This is a migrated thread and some comments may be shown as answers.

Capture traffic from .Net to web service with client certificate

5 Answers 195 Views
Fiddler Classic
This is a migrated thread and some comments may be shown as answers.
PJ
Top achievements
Rank 1
PJ asked on 09 Apr 2021, 03:35 AM

I'm trying to capture HTTP requests from .Net code running within a website on my local IIS.  The calls are being made by proxy classes generated from a WSDL via a Connected Services reference.  The recipient of the calls is claiming that the requests contain invalid payloads and I want to see the raw outgoing request from my end.

The service my code is calling requires TLS 1.2 and a client certificate.  The code runs fine at runtime as long as I don't have Fiddler in the picture (other than the payload supposedly being incorrect).

I have configured the .Net web app to run through Fiddler as follows:

<defaultProxy enabled="true">
  <proxy proxyaddress="http://127.0.0.1:8888" bypassonlocal="false"  />
</defaultProxy>

 

In Fiddler I can see the CONNECT commands are failing.  I have the Fiddler HTTPS Protocols configured as "<client>;ssl3;tls1.0;tls1.1;tls1.2".  I have exported the client certificate from the certificate store as a .cer and have added the following code to the end of the OnBeforeRequest() method (hostname and cert name changed for illustrative purposes):

if (oSession.HTTPMethodIs("CONNECT"))
{     
    if (oSession.HostnameIs("service.hostname"))
    {
        oSession["https-Client-Certificate"] = "C:\\certs\\Fiddler\\serviceClientCert.cer";
    }     
}

 

The CONNECT request is as follows:

CONNECT service.hostname:443 HTTP/1.1
Host: service.hostname
 
A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.
 
Version: 3.3 (TLS/1.2)
Random: 60 6F C6 38 2E BC 87 BE 57 7C 55 C9 A7 B6 31 42 00 EE 66 35 37 A0 CD 4E 08 42 7D 45 4F 89 A4 CB
"Time": 3/8/2000 8:18:56 AM
SessionID: empty
Extensions:
    server_name service.hostname
    supported_groups    x25519 [0x1d], secp256r1 [0x17], secp384r1 [0x18]
    ec_point_formats    uncompressed [0x0]
    signature_algs  rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha1, ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_sha1, dsa_sha1, rsa_pkcs1_sha512, ecdsa_secp521r1_sha512
    SessionTicket   empty
    extended_master_secret  empty
    renegotiation_info  00
Ciphers:
    [C02C]  TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    [C02B]  TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    [C030]  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    [C02F]  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    [009F]  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
    [009E]  TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
    [C024]  TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
    [C023]  TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
    [C028]  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
    [C027]  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
    [C00A]  TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    [C009]  TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
    [C014]  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    [C013]  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
    [009D]  TLS_RSA_WITH_AES_256_GCM_SHA384
    [009C]  TLS_RSA_WITH_AES_128_GCM_SHA256
    [003D]  TLS_RSA_WITH_AES_256_CBC_SHA256
    [003C]  TLS_RSA_WITH_AES_128_CBC_SHA256
    [0035]  TLS_RSA_WITH_AES_256_CBC_SHA
    [002F]  TLS_RSA_WITH_AES_128_CBC_SHA
    [000A]  SSL_RSA_WITH_3DES_EDE_SHA
 
Compression:
    [00]    NO_COMPRESSION

 

The CONNECT response is as follows:

HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 20:12:56.601
Connection: close
 
fiddler.network.https> HTTPS handshake to service.hostname (for #5) failed. System.ComponentModel.Win32Exception The credentials supplied to the package were not recognized

 

I'm not sure why I'm getting the error or what I can do to rectify the problem.

 

5 Answers, 1 is accepted

Sort by
0
Nick Iliev
Telerik team
answered on 09 Apr 2021, 11:59 AM

Hello PJ Melies,

 

 

You could try the solutions suggested in this forum thread (especially the one for recreating the root trust certificate).

 

Regards,
Nick Iliev
Progress Telerik

Love the Telerik and Kendo UI products and believe more people should try them? Invite a fellow developer to become a Progress customer and each of you can get a $50 Amazon gift voucher.

0
PJ
Top achievements
Rank 1
answered on 09 Apr 2021, 06:52 PM

Thanks for the reply Nick.

When I go into Actions button at Tools -> Options -> HTTPS I see the "Remove Interception Certificates" option but it's disabled.  I did click the Trust Root Certificate option but it made no difference.

0
Nick Iliev
Telerik team
answered on 12 Apr 2021, 06:54 AM

Hi PJ,

 

You could try to reset all Fiddler certificates via the Reset All Certificates option in Tools > Options > HTTPS > Actions.

Also, try to modify the machine.config file and the properties suggested in the following blog:

https://www.telerik.com/blogs/capturing-traffic-from-.net-services-with-fiddler

 

Regards,
Nick Iliev
Progress Telerik

Love the Telerik and Kendo UI products and believe more people should try them? Invite a fellow developer to become a Progress customer and each of you can get a $50 Amazon gift voucher.

0
PJ
Top achievements
Rank 1
answered on 12 Apr 2021, 04:56 PM

Hi Nick,

 

I've Reset All Certificates and updated the machine.config as per the linked the documents but the end results are the same.

Since the service I'm calling requires a client certificate for authentication do I need to setup Fiddler to pass along that client certificate or is it supposed to do that implicitly?

0
Nick Iliev
Telerik team
answered on 13 Apr 2021, 05:45 AM

Hello PJ,

 

The Fiddler certificate can not substitute a specific client certificate. So if your service is using certificate pinning, then you won't be able to capture the secure traffic with Fiddler. Assuming that you are the developer maintaining the service codebase, you could temporarily lower the security requirements (remove the certificate pinning and allow the service to use the Fiddler certificate) so that you could test your case.

 

Regards,
Nick Iliev
Progress Telerik

Love the Telerik and Kendo UI products and believe more people should try them? Invite a fellow developer to become a Progress customer and each of you can get a $50 Amazon gift voucher.

Tags
Fiddler Classic
Asked by
PJ
Top achievements
Rank 1
Answers by
Nick Iliev
Telerik team
PJ
Top achievements
Rank 1
Share this question
or