I have two .Net apps running on IIS servers that talk to each other with API calls.
I have an error that indicates some garbage (or non-encoded) characters are in them and would like to prove that before talking to dev's and perhaps even fix it myself.
Our apps don't have very much in the way of in-built logging so was starting to use a MITM type proxy to see the JSON in the body on the HTTPS posts.
This is more complicated than I hoped as HSTS is blocking the proxy's root cert (so was thinking of installing mine), http is not an option as by default hsts is also ensuring https,
However, I think this is getting complex, so I am stopping, and going back to first principles.
So my question is, as I have full access to all the machines and certificates being used, is there a better way to capture and see the JSON that one IIS based .net app is sending to the other?