This is a migrated thread and some comments may be shown as answers.

Create https post request

5 Answers 804 Views
Windows
This is a migrated thread and some comments may be shown as answers.
Jamie
Top achievements
Rank 1
Jamie asked on 02 Jun 2016, 05:59 PM

Windows 10 + all updates, Fiddler 4 + all updates

How do i create a request which uses https and a certificate for authentication?

When i visit the URL in a browser where i need to send this request, i cant access it. Installing a cert allows me access the site/services through a browser.

So i start up fiddler and two things are happening:

1. Visiting the https site throws a 403 error when fiddler is running. How could i avoid this from happening? It seems all https connections have similar issues i.e. i have dropbox installed. It syncs fine. As soon as i start running fiddler it states the connection is not secure and doesnt sync until i exit fiddler. 

2. I would like to generate a request. I know how to create a request but how do i configure this certificate to be accepted so it doesnt throw an error?

5 Answers, 1 is accepted

Sort by
0
Tsviatko Yovtchev
Telerik team
answered on 07 Jun 2016, 05:34 PM
Hi,

I am not really sure I completely understand your scenario.

When you start Fiddler all your HTTPS traffic results in error 403? Or is it just one particular site that returns that with Fiddler running? 

Regards,
Tsviatko Yovtchev
Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
0
Jamie
Top achievements
Rank 1
answered on 08 Jun 2016, 07:28 PM

What i mean is if i have Dropbox running and start Fiddler - dropbox then shows the warning "Cant establish a secure connection". Closing fiddler resolves this error.

The second issue is, i would like to generate a https request (which includes a certificate for authentication).

So what i have is a certificate and a https URL. If i visit the https URL in a browser i cant access the website. I install the certificate and all is good. I'm mentioning this so you are aware that i can access the https URL in a browser ONLY after installing the cert.

So now i would like to do the same and view the request sent in fiddler.

What i am now trying to do is write a request in fiddler to see what request is successful (so i can see the XML generated). For that reason i load up fiddler and through a web browser i navigate to the https URL. The website reports a 403 error, fiddler reports a 403 error. As soon as i STOP capturing traffic OR close fiddler i can then access the https URL from a browser without the 403 error.

The reason why i am accessing the https site from a browser with fiddler running is to see what XML is being generated which i cant at present.

Is this any clearer?

0
Tsviatko Yovtchev
Telerik team
answered on 14 Jun 2016, 05:12 PM
OK, I see now.

Please, try this - http://docs.telerik.com/fiddler/Configure-Fiddler/Tasks/RespondWithClientCert to make Fiddler use your client certificate. That should make things work.

As for the Dropbox issue is only Dropbox affected or is all the HTTPS traffic unavailable  when Fiddler runs?

Regards,
Tsviatko Yovtchev
Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
0
Jamie
Top achievements
Rank 1
answered on 12 Jul 2016, 02:12 PM
Dropbox - for example im capturing traffic in Fiddler. I make a change in a dropbox folder so the changes are synced across my devices. When i make this change, dropbox never syncs when Fiddler is running and capturing. If i pause capturing or close Fiddler dropbox syncs successfully.

Going back to point 1 from my original thread, when i visit a https URL in a browser (with a cert) Fiddler still shows 403. Its as if authentication is broken between fiddler and the site? Closing Fiddler allows me to access the site successfully.
0
Tsviatko Yovtchev
Telerik team
answered on 15 Jul 2016, 02:34 PM
Hi,

Rather unfortunately, you will not be able to run DropBox traffic through FIddler. They use a security feature called certificate pinning on their app, i.e. their app expects incoming traffic to be encrypted with one specific Dropbox owned certificate and hence the app fails when traffic is encrypted with Fiddler generated certificate. There is really nothing you can do at present to alleviate the situation - https://www.dropboxforum.com/hc/en-us/community/posts/201976235-Disabling-Certificate-Pinning-

As for the other problem - did you complete the steps at http://docs.telerik.com/fiddler/Configure-Fiddler/Tasks/RespondWithClientCert ?

Regards,
Tsviatko Yovtchev
Telerik by Progress
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Tags
Windows
Asked by
Jamie
Top achievements
Rank 1
Answers by
Tsviatko Yovtchev
Telerik team
Jamie
Top achievements
Rank 1
Share this question
or