that Fiddler uses).
Next fire up Fiddler (I’m assuming that you followed the link above, on how to decrypt HTTPS locally).
Then start up PowerShell again.
Connect to your Teams / O365 environment, start your Fiddler trace (it starts automatically, but just in case…) and do some PowerShell:
Then stop the tracing in Fiddler.
Remove the forwarding to Fiddler
You can then execute this command on the PowerShell administrator session:
netsh winhttp reset proxy
And that will stop the traffic from the PowerShell going to the Fiddler proxy.
When you look at your Fiddler, you should have loads of traffic, well and some from the PowerShell session AND all in orderly JSON format 🙂
So there you go, you can use Fiddler when gathering traces of the HTTPS traffic going over a PowerShell session.
I expect you can use Charles as well, just have to adjust the proxy setting when you use the netsh.
Cheers!
