Remote debugging

Describing how to configure and use the remote debugging feature of XAML Spy.


XAML Spy is able to spy on apps that run on remote devices. This feature is required for a number of scenarios;

  • remote debug a mobile app running on an actual phone device
  • remote debug an Android app in a Android emulator
  • remote debug an iOS app running in a iOS simulator on an MacOS machine

Most Windows apps do not require remote debugging. Silverlight, WPF, and UWP apps running on the same machine where XAML Spy is installed, will connect using localhost.

Configure remote debugging

For remote debugging to work, remote apps need to be able to open a TCP connection to the machine running the XAML Spy Service. First of all XAML Spy needs to be configured to allow remote apps to connect. Next to that the firewall (if enabled) needs to be configured to allow inbound TCP connnections to the XAML Spy Service. Both XAML Spy and the firewall need to be configured on the machine running the XAML Spy Service or else remote debugging will not work.

Firewall configuration is easy, the XAML Spy installer can configure the Windows Firewall automatically for you. Continue reading to learn more about the specifics of configuring remote debugging.

XAML Spy configuration

Enabling remote debugging is a configuration setting available in the XAML Spy settings. Navigate to settings > xaml spy service and check the option Enable remote debugging. When disabled, incoming connections that originate from an IP address other than the XAML Spy service address will be ignored. Remote XAML apps trying to connect to a XAML Spy service having remote debugging disabled will encounter a connection lost (or similar) error message.

Remote debugging requires at least one public facing IP address to be used by the XAML Spy service. If you host the XAML Spy service on the loopback interface (localhost, only, remote debugging will not work. Either select the any IP address or a specific public facing IP address.

Do not forget to click the apply changes button after changing the XAML Spy service settings. Only then the XAML Spy Windows service is restarted and will use the new configuration settings. For more information about configuring the XAML Spy service, see this tutorial.

Automatic firewall configuration

The section discusses how to automatically configure the Windows Firewall. When using other firewall products, you’ll need to apply similar settings manually. Windows Firewall disallows remote TCP connections to the XAML Spy service by default. Either configure the Windows Firewall automatically during XAML Spy installation, or configure the firewall manually as is described in the section below. The following image shows the XAML Spy install dialog for automatic firewall configuration.

When configured automatically, the XAML Spy installer adds the following inbound rule to the Windows Firewall;

Rule name XAML Spy
Allowed program [InstallDir]XamlSpyService.exe
Protocol and ports Any
Scope Remote IP addresses from the local subnet only
Profile All (domain, private and public)

An outbound rule does not need to be configured in the Windows Firewall. By default outbound connections that do not match a rule are allowed.

Manual firewall configuration

Follow these steps to manually configure the Windows Firewall.

  1. Open the Windows Firewall advanced settings (Control Panel > System and Security > Windows Firewall > Advanced settings)
  2. Right click Inbound Rules and select New Rule… to open the New Inbound Rule Wizard.
  3. Select Program rule and go to the next screen
  4. Select the [InstallDir]XamlSpyService.exe program path and click next
  5. Select Allow the connection and go to the next screen
  6. Apply to all profiles (domain, private and public)
  7. And provide a name for the inbound rule in the final screen.
  8. Double the created XAML Spy rule and select the Scope tab
  9. In the Remote IP Address section, select the Local subnet from the predefined set of computers.

Security considerations

XAML Spy connections are password protected. To further restrict access to the XAML Spy service you may consider the following options;

Protocol and ports

The Windows Firewall allows rules to be defined for programs and for protocols and ports. By allowing access to the XamlSpySvc.exe program, you do not need to specify a protocol or port range. If you need to limit access to the protocol and port, make sure the protocol is set to TCP and the port is set to the same port configured in the XAML Spy Service settings.

Local IP addresses

Limit access to specific local IP addresses. You may want to limit access to a specific public facing IP address when your machine has multiple public facing IP addresses configured.

Remote IP addresses

Limit access to specific remote IP addresses. By default the XAML Spy rule allows connections from IP addresses in the local subnet. You can further limit access by providing specific IP addresses for remote devices.

Profile restrictions

The XAML Spy inbound rule is configured for all firewall profiles (domain, private and public). The domain profile applies to networks where the host system can authenticate to a domain controller. The private profile is a user-assigned profile and is used to designate private or home networks. The public profile is used to designate public networks such as Wi-Fi hotspots at coffee shops, airports, and other locations. Depending on your situation you may choose to disable the XAML Spy rule for certain profiles.

Local vs remote apps

Remote debugging is not required in all scenarios. If you do not require remote apps to connect, you may choose to disable remote debugging in the XAML Spy configuration and disable the XAML Spy rule in your firewall.

Connect to a remote XAML Spy service

Once remote debugging is configured properly a remote app can connect to the XAML Spy Service. When referencing the XamlSpy nuget package, a remote connection will be setup automatically. When connecting manually, you will need to provide the correct remote IP address. For step-by-step tutorials on connecting manually see the How to connect documentation.

Once a remote connection has been established, the remote app automatically appears in the XAML Spy explorer. An app is identified as remote by the IP address of the remote machine it’s running on.

When the firewall is configured to disallow access, the following error message is shown in the XAML app trying to connect. The error message is an indication that the firewall is actively preventing access to the XAML Spy Service.