How to use Fiddler with Windows Defender Application Guard on Edge browser

windows-10 security microsoft-edge windows-defender fiddler

I'm on latest Windows 10 Enterprise edition (personal PC).

I have latest Fiddler and Edge browser installed (stable and canary channels).

Fiddler's root certificate is installed and trusted, it can detect and decrypt all HTTPS connections in my computer from all apps, but Windows Defender Application Guard window in Edge fails to connect to the Internet.

enter image description here enter image description here enter image description here

how can I fix this so that I can monitor traffic inside WDAG container with Fiddler?

Thanks in advance


Solution 1:

Fiddler cannot work with Application Guard because of a small incompatibility.

The Microsoft FAQ about Application Guard has this section:

How do I configure Microsoft Defender Application Guard to work with my network proxy (IP-Literal Addresses)?

Microsoft Defender Application Guard requires proxies to have a symbolic name, not just an IP address. IP-Literal proxy settings such as 192.168.1.4:81 can be annotated as itproxy:81 or using a record such as P19216810010 for a proxy with an IP address of 192.168.100.10. This applies to Windows 10 Enterprise edition 1709 or higher. These would be for the proxy policies under Network Isolation in Group Policy or Intune.

If you start Fiddler and go to Settings > Network & Internet > Proxy, you will see under "Manual proxy setup" that:

  • The setting "Use a proxy server" has turned itself to On
  • Address has become http=127.0.0.1:8888;https=127.0.0.1:8888

The problem here is that Application Guard does not accept such a URL, as it requires the proxy to be identified by name and not by IP address.

If you now try to change that URL to https=localhost:8888 so as to give it a name, and then click the Save button, Fiddler will immediately turn Capture to Off, and will put up a large notice in yellow saying: "The system proxy was changed. Click to reenable capturing". And if you click the yellow header ... the proxy's URL in Settings returns to http=127.0.0.1:8888;https=127.0.0.1:8888 (!).

As far as I can see, the situation is unsolvable: The two applications are mutually incompatible. This might perhaps be by design.

Solution 2:

It's because underlying it's a VM so couldn't use host's loopback network.

I didn't use fiddle but I did get my VM connect to internet through a proxy

Here's my solution:

  1. install docker desktop. docker provides a special hostname "host.docker.internal" that points to host machine. Any VM including windows defender application guard can take advantage of this.

  2. on host set your system proxy to host.docker.internal:port and you're good to go.

Related

No sound - how can I undo 'sc delete AudioEndpointBuilder'?
How to limit the slides that are part of a "dropped slide"?
Trying to run a Macro as part of a Rule in Outlook
How do I remove the blank spaces before a certain character using notepad++
How to reduce the vertical whitespace between contiguous bullet points in MS PowerPoint
Using a wildcard in a condition to match reading of a file
Unsupported Model for windows 10
Telling whether an Excel file was created/accessed with cracked version of the software
Is there a way to make an USB 1.1 device be detected as an USB 2.0 device
Is there a Windows script to disable & enable the Intel GPU?
Why does my CPU stops after Windows getting boot windows 10?
ISP Replaces SSL Certificates... Any Solution?