I'm on latest Windows 10 Enterprise edition (personal PC).
I have latest Fiddler and Edge browser installed (stable and canary channels).
Fiddler's root certificate is installed and trusted, it can detect and decrypt all HTTPS connections in my computer from all apps, but Windows Defender Application Guard window in Edge fails to connect to the Internet.
how can I fix this so that I can monitor traffic inside WDAG container with Fiddler?
Thanks in advance
Fiddler cannot work with Application Guard because of a small incompatibility.
The Microsoft FAQ about Application Guard has this section:
Microsoft Defender Application Guard requires proxies to have a symbolic name, not just an IP address. IP-Literal proxy settings such as
192.168.1.4:81can be annotated asitproxy:81or using a record such asP19216810010for a proxy with an IP address of192.168.100.10. This applies to Windows 10 Enterprise edition 1709 or higher. These would be for the proxy policies under Network Isolation in Group Policy or Intune.
If you start Fiddler and go to Settings > Network & Internet > Proxy, you will see under "Manual proxy setup" that:
http=127.0.0.1:8888;https=127.0.0.1:8888The problem here is that Application Guard does not accept such a URL, as it requires the proxy to be identified by name and not by IP address.
If you now try to change that URL to https=localhost:8888 so as to give it
a name, and then click the Save button, Fiddler will immediately turn
Capture to Off, and will put up a large notice in yellow saying:
"The system proxy was changed. Click to reenable capturing".
And if you click the yellow header ... the proxy's URL in Settings
returns to http=127.0.0.1:8888;https=127.0.0.1:8888 (!).
As far as I can see, the situation is unsolvable: The two applications are mutually incompatible. This might perhaps be by design.
127.0.0.1 will fail in exactly the same way. You could try to find a debugger that can be configured to use a named proxy, but I can't help you there.
Application Guard Traffic Idenfication - If enabled, Application Guard traffic will be tagged with a X-MS-ApplicationGuard-Initiated header - so I was wondering how is it even possible for someone to do it if these popular tools are failing like this. fiddler would let me easily flag all the traffic containing that header. there is also pac file but when i use it in Fiddler, no traffic goes through it. it's like WDAG bypasses pac file.
hosts file, pointing to PP's IP. Disclaimer: I am a PP developer
It's because underlying it's a VM so couldn't use host's loopback network.
I didn't use fiddle but I did get my VM connect to internet through a proxy
Here's my solution:
install docker desktop. docker provides a special hostname "host.docker.internal" that points to host machine. Any VM including windows defender application guard can take advantage of this.
on host set your system proxy to host.docker.internal:port and you're good to go.
