Capture the HTTP Trace Remotely by Fiddler
There are times when we need to capture the HTTP trace of a process, but certain limitations may prevent us from using additional applications like Fiddler directly. This is particularly true in scenarios like capturing the Primary Refresh Token (PRT) during the Windows sign-in process. To address this challenge, this post will guide you through the steps of capturing Fiddler trace remotely on another Windows device.
Setting Up Fiddler on the Capturing Device
- Launch Fiddler: Start by opening Fiddler on the device intended for capturing the logs.
- Configure Fiddler Settings:
- Navigate to Tools > Options > Connections.
- Enable the option “Allow remote computers to connect“
- Restart Fiddler to apply the changes.
Setting Up Fiddler on the Capturing Device
1. Install Fiddler Certificate:
- Open a web browser and visit the Fiddler page to download the certificate.
- Install the downloaded certificate as a trusted root authority.
- Fiddler page URL:
http://<FiddlerMachineIP>:8888
2. Configure Group Policy:
- Open
Gpedit.msc. - Navigate to Computer Configuration > Administrative Templates > Internet Explorer.
- Enable the policy “Make proxy settings per-machine (rather than per-user)“.
This Group Policy setting ensures that the system context proxy adheres to the current user context proxy setting.
3. Set Up Proxy Server:
- Go to Internet Options > Connections > LAN Settings.
- Set up the proxy server using the IP address of the machine running Fiddler.
Capturing the Trace
- Restart Fiddler: On the machine intended for capturing the log, restart the Fiddler application.
- Capture the Trace: You should now be able to see the remote trace in the Fiddler application on the capturing device.
