Create https post request

6 posts, 0 answers
  1. Jamie
    Jamie avatar
    5 posts
    Member since:
    Apr 2014

    Posted 02 Jun Link to this post

    Windows 10 + all updates, Fiddler 4 + all updates

    How do i create a request which uses https and a certificate for authentication?

    When i visit the URL in a browser where i need to send this request, i cant access it. Installing a cert allows me access the site/services through a browser.

    So i start up fiddler and two things are happening:

    1. Visiting the https site throws a 403 error when fiddler is running. How could i avoid this from happening? It seems all https connections have similar issues i.e. i have dropbox installed. It syncs fine. As soon as i start running fiddler it states the connection is not secure and doesnt sync until i exit fiddler. 

    2. I would like to generate a request. I know how to create a request but how do i configure this certificate to be accepted so it doesnt throw an error?

  2. Tsviatko Yovtchev
    Admin
    Tsviatko Yovtchev avatar
    409 posts

    Posted 07 Jun Link to this post

    Hi,

    I am not really sure I completely understand your scenario.

    When you start Fiddler all your HTTPS traffic results in error 403? Or is it just one particular site that returns that with Fiddler running? 

    Regards,
    Tsviatko Yovtchev
    Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  3. Jamie
    Jamie avatar
    5 posts
    Member since:
    Apr 2014

    Posted 08 Jun in reply to Tsviatko Yovtchev Link to this post

    What i mean is if i have Dropbox running and start Fiddler - dropbox then shows the warning "Cant establish a secure connection". Closing fiddler resolves this error.

    The second issue is, i would like to generate a https request (which includes a certificate for authentication).

    So what i have is a certificate and a https URL. If i visit the https URL in a browser i cant access the website. I install the certificate and all is good. I'm mentioning this so you are aware that i can access the https URL in a browser ONLY after installing the cert.

    So now i would like to do the same and view the request sent in fiddler.

    What i am now trying to do is write a request in fiddler to see what request is successful (so i can see the XML generated). For that reason i load up fiddler and through a web browser i navigate to the https URL. The website reports a 403 error, fiddler reports a 403 error. As soon as i STOP capturing traffic OR close fiddler i can then access the https URL from a browser without the 403 error.

    The reason why i am accessing the https site from a browser with fiddler running is to see what XML is being generated which i cant at present.

    Is this any clearer?

  4. Tsviatko Yovtchev
    Admin
    Tsviatko Yovtchev avatar
    409 posts

    Posted 14 Jun Link to this post

    OK, I see now.

    Please, try this - http://docs.telerik.com/fiddler/Configure-Fiddler/Tasks/RespondWithClientCert to make Fiddler use your client certificate. That should make things work.

    As for the Dropbox issue is only Dropbox affected or is all the HTTPS traffic unavailable  when Fiddler runs?

    Regards,
    Tsviatko Yovtchev
    Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  5. Jamie
    Jamie avatar
    5 posts
    Member since:
    Apr 2014

    Posted 12 Jul in reply to Tsviatko Yovtchev Link to this post

    Dropbox - for example im capturing traffic in Fiddler. I make a change in a dropbox folder so the changes are synced across my devices. When i make this change, dropbox never syncs when Fiddler is running and capturing. If i pause capturing or close Fiddler dropbox syncs successfully.

    Going back to point 1 from my original thread, when i visit a https URL in a browser (with a cert) Fiddler still shows 403. Its as if authentication is broken between fiddler and the site? Closing Fiddler allows me to access the site successfully.
  6. Tsviatko Yovtchev
    Admin
    Tsviatko Yovtchev avatar
    409 posts

    Posted 15 Jul Link to this post

    Hi,

    Rather unfortunately, you will not be able to run DropBox traffic through FIddler. They use a security feature called certificate pinning on their app, i.e. their app expects incoming traffic to be encrypted with one specific Dropbox owned certificate and hence the app fails when traffic is encrypted with Fiddler generated certificate. There is really nothing you can do at present to alleviate the situation - https://www.dropboxforum.com/hc/en-us/community/posts/201976235-Disabling-Certificate-Pinning-

    As for the other problem - did you complete the steps at http://docs.telerik.com/fiddler/Configure-Fiddler/Tasks/RespondWithClientCert ?

    Regards,
    Tsviatko Yovtchev
    Telerik by Progress
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Back to Top