Use Fiddler to capture VirtualBox traffic

W00t, using Fiddler to capture data from a VirtualBox machine

The Fiddler program provided by Telerik is awesome, it has the ability to capture traffic, and this means, that it is also able to capture traffic from Virtualbox environments.

In this article, we will take a look on how you can adjust Fiddler so it will capture VirtualBox traffic.

Before we start, we need to:

  • Have the virtualbox machine in the same network as Fiddler
  • Have Fiddler listen on a specific port
  • Have the source IP address of the system that is running Fiddler

In this article, the values for the above are:

  • We have a Windows 7 machine with Internet Explorer
  • We have Fiddler listening on port 1337
  • Our system IP address is 192.168.1.103

Proxy it up with Fiddler

Fiddler has a build in proxy, make use of it. You can adjust the proxy details by navigating to:

  1. Tools
  2. Options
  3. Connections
The proxy windows of Fiddler

In the picture above, you will see that we have enabled “Allow remote computers to connect“, and we have adjusted the Fiddler listen port to ‘1337‘.

The steps to perform are:

  • Enable remote computers to connect
  • Adjust the Fiddler listen port to your preference

The VirtualBox machine

Now that you have adjusted Fiddler to listen, it is time to forward the browser in the VirtualBox VM to Fiddler.

Open your favorite web browser, and navigate to options, once you are at the options screen, forward towards the connections tab and adjust the proxy settings to it will send the data towards the IP address of the machine that is running Fiddler, and on the listening port of Fiddler.

Internet Explorer

In Internet Explorer the order to hold is:

  1. Tools
  2. Internet Options
  3. Connections
  4. LAN Settings
  5. Enable Proxy server: Use a proxy server for your LAN
  6. Provide destination IP address 192.168.1.103 and destination port 1337
  7. Press OK
How to forward your traffic to Fiddler with Internet Explorer

The results

Now navigate to a website with the browser in your VirtualBox environment, and head back to Fiddler. If everything is correct, you should see the traffic of your VirtualBox environment.

Captured traffic from the Windows 7 environment which forwards data to Fiddler running on the host machine.

In a previous post, we discussed how you can crank up Fiddler with malware analysis tools. Combinate that with your Virtualbox environment, and you are up and running to have some fun.