I am trying to inspect the outbound traffic from HashiCorp Vault running locally (via
vault.exe). I’ve configured Fiddler and have set up a local trusted certificate that works really well for inspecting outbound HTTP(S) traffic from any of the running applications on the system. However, I cannot seem to be able to intercept the traffic that goes from
vault.exe to Azure (I am connecting to AAD from Vault).
If I set up the proxy (through
HTTPS_PROXY environment variables) to point to Fiddler (127.0.0.1:8888), I get TLS handshake timeouts:
Error writing data to azure/roles/my-role-new: Error making API request. URL: PUT http://127.0.0.1:8200/v1/azure/roles/my-role-new Code: 500. Errors: * 1 error occurred: * error loading Application: azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to https://graph.microsoft.com/v1.0/applications/1a833120-46e4-42bc-9853-a27cd361c674d: StatusCode=0 -- Original Error: adal: Failed to execute the refresh request. Error = 'Post "https://login.microsoftonline.com/b811a652-39e6-4a0c-b563-4279a1dd5012/oauth2/token?api-version=1.0": proxyconnect tcp: net/http: TLS handshake timeout'
Is there a way for me to pass the Fiddler certificate to
vault.exe so that I can decrypt the outbound traffic for diagnostics/debugging?