Is it possible to filter HTTPs traffic?
For example via a TDI filter? Or perhaps you need to use a proxy?
This product seems to do filtering of HTTPS traffic and I'd like to know how it does it, as well as if this is the only way.
How about via the Windows Filtering Platform for Vista and up?
The traffic flowing inside an HTTPS session is opaque to all but the end-points: so, if you require filtering of the said traffic you must either:
In both cases, you could implement this functionality through a "proxy" thereby requiring the "real end-points" to forward their traffic through the said proxy function.
Of course, this pretty much depends but what you mean by "filtering" :-)
Fiddler is simply a proxy; it decrypts HTTPS traffic using a Man-in-the-Middle approach. See https://www.fiddler2.com/fiddler/help/httpsdecryption.asp for more information on this.
With WFP/TDI, you could only see if the the target endpoint (IP+PORT) matches some combination when deciding whether to allow or deny the traffic. If you want to interfere with the traffic itself, you must either be a proxy (see http://fiddler.wikidot.com/fiddlercore) or you need to inject yourself into the pre/post decyrption HTTPS traffic using either an APP-wrapper (not recommended) or a DETOURs like approach.