Is there any way to decrypt TLS 1.3 yet? Some app's have started using TLS 1.3 only, so proxying my phone through Fiddler leaves me with undecryptable tunnels only.
An example of such a capture is attached.
Best regards,
Jack
3 Answers, 1 is accepted
0
Alexander
Telerik team
answered on 15 Feb 2019, 12:17 PM
Hello,
Rather unfortunately, the short answer is no, Fiddler does not support TLS 1.3 yet. The long answer - Fiddler's support for TLS 1.3 is coupled with .NET Framework's support for TLS 1.3. This means that Fiddler can have support for TLS 1.3 only after .NET Framework add support for it. As of this page there is no word from Microsoft if and when this is going to happen.
Regards,
Alexander
Progress Telerik
Do you want to have your say when we set our development plans?
Do you want to know when a feature you care about is added or when a bug fixed?
Explore the
Telerik Feedback Portal
and vote to affect the priority of the items
This is Sad for everyone that .NET Framework doesn't support the latest TLS1.3. Many web applications are now using the latest TLS version. Really looking forward to it. Until it support, is there a simple tool like fiddler that also supports TLS1.3
0
Eric R | Senior Technical Support Engineer
Telerik team
answered on 04 Dec 2019, 09:21 PM
Hi Cora,
Unfortunately, we are unaware of any other tools like Fiddler that support TLS 1.3. However, Fiddler includes the <client> token and will offer TLS/1.3 if the client does.
With that said, there are different ways a website or mobile application could block a Man-in-the-Middle Attack from Decrypting SSL traffic. The most well-known is is Certificate Pinning. Essentially, if the client-server key-chain is not exact then the traffic cannot be decrypted. This is the most likely cause for not being able to decrypt traffic using Fiddler.
Let me provide an example. I can see that as of today, the domain i.instagram.com from the screenshot provided in the Original Post hasn't enabled the TLS 1.3 or SSLv3 protocols which means these sessions will appears as Tunnels in Fiddler. This is for security reasons.
In the above example, Fiddler is probably not the best tool to use. Fiddler works best when the developer has access to the application source and certificates.
I hope this helps. Please let me know if you have any additional questions. Thank you for using the Fiddler forums.
Regards,
Eric R | Technical Support Engineer
Progress Telerik
Do you want to have your say when we set our development plans?
Do you want to know when a feature you care about is added or when a bug fixed?
Explore the
Telerik Feedback Portal
and vote to affect the priority of the items