Purpose:
Use fiddler as proxy to sniffer https redfish packets and encrypt the packets for human readable on Windows 10.
Target Audience:
For those whom is familiar with redfish, the different between http and https, proxy as well as the fiddler Windows 10.
Pre-requirement & reference:
Install latest fiddler in your Windows OS.
How to install python3 and pip on Windows 10?
How to install VirtualEnv & Activate of python3 on Windows 10?
Test redfish over https
Test redfish root API via https on web browser
Procedures:
1. Download the trial version fiddler for testing purpose
2. Install the trial version fiddler for testing purpose
3. Launch the fiddler and configure it properly
- In the menu bar, click Tools -> Options
-
- Click HTTPS TAB
- Check the Capture HTTPS Connections
- Check the Decrypt HTTPS traffic
- Select ...from all processes
- Check the Ignore server certification errors (unsafe)
- Click Actions -> Trust Root Certificate
- Click OK to apply changes
Options of fiddler
- In the menu bar, click Tools -> Options
-
- Click Connections TAB
- Check the Fiddler listens on port is 8888
- Check Allow remote computers to connect if only you want to listen traffic from other computer
- Click OK to apply changes
- In the menu bar, click Tools -> WinINET Options to configure proxy of WinINET
-
- The Internet Properties dialog pop up
- Click the Connections TAB
- Click the LAN settings button
-
- The Local Area Network (LAN) Settings dialog pop up
- Check the Use a proxy server for your name
- Click the LAN settings button
- Press Advanced button
- The Proxy Settings dialog pop up
- Key in 127.0.0.1 for both HTTP and Secure text box
- Key in 8888 for both Port of HTTP and Secure
- Click the OK button to apply the changes
- Click Filters on the right panel of fiddler main window
- Check the Use Filters to enable filters
- Select - No Zone Filter - under Use Filters
- Select Show only the following Host for host filtering
- Key the hosts that you want to filter. You can use either IP or domain name and separate by ";"
- Finally, click the Actions button and select the Run the Filterset now to make them effective
4. Test redfish root API on Chrome
- Launch fiddler
- Open an browser and enter the redfish root API (https://<bmc IP>/redfish/v1) in the URL field then press Enter key. And make sure you can see the response as excepted as following
Test redfish root API request and response
- In the fiddler left panel, you will find one packet is captured. That's the redfish root API request and response. Normally, you will lots of packets in the left panel. But we create some filter rules to show what we want to see.
- Click the packet that fiddler capture in the left panel
- Click Inspectors in the upper right panel
- Click Headers in the upper right panel. You can see the request headers.
- Click Raw in the lower right panel. You can see the redfish root API response.
Inspect the redfish root API via https in Fiddler
5. Note
- If you see the response code is 304 (Not modified) instead of 200 (OK) and the Body is 0. Which mean the browser had cache data the same as response. Please try to clear browser's cache. And go back to Fiddler and check the Rules > Performance > Disable Caching menu item. Then try again.
304 (Not modified) because of the cache of browser
4. Test redfish API via python requests
- Launch fiddler
- Open an PowerShell with normal user (not administrator user) and run the following commands.
