Updated: May 20, 2016
The Microsoft-PEF-WebProxy provider enables you to focus on capturing traffic at the Application layer of the network stack. It is based on Fiddler and enables you to capture unencrypted HTTP traffic to and from a client web browser on computers running the Windows 7 and later operating systems. However, the PEF-WebProxy provider will not capture unencrypted HTTP browser traffic unless you configure Internet options to use a proxy server for the LAN.
To use the PEF-WebProxy provider, you must have the Fiddler library from Telerik installed. If you have not already installed this library, you can download it here. Note that if you select the WebProxy provider without having this library installed when you are configuring a Live Trace Session, or when specifying it in a PowerShell script, you will receive an error message that asks you to download the Fiddler library.
The Microsoft-PEF-WebProxy provider is used by the Message Analyzer Pre-Encryption for HTTPS Trace Scenario to capture client browser traffic. When you use this provider, it also installs and registers the HTTP proxy on the machine that is running Message Analyzer, where it is configured as a system proxy for Microsoft Windows Internet (WinInet) Services. The HTTP proxy is then substituted for the proxy server when a trace is started so that it can intercept and capture unencrypted HTTPS traffic. The proxy server target is restored when the trace is complete.
As the system proxy, all HTTPS requests from WinInet flow through the HTTP proxy before reaching target web servers. Similarly, all HTTPS responses flow through the HTTP proxy before being returned to the client application.
The settings that you can configure for the WebProxy provider are described in WebProxy Filters. This includes settings that you can specify for Hostname Filter and Port Filter in the Advanced Settings-Microsoft-Pef-WebProxy dialog. In addition, you have the option to specify HTTPS Client Certificate information in this dialog as well.
Similar to other system ETW providers that are registered on your system, you have the option to specify ETW event Keyword configurations and error Level filter settings for the Microsoft-Pef-WebProxy provider, to further refine the scope of events to be captured. The settings for these filters are available on the ETW Core tab of the Advanced Settings – Microsoft-Pef-WebProxy dialog. By default, all events are delivered by the Microsoft-Pef-WebProxy provider when no Keywords are selected. If you specify a particular Keyword, then the provider will deliver the events that are enabled by that Keyword only, if they occur in a trace. It also follows that multiple events are delivered when multiple Keywords are selected.
To learn more about configuring event Keyword and error Level filters for ETW providers, see System ETW Provider Configuration Settings.
To learn more about the predefined Trace Scenarios that are provided with every Message Analyzer installation, see the Built-In Trace Scenarios topic.