This is a migrated thread and some comments may be shown as answers.

Can Fiddler retrieve certificate properties

1 Answer 2879 Views
Windows
This is a migrated thread and some comments may be shown as answers.
Ian
Top achievements
Rank 1
Ian asked on 15 Apr 2015, 11:38 PM

Hi,

This may be really obvious question and I am just missing something, but I was wondering can Fiddler retrieve a HTTPS sites certificate details?

For example when I go to gmail, can Fiddler retrieve the "issued by" or "issued to" certificate information (or even the likes of expiry date)? I am guessing that if Fiddler is set to decrypt HTTPS traffic it wont be able to as the site uses Fiddlers own certificate? So maybe this is impossible, just curious...

ie something like-  oSession["https-Client-Certificate"].issuedto (which in gmails case would return "*.google.com")

Hope that makes sense!

Many thanks,

Ian

1 Answer, 1 is accepted

Sort by
0
Eric Lawrence
Telerik team
answered on 16 Apr 2015, 03:27 PM
Howdy, Ian--

Yes, Fiddler can grab the certificate information, but today that's only if you have enabled HTTPS decryption. You're correct that Fiddler returns its own certificate to the client in that configuration, but that also means that Fiddler must itself verify the server's certificate to ensure that it is free of errors before it returns its own (error-free) certificate to the client.

You can see the information that Fiddler itself keeps by selecting the CONNECT "Tunnel to" entry in Fiddler's Web Sessions list. Click the TextView response inspector and you'll see text like:

Encrypted HTTPS traffic flows through this CONNECT tunnel. HTTPS Decryption is enabled in Fiddler, so decrypted sessions running in this tunnel will be shown in the Web Sessions list.

Secure Protocol: Tls
Cipher: Rc4 128bits
Hash Algorithm: Md5 128bits
Key Exchange: RsaKeyX 2048bits

== Server Certificate ==========

[Subject]
CN=www.bayden.com, OU=Domain Control Validated

[Issuer]
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

[Serial Number]
04960D7DDE6D99

[Not Before]
11/8/2014 7:22:06 AM

[Not After]
4/10/2018 2:36:48 PM

[Thumbprint]
743E908834D8A3607BC0F1C59810C81A43EBE5B2

Now, if you want to get more elaborate information out of the certificate, you can do so by examining the certificate from FiddlerScript while the connection is active; see the Adding Custom Information section of this blog post: http://blogs.telerik.com/fiddler/posts/14-09-30/visualizing-security-information-with-fiddler

All the best,

Eric Lawrence
Telerik
 

See What's Next in App Development. Register for TelerikNEXT.

 
Tags
Windows
Asked by
Ian
Top achievements
Rank 1
Answers by
Eric Lawrence
Telerik team
Share this question
or