Can Fiddler retrieve certificate properties

2 posts, 0 answers
  1. Ian
    Ian avatar
    4 posts
    Member since:
    Apr 2015

    Posted 15 Apr 2015 Link to this post

    Hi,

    This may be really obvious question and I am just missing something, but I was wondering can Fiddler retrieve a HTTPS sites certificate details?

    For example when I go to gmail, can Fiddler retrieve the "issued by" or "issued to" certificate information (or even the likes of expiry date)? I am guessing that if Fiddler is set to decrypt HTTPS traffic it wont be able to as the site uses Fiddlers own certificate? So maybe this is impossible, just curious...

    ie something like-  oSession["https-Client-Certificate"].issuedto (which in gmails case would return "*.google.com")

    Hope that makes sense!

    Many thanks,

    Ian

  2. Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 16 Apr 2015 Link to this post

    Howdy, Ian--

    Yes, Fiddler can grab the certificate information, but today that's only if you have enabled HTTPS decryption. You're correct that Fiddler returns its own certificate to the client in that configuration, but that also means that Fiddler must itself verify the server's certificate to ensure that it is free of errors before it returns its own (error-free) certificate to the client.

    You can see the information that Fiddler itself keeps by selecting the CONNECT "Tunnel to" entry in Fiddler's Web Sessions list. Click the TextView response inspector and you'll see text like:

    Encrypted HTTPS traffic flows through this CONNECT tunnel. HTTPS Decryption is enabled in Fiddler, so decrypted sessions running in this tunnel will be shown in the Web Sessions list.

    Secure Protocol: Tls
    Cipher: Rc4 128bits
    Hash Algorithm: Md5 128bits
    Key Exchange: RsaKeyX 2048bits

    == Server Certificate ==========

    [Subject]
    CN=www.bayden.com, OU=Domain Control Validated

    [Issuer]
    CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

    [Serial Number]
    04960D7DDE6D99

    [Not Before]
    11/8/2014 7:22:06 AM

    [Not After]
    4/10/2018 2:36:48 PM

    [Thumbprint]
    743E908834D8A3607BC0F1C59810C81A43EBE5B2

    Now, if you want to get more elaborate information out of the certificate, you can do so by examining the certificate from FiddlerScript while the connection is active; see the Adding Custom Information section of this blog post: http://blogs.telerik.com/fiddler/posts/14-09-30/visualizing-security-information-with-fiddler

    All the best,

    Eric Lawrence
    Telerik
     

    See What's Next in App Development. Register for TelerikNEXT.

     
Back to Top