My WCF services are using basic authentication over https. To prove this is a safe combination I wanted to sniff the trafic between client and host. Problem is a tool like Wireshark cannot sniff localhost. You’ll find good explanation why here.
The solution is to use the Microsoft Loopback adapter. Below the steps I took to get it working on my Windows 7 machine:
install the loopback adapter(not working link)
install the loopback adapter- assign ip address 10.0.0.10 to the loopback adapter
- in WCF use (C# Sample):
- “localhost” for hosting the service
- “10.0.0.10” to connect from clients
- download rawcap
- start commandline rawcap to capture trafic over 10.0.0.10 to loopback.cap file
rawcap 10.0.0.10 loopback.cap
- Do your testing. You’ll see the number of rawcap Packets increase
- <CTRL> + c to stop rawcap
- Load the loopback.cap file in Wireshark for viewing
- Select the first packet with source and destination 10.0.0.10 and pick context menu “Follow TCP stream”
Left the unencrypted messages with the Authorization header in the black box. Right the captured SSL trafic, not actual readble. Conversation is about twice the size though.
edit: Added C# Sample
.NET Development by Eric 
Pingback: Best Off .NET development by Eric | .NET Development by Eric