I'm trying to capture HTTP requests from .Net code running within a website on my local IIS. The calls are being made by proxy classes generated from a WSDL via a Connected Services reference. The recipient of the calls is claiming that the requests contain invalid payloads and I want to see the raw outgoing request from my end.
The service my code is calling requires TLS 1.2 and a client certificate. The code runs fine at runtime as long as I don't have Fiddler in the picture (other than the payload supposedly being incorrect).
I have configured the .Net web app to run through Fiddler as follows:
<
defaultProxy
enabled
=
"true"
>
<
proxy
proxyaddress
=
"http://127.0.0.1:8888"
bypassonlocal
=
"false"
/>
</
defaultProxy
>
In Fiddler I can see the CONNECT commands are failing. I have the Fiddler HTTPS Protocols configured as "<client>;ssl3;tls1.0;tls1.1;tls1.2". I have exported the client certificate from the certificate store as a .cer and have added the following code to the end of the OnBeforeRequest() method (hostname and cert name changed for illustrative purposes):
if
(oSession.HTTPMethodIs(
"CONNECT"
))
{
if
(oSession.HostnameIs(
"service.hostname"
))
{
oSession[
"https-Client-Certificate"
] =
"C:\\certs\\Fiddler\\serviceClientCert.cer"
;
}
}
The CONNECT request is as follows:
CONNECT service.hostname:443 HTTP/1.1
Host: service.hostname
A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.
Version: 3.3 (TLS/1.2)
Random: 60 6F C6 38 2E BC 87 BE 57 7C 55 C9 A7 B6 31 42 00 EE 66 35 37 A0 CD 4E 08 42 7D 45 4F 89 A4 CB
"Time": 3/8/2000 8:18:56 AM
SessionID: empty
Extensions:
server_name service.hostname
supported_groups x25519 [0x1d], secp256r1 [0x17], secp384r1 [0x18]
ec_point_formats uncompressed [0x0]
signature_algs rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha1, ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_sha1, dsa_sha1, rsa_pkcs1_sha512, ecdsa_secp521r1_sha512
SessionTicket empty
extended_master_secret empty
renegotiation_info 00
Ciphers:
[C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
[C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
[C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
[C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[009F] TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
[009E] TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
[C024] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
[C023] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
[C028] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
[C027] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
[C00A] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
[C009] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
[C014] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
[C013] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
[009D] TLS_RSA_WITH_AES_256_GCM_SHA384
[009C] TLS_RSA_WITH_AES_128_GCM_SHA256
[003D] TLS_RSA_WITH_AES_256_CBC_SHA256
[003C] TLS_RSA_WITH_AES_128_CBC_SHA256
[0035] TLS_RSA_WITH_AES_256_CBC_SHA
[002F] TLS_RSA_WITH_AES_128_CBC_SHA
[000A] SSL_RSA_WITH_3DES_EDE_SHA
Compression:
[00] NO_COMPRESSION
The CONNECT response is as follows:
HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 20:12:56.601
Connection: close
fiddler.network.https> HTTPS handshake to service.hostname (for #5) failed. System.ComponentModel.Win32Exception The credentials supplied to the package were not recognized
I'm not sure why I'm getting the error or what I can do to rectify the problem.