Unable to communicate with server

4 posts, 0 answers
  1. Salvatore
    Salvatore avatar
    6 posts
    Member since:
    Aug 2013

    Posted 07 Mar 2014 Link to this post

    Hello,

    I've been trying to debug some network issues of a .NET WinForms-based application, but when the "Decrypt HTTPS traffic" option is enabled in Fiddler (screenshot1), I always experience issues with the application (screenshot2). The "Decrypt HTTPS traffic" is working for HTTPS traffic handled by web-browsers, but it does not work at all with this Windows program, despite the fact that the "response header" to CONNECT <removed>:443 HTTP/1.1 is

    HTTP/1.1 200 Connection Established
    Misc: Proxy-Agent: IWSS

    Is there any way to decrypt HTTPS traffic generated by applications other than web-browsers?
    I guess that the issue may be related to some conflict with the corporate firewall Trend Micro InterScan Web Security Suite (IWSS), but I'd appreciate some ideas / advices.

    Thanks,
    Salvatore
  2. Salvatore
    Salvatore avatar
    6 posts
    Member since:
    Aug 2013

    Posted 07 Mar 2014 in reply to Salvatore Link to this post

    Note: when "Decrypt HTTPS traffic" is not enabled, there are no communication issues with server.
  3. Salvatore
    Salvatore avatar
    6 posts
    Member since:
    Aug 2013

    Posted 07 Mar 2014 Link to this post

    Maybe the Fiddler logs can provide some hints:

    -= Fiddler Event Log =-

    11:48:15:7501 !SecureClientPipeDirect failed: The credentials supplied to the package were not recognized on pipe to (CN=<removed>, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com)
    11:48:15:9691 !SecureClientPipeDirect failed: The credentials supplied to the package were not recognized on pipe to (CN=<removed>, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com)
    11:48:17:7363 !SecureClientPipeDirect failed: The credentials supplied to the package were not recognized on pipe to (CN=<removed>, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com)
    11:48:17:9523 !SecureClientPipeDirect failed: The credentials supplied to the package were not recognized on pipe to (CN=<removed>, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com)
    11:48:18:2104 !SecureClientPipeDirect failed: The credentials supplied to the package were not recognized on pipe to (CN=<removed>, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com)
    11:48:18:4254 !SecureClientPipeDirect failed: The credentials supplied to the package were not recognized on pipe to (CN=<removed>, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com)
    11:48:18:6564 !SecureClientPipeDirect failed: The credentials supplied to the package were not recognized on pipe to (CN=<removed>, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com)
    11:48:18:8704 !SecureClientPipeDirect failed: The credentials supplied to the package were not recognized on pipe to (CN=<removed>, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com) 
  4. Salvatore
    Salvatore avatar
    6 posts
    Member since:
    Aug 2013

    Posted 07 Mar 2014 Link to this post

    I sorted this out removing and re-creating the certificate:

    1) I clicked "Remove Interception Certificates" button in Fiddler's Tools >>> Fiddler Options >>> HTTPS tab.

    2) I re-created and trusted a new certificate

    Now the log tab contains:

    12:01:24:7034 /Fiddler.CertMaker> Invoking makecert.exe with arguments: -r -ss my -n "CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com" -sky signature -eku 1.3.6.1.5.5.7.3.1 -h 1 -cy authority -a sha1 -m 132 -b 03/06/2013
    12:01:24:7054 /Fiddler.CertMaker>1-CreateCert(DO_NOT_TRUST_FiddlerRoot) => (0).

    12:02:12:2504 /Fiddler.CertMaker> Invoking makecert.exe with arguments: -pe -ss my -n "CN=<removed>, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com" -sky exchange -in DO_NOT_TRUST_FiddlerRoot -is my -eku 1.3.6.1.5.5.7.3.1 -cy end -a sha1 -m 132 -b 03/06/2013
    12:02:12:5234 /Fiddler.CertMaker>38-CreateCert(<removed>) => (0). 

    And HTTPS traffic is decoded correctly!

    It may help someone else. :-)

    Salvatore
Back to Top