-
Notifications
You must be signed in to change notification settings - Fork 57
Home
#MAPI Inspector for Fiddler User Guide
The Messaging Application Programming Interface (MAPI) Inspector for Fiddler allows a Fiddler-user to view Outlook client requests and Exchange server responses that use the MAPI over HTTP protocol, which is specified in MS-OXCMAPIHTTP. The MAPI Inspector for Fiddler is an extension to Fiddler.
Table of Contents:
- Configuring Fiddler to Capture Outlook/Exchange Traffic
- Viewing Outlook/Exchange Traffic
- Viewing the Request and the Response of a Session
##Configuring Fiddler to Capture Outlook/Exchange Traffic
If Outlook/Exchange traffic is encrypted, you must configure Fiddler to decrypt HTTPS traffic; otherwise, Fiddler is not able to display the request and response data in the MAPI Inspector. You may also want to configure Fiddler to filter out traffic that is not Outlook/Exchange.
###Enabling Decryption
To enable HTTPS traffic decryption in Fiddler, go to Tools > Fiddler Options. On the HTTPS tab of the Fiddler Options dialog box, check the box labeled Capture HTTPS CONNECTs; next, check the box labeled Decrypt HTTPS traffic. To focus on Outlook/Exchange traffic and to save CPU cycles and memory, you may want to exclude certain traffic, such as the traffic of a browser, from being decrypted. The dropdown box that is just below the Decrypt HTTPS traffic label allows you to select which processes will have traffic decrypted.
After enabling HTTPS traffic decryption, Fiddler generates a self-signed root certificate and prompts you to trust this certificate. To complete the configuration of Fiddler for traffic decryption, you must trust the Fiddler root certificate when prompted to do so.
###Filtering
When capturing Outlook/Exchange traffic, you may want to filter out the non-Outlook/Exchange traffic. The Filters tab, which, along with other tabs, is located on the right side of the Fiddler user-interface, provides a variety of filtering options. The filters that you configure are applied against traffic as it is captured. The screenshot in Figure 1 shows an example of a filter that removes all traffic that is not hosted by outlook.office365.com. The particular host that your Outlook client uses may be different.
XXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Figure 1: A filter that that removes all traffic that is not hosted by outlook.office365.com
For complete details about Fiddler decryption, the Fiddler root certificate, filtering, or configuring other options in Fiddler, see the Fiddler Help documentation or consult the book, Debugging with Fiddler, by Eric Lawrence.
##Viewing Outlook/Exchange Traffic
Each request from the Outlook client and the corresponding response from the Exchange server compose a single transaction, which is represented as a web session in Fiddler. Each web session appears as a single entry in the Web Sessions List, which is displayed on the left side of the Fiddler user-interface.
Certain information about a web session is displayed in the columns of the Web Sessions List. For the MAPI over HTTP protocol, a column labeled MS Protocol is displayed to specify the top-level protocol that is being used for the session. The screenshot in Figure 2 shows two MAPI over HTTP sessions: one on the Mailbox server endpoint (session #123), indicated by "/mapi/emsmdb/" at the beginning of the URL, and the other on the Address Book server endpoint (session # 114), indicated by "/mapi/nspi/" at the beginning of the URL.
XXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Figure 2: A view of the Web Sessions List showing two MAPI over HTTP sessions
For complete details about how to use the Web Sessions List to aid analysis of HTTP traffic, see the Fiddler Help documentation or consult the book, Debugging with Fiddler, by Eric Lawrence.
##Viewing the Request and the Response of a Session
You can use the MAPI Inspector to view the request and the response of a MAPI over HTTP session. The MAPI Inspector is located on the Inspectors tab. To view the request/response of a particular MAPI over HTTP session that is displayed in the Web Sessions List, double-click on the session or select the session and press enter. Either of these actions activates the MAPI Inspector.
The request and response appear in the top panel and bottom panel, respectively, of the MAPI Inspector. Within each panel, the MAPI Inspector displays the parsed data on the left side and the raw data on the right side. The screenshot in Figure 3 shows the request and response in the MAPI Inspector.
XXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Figure 3: The MAPI Inspector displays the request and the response of a MAPI over HTTP session
The request/response data is parsed into fields according to MS-OXCMAPIHTTP section 2.2.4 for the Mailbox server endpoint and according to MS-OXCMAPIHTTP section 2.2.5 for the Address Book server endpoint. If a field has subfields, the field's name is preceded by a plus sign, which can be clicked to expose the subfields and their values. The screenshot in Figure 4 shows fields expanded to expose their subfields.
XXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Figure 4: A field's subfields can be exposed by expanding the field