Windows 10 + all updates, Fiddler 4 + all updates
How do i create a request which uses https and a certificate for authentication?
When i visit the URL in a browser where i need to send this request, i cant access it. Installing a cert allows me access the site/services through a browser.
So i start up fiddler and two things are happening:
1. Visiting the https site throws a 403 error when fiddler is running. How could i avoid this from happening? It seems all https connections have similar issues i.e. i have dropbox installed. It syncs fine. As soon as i start running fiddler it states the connection is not secure and doesnt sync until i exit fiddler.
2. I would like to generate a request. I know how to create a request but how do i configure this certificate to be accepted so it doesnt throw an error?
5 Answers, 1 is accepted
I am not really sure I completely understand your scenario.
When you start Fiddler all your HTTPS traffic results in error 403? Or is it just one particular site that returns that with Fiddler running?
Regards,
Tsviatko Yovtchev
Telerik
Rank 1
What i mean is if i have Dropbox running and start Fiddler - dropbox then shows the warning "Cant establish a secure connection". Closing fiddler resolves this error.
The second issue is, i would like to generate a https request (which includes a certificate for authentication).
So what i have is a certificate and a https URL. If i visit the https URL in a browser i cant access the website. I install the certificate and all is good. I'm mentioning this so you are aware that i can access the https URL in a browser ONLY after installing the cert.
So now i would like to do the same and view the request sent in fiddler.
What i am now trying to do is write a request in fiddler to see what request is successful (so i can see the XML generated). For that reason i load up fiddler and through a web browser i navigate to the https URL. The website reports a 403 error, fiddler reports a 403 error. As soon as i STOP capturing traffic OR close fiddler i can then access the https URL from a browser without the 403 error.
The reason why i am accessing the https site from a browser with fiddler running is to see what XML is being generated which i cant at present.
Is this any clearer?
Please, try this - http://docs.telerik.com/fiddler/Configure-Fiddler/Tasks/RespondWithClientCert to make Fiddler use your client certificate. That should make things work.
As for the Dropbox issue is only Dropbox affected or is all the HTTPS traffic unavailable when Fiddler runs?
Regards,
Tsviatko Yovtchev
Telerik
Rank 1
Going back to point 1 from my original thread, when i visit a https URL in a browser (with a cert) Fiddler still shows 403. Its as if authentication is broken between fiddler and the site? Closing Fiddler allows me to access the site successfully.
Rather unfortunately, you will not be able to run DropBox traffic through FIddler. They use a security feature called certificate pinning on their app, i.e. their app expects incoming traffic to be encrypted with one specific Dropbox owned certificate and hence the app fails when traffic is encrypted with Fiddler generated certificate. There is really nothing you can do at present to alleviate the situation - https://www.dropboxforum.com/hc/en-us/community/posts/201976235-Disabling-Certificate-Pinning-
As for the other problem - did you complete the steps at http://docs.telerik.com/fiddler/Configure-Fiddler/Tasks/RespondWithClientCert ?
Regards,
Tsviatko Yovtchev
Telerik by Progress