Feature: Collect logs for requests in Fiddler trace

[madhavpatel6]

Issue by bongiovimatthew-microsoft
Wednesday Feb 07, 2018 at 23:46 GMT
Originally opened as microsoft/adfsLogTools#9

---

Fiddler captures HTTP requests and saves a set of files that can be parsed. Details on Fiddler serialization

The EventLog script can do the following steps to get the logs associated with the requests in a Fiddler trace:

1. Open "raw" folder in the Fiddler .saz file, find all <sessid#>_c.txt files
2. Locate the client requests to ADFS (parse the requests for URLs containing "adfs/ls")
3. Pull out the "client-request-id" query string parameter (might need to also look in _s.txt in the case where the server returns the ID, but the client never redirects with it)
4. Send the correlation ID to Get-ADFSEvents to collect the events associated with the current request
5. Repeat 1-4 for each independent correlation ID that gets discovered (as a Fiddler trace could contain multiple requests)

The current script should be altered to include a -FiddlerTrace parameter, which takes the filepath to the Fiddler trace.

An example execution would be:

Get-ADFSEvents -Logs Security, Admin, Debug -FiddlerTrace c:\fiddlerTrace.saz -Server *