I'm evaluating Fiddler Everywhere, and trying troubleshoot a java application.
Initially Fiddler shows a warning that it cant decrypt HTTPS, so I install the root certificate into Arch and trust it, set Fiddler to use system proxy, and then set up the application to point to Fiddlers proxy.
The warning in Fiddler then disappears, so it gives the impression I've done everything right
At this point it can show HTTPS connections (although they are shown as HTTP, and METHOD is always CONNECT, rather than the GET I was expecting to see).
It's also then able to show HTTP(S) headers, but never the actual decrypted response or request body
Any help appreciated thanks
1 Answer, 1 is accepted
Hello Charles,
Seeing the CONNECT Tunnel means that the proxy is working but the TLS handshake fails and you are seeing only the proxy CONNECT request which is made through HTTP. The reason for the TLS handshake to fail is that the Fiddler CA is not installed, so the request ends before the proxy is able to send the actual GET, POST or other HTTPS request. In order to enable the capturing of secure traffic (HTTPS), you will need to "instruct" your Java application to respect and trust the Fiddler Everywhere root certificate authority (CA). One possible approach is to install the Fiddler CA in the JVM keystore. Refer for more details in the following documentation article:
Note that the article uses commands that may need modification in Arch Linux. It was originally written for Windows users, where a global environment variable called JAVA_HOME can exist (if preset).
Another approach you can try is using the Fiddler's independent terminal instance and, if possible, to launch your Java application through that instance. The Fiddler's terminal instance is preconfigured to go through the Fiddler proxy, so any child processes will also use the preset proxy.
Regards,
Nick Iliev
Progress Telerik
Love the Telerik and Kendo UI products and believe more people should try them? Invite a fellow developer to become a Progress customer and each of you can get a $50 Amazon gift voucher.
Rank 1
Hi Nick,
Thanks a lot for getting back to me, It's given me some great starting points
I've got alot of work to do I guess. The app is a third party app (now discontinued), wrapped in element for its frontend, and then wrapped again as an AppImage so it can run on linux.
Terminal mode capturing has the same issue, although perhaps not surprising given the complexity of the app stack
Trying to pick the bones out of all this so I can get access to modifying the keystore config.
Thanks
Charles