PS C:\Users\[username]> .\redfish\Scripts\activate
(redfish) PS C:\Users\[username]> cd .\redfish\
(redfish) PS C:\Users\[username]\redfish> python .\aclrf.py -vvv
args.verbose level:3
2021/07/14 15:46:25 simpleExample DEBUG 71 - === Start to of redfish_advantech.__init__ === {__init__}
2021/07/14 15:46:25 simpleExample INFO 73 - BMC=sky7223-bmc.ciot.work, port=443 {__init__}
2021/07/14 15:46:25 simpleExample INFO 264 - --> getRedfishV1 [GET /redfish/v1] {getRedfishV1}
2021/07/14 15:46:25 simpleExample DEBUG 231 - os.name=nt {setProxy}
2021/07/14 15:46:25 simpleExample DEBUG 236 - Windows proxy https: https://127.0.0.1:8888 {setProxy}
2021/07/14 15:46:25 simpleExample DEBUG 248 - url=ParseResult(scheme='https', netloc='sky7223-bmc.ciot.work', path='', params='', query='', fragment='') {setProxy}
2021/07/14 15:46:25 simpleExample DEBUG 252 - self.hostname=sky7223-bmc.ciot.work, self.port=443, self.theTimeout=10 {setProxy}
2021/07/14 15:46:25 simpleExample DEBUG 255 - Start the http connection {setProxy}
2021/07/14 15:46:25 simpleExample INFO 258 - Enable the https proxy(self.hostname) connection to sky7223-bmc.ciot.work via 127.0.0.1:8888(host) {setProxy}
2021/07/14 15:46:25 simpleExample DEBUG 178 - === redfish_advantech.rfRequest === {rfRequest}
2021/07/14 15:46:25 simpleExample DEBUG 193 - headers={'Accept': 'application/json', 'Accept-Encoding': 'identity', 'Connection': 'Keep-Alive', 'OData-Version': '4.0'} {rfRequest}
2021/07/14 15:46:25 simpleExample DEBUG 194 - self.payload=None {rfRequest}
2021/07/14 15:46:25 simpleExample ERROR 219 - check_hostname requires server_hostname {rfRequest}
- If you get the ERROR: check_hostname requires server_hostname
- Check the version of requests
- Upgrade the version of requests
# Check the version of requests
(redfish) PS C:\Users\[username]\redfish> pip list
Package Version
--------------- ---------
certifi 2021.5.30
chardet 4.0.0
decorator 5.0.9
idna 2.10
jsonpatch 1.32
jsonpath-rw 1.4.0
jsonpointer 2.1
lxml 4.6.3
pip 21.1.3
ply 3.11
python-dateutil 2.8.1
redfish 3.0.1
redfishtool 1.1.5
requests 2.25.1
setuptools 57.0.0
six 1.16.0
urllib3 1.26.6
wheel 0.36.2
# Upgrade the version of requests because version 2.25.1 has bugs
(redfish) PS C:\Users\[username]\redfish> python -m pip install requests==2.7.0
Collecting requests==2.7.0
Downloading requests-2.7.0-py2.py3-none-any.whl (470 kB)
|████████████████████████████████| 470 kB 1.3 MB/s
Installing collected packages: requests
Attempting uninstall: requests
Found existing installation: requests 2.25.1
Uninstalling requests-2.25.1:
Successfully uninstalled requests-2.25.1
Successfully installed requests-2.7.0 <- the version of requests has been upgraded
- Run the sample program again and you will see the problem is gone
(redfish) PS C:\Users\[username]\redfish> python .\aclrf.py -vvv
args.verbose level:3
2021/07/14 15:50:33 simpleExample DEBUG 71 - === Start to of redfish_advantech.__init__ === {__init__}
2021/07/14 15:50:33 simpleExample INFO 73 - BMC=sky7223-bmc.ciot.work, port=443 {__init__}
2021/07/14 15:50:33 simpleExample INFO 264 - --> getRedfishV1 [GET /redfish/v1] {getRedfishV1}
2021/07/14 15:50:33 simpleExample DEBUG 231 - os.name=nt {setProxy}
2021/07/14 15:50:33 simpleExample INFO 243 - No 'https' found in the OS env. {setProxy}
2021/07/14 15:50:33 simpleExample DEBUG 248 - url=ParseResult(scheme='https', netloc='sky7223-bmc.ciot.work', path='', params='', query='', fragment='') {setProxy}
2021/07/14 15:50:33 simpleExample DEBUG 252 - self.hostname=sky7223-bmc.ciot.work, self.port=443, self.theTimeout=10 {setProxy}
2021/07/14 15:50:33 simpleExample DEBUG 255 - Start the http connection {setProxy}
2021/07/14 15:50:33 simpleExample DEBUG 178 - === redfish_advantech.rfRequest === {rfRequest}
2021/07/14 15:50:33 simpleExample DEBUG 193 - headers={'Accept': 'application/json', 'Accept-Encoding': 'identity', 'Connection': 'Keep-Alive', 'OData-Version': '4.0'} {rfRequest}
2021/07/14 15:50:33 simpleExample DEBUG 194 - self.payload=None {rfRequest}
2021/07/14 15:50:34 simpleExample INFO 223 - rfRequest [GET /redfish/v1] status_code=200 {rfRequest}
2021/07/14 15:50:34 simpleExample DEBUG 277 - result=
{
"@odata.type": "#ServiceRoot.v1_5_0.ServiceRoot",
"@odata.context": "/redfish/v1/$metadata#ServiceRoot.ServiceRoot",
"@odata.id": "/redfish/v1/", ...... etc.
- And you will see the redfish API request / response in fiddler normally
--- End of this article ---
Comments
0 comments
Please sign in to leave a comment.