Fiddler uses - configure to fetch HTTPS, prompt "Disable decryption" "Click Configure"

When I set up Fiddler to grab HTTPS, the browser always said: this certificate is not trusted; Did not have a nap at noon afternoon has been in a daze, do for a long time, finally remembered that is the certificate of the problem; Baidu has a good answer, here to share! To friends who have the same problem, but also as a record of their own. (PS: I like to use Firefox, so I set it in Firefox, other things are similar, this kid said clearly)

— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — – the following is a reprint content — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — the from@ Han Zichi————————————————

How do I catch HTTPS requests with Fiddler

After installing Fiddler, it captures our HTTP requests every time we open our browser and type in a URL. (Fiddler works as a proxy Web server, using a proxy address of 127.0.0.1 and port of 8888. Fiddler automatically sets up the proxy when the browser is open and unlogs the proxy when the browser is closed, without affecting other applications. However, if we want to catch HTTPS requests, we need to make some additional Settings.

To grab HTTPS JS content, Fiddler must decrypt HTTPS traffic. However, the browser will check the digital certificate and discover that the session was eavesdropped. To fool browsers, Fiddler re-encrypts HTTPS traffic using another digital certificate. After Fiddler is configured to decrypt HTTPS traffic, it automatically generates a CA certificate named DO_NOT_TRUST_FiddlerRoot and uses the CA to issue TLS certificates for each domain name. If the DO_NOT_TRUST_FiddlerRoot certificate is included in the trusted CA list of the browser or other software, the browser or other software will consider the HTTPS session to be trusted and will no longer display a certificate error warning.

First, open Fiddler and select [Tools] -> [Fiddler Options] -> [HTTPS] from the menu bar. Check the Options shown in the picture below

When checked, Fiddler will prompt you to install a certificate. After installing, click “Export Root..” in the image above. Button to download the certificate to the desktop.

The certificate is then imported into the browser. Using Chrome as an example, choose Settings -> Manage Certificates.. Just import the certificate saved on your desktop (other browsers are similar and usually have a “certificate” option set).

You can also double-click the downloaded certificate to install it.

We open www.baidu.com and are happily catching HTTPS requests!

If you’re careful, you’ll notice that HTTPS requests are intermixed with HTTP requests, and the session Host parameter is a weird “Tunnel to. “To put it simply, fiddler acts as a proxy for forwarding HTTPS requests, I can CONNECT it, so I can ignore it.

Ps: It is said that if you want to catch MOBILE HTTPS requests, you also need to install certificates on the phone!

mo4tech.com (Moment For Technology) is a global community with thousands techies from across the global hang out!Passionate technologists, be it gadget freaks, tech enthusiasts, coders, technopreneurs, or CIOs, you would find them all here.

Fiddler uses — configure to fetch HTTPS, prompt “Disable decryption” “Click Configure”

How do I catch HTTPS requests with Fiddler

Fiddler uses — configure to fetch HTTPS, prompt “Disable decryption” “Click Configure”

How do I catch HTTPS requests with Fiddler

Related Posts

M23/33/35p embedded: ARM Cortex-M kernel (3.2) – For Security

How many levels of Python salary have you worked for? What is the current tier?

What kind of existence is a programmer? (Good Programmer’s Guide)