Troubleshooting - Using Fiddler to capture SOAP payloads

Overview

On occasion in the development of an application to communicate with the time web services API’s it will be necessary to ask our support team for assistance (for many reasons, including for example: how to call a specific method, or an error that is being received). To expedite the research and resolution of issues our support team will often ask you to provide a payload so that they can narrow down / and replicate the issue. If you are utilizing a tool which automatically generates a SOAP request it can sometimes be difficult to do this. This tutorial will focus on one such method of capturing the payload: using the Fiddler application.

Fiddler is a web proxy which can run on a number of different systems and which will log any web traffic made while running it. It also possesses the ability to capture an SSL session, which is required when connecting to time web services.

Note: There is a much simpler version of Fiddler available called FiddlerCap, which allows you to run, capture and quickly save a web session. You are welcome to use this if you would like – for the purposes of this tutorial we focus on the full version of the software.

Step by Step

  1. Download and install Fiddler by clicking here and following the free download link
  2. Under “Rules” select “Remove All Encodings”
  3. Open Fiddler and select Tools > Fiddler Options
  4. Under the “HTTPS” tab, ensure that it is configured to Capture and Decrypt HTTPS traffic. When you select “Decrypt HTTPS Traffic” (1) a message will be displayed indicating that it uses a unique root certificate. It is necessary for this to capture traffic to time web services. If you understand and agree with the message click Yes to trust the root certificate (2) (it can be removed after you have the payload captured). You can optionally set Fiddler to only perform decryption for the *.centralservers.com host (3). Once this is complete, restart Fiddler.
  5. Issue your web service request
  6. In the capture pane you should see something similar to the screenshot below. Select the call to the web service URL and on the right side of the screen ensure that “Inspectors” and “Raw” are selected to show you the raw data that was sent.
  7. Select all of the text for the raw data, this is the payload that you can send to us.
  8. Finally, to remove the Interception certificate used to capture the HTTPS traffic repeat the steps from step 4, only uncheck the capture and decrypt options. Then select “Actions” “Remove Interception Certificates”.