- I have Fiddler Anywhere Version : 3.1.1Built : Friday, April 1, 2022
- I'm getting the following error when trying to login to a site that uses Google Authentication
I have SSL enabled as well as HTTP 2
I followed this following article to test via Curl: https://docs.telerik.com/fiddler-everywhere/knowledge-base/troubleshoot-traffic-capturing
And that seems to work fine
curl -v --url https://accounts.google.com/ -x 127.0.0.1:8866
* Trying 127.0.0.1:8866...
* Connected to 127.0.0.1 (127.0.0.1) port 8866 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to accounts.google.com:443
> CONNECT accounts.google.com:443 HTTP/1.1
> Host: accounts.google.com:443
> User-Agent: curl/7.79.1
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection Established
< FiddlerGateway: Direct
< StartTime: 16:38:22.875
< Connection: close
<
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
* CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305
* ALPN, server accepted to use h2
* Server certificate:
* subject: OU=Created by http://www.fiddler2.com; O=DO_NOT_TRUST_BC; CN=*.google.com
* start date: Apr 11 00:00:00 2022 GMT
* expire date: Mar 18 00:00:00 2023 GMT
* subjectAltName: host "accounts.google.com" matched cert's "*.google.com"
* issuer: OU=Created by http://www.fiddler2.com; O=DO_NOT_TRUST_BC; CN=DO_NOT_TRUST_FiddlerRoot
* SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x141011400)
> GET / HTTP/2
> Host: accounts.google.com
> user-agent: curl/7.79.1
> accept: */*
>
< HTTP/2 302
< content-type: text/html; charset=UTF-8
< strict-transport-security: max-age=31536000; includeSubDomains
< x-frame-options: DENY
< content-security-policy: script-src 'nonce-VYoRQAxt6ue7JSa7k4ypgQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
< location: https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F
< content-length: 338
< date: Mon, 18 Apr 2022 22:38:23 GMT
< expires: Mon, 18 Apr 2022 22:38:23 GMT
< cache-control: private, max-age=0
< x-content-type-options: nosniff
< x-xss-protection: 1; mode=block
< server: GSE
< set-cookie: __Host-GAPS=1:d7lQPkd-mj-X5xjZLsdLHUWgaG92oA:9aBwNT8dN9_fk9ZE;Path=/;Expires=Wed, 17-Apr-2024 22:38:23 GMT;Secure;HttpOnly;Priority=HIGH
< alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
<
<HTML>
<HEAD>
<TITLE>Moved Temporarily</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
<H1>Moved Temporarily</H1>
The document has moved <A HREF="https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F">here</A>.
</BODY>
</HTML>
* Connection #0 to host 127.0.0.1 left intact
Not sure what else I can do here. What else can I do to debug an application that uses Google Auth? The login process itself is exactly what I'm trying to debug in my application.
I'm using Chrome Version 100.0.4896.127 (Official Build) (x86_64 translated)
2 Answers, 1 is accepted
Hello Warrick,
You should be able to capture Google Authentication traffic from any browser that uses the system proxy (and thus the Fiddler Everywhere proxy), so you are likely facing any issue related to the specific app that uses the GA. That said, you can check the following:
- Try to switch to the default browser and retry the GA login with another browser.
- If you are using Google Chrome, make sure to update it to the latest version.
- Check if the application that is using the GA login is not listed as Less Secure app and try to turn off that option.
- Try to reset your Fiddler root certificates. In case, you are using a browser that doesn't respect the system keychain, you will need to add the Fiddler root certificate in the browser certificate store.
Additionally, please elaborate more on the following:
1. Is the issue you describe happening entirely within the browser (and if so, which browser is used)?
2. Is the site that utilizes the GA login and which you are trying to debug a public site? If so, please share its URL so that we can test the behavior on our side.
3. Is the same behavior observed if you uncheck the "Ignore server certificate errors (unsafe)" option from the HTTPS settings?
4. Is the same behavior observed if you uncheck the "Enable HTTP/2 support" option from the Connections settings?
Regards,
Nick Iliev
Progress Telerik
Love the Telerik and Kendo UI products and believe more people should try them? Invite a fellow developer to become a Progress customer and each of you can get a $50 Amazon gift voucher.
Rank 1
Iron
1. Is the issue you describe happening entirely within the browser (and if so, which browser is used)?
Yes
2. Is the site that utilizes the GA login and which you are trying to debug a public site? If so, please share its URL so that we can test the behavior on our side.
Yes, https://oreid.io/
3. Is the same behavior observed if you uncheck the "Ignore server certificate errors (unsafe)" option from the HTTPS settings?
I can't get that far now. Things are so painfully slow that I can't get to that point. See videos listed in response to Question 4 below.
4. Is the same behavior observed if you uncheck the "Enable HTTP/2 support" option from the Connections settings?
https://youtu.be/Ue5UhfIseu4In the 1st part of the video I show how the site loads without Fiddler Anywhere running. Then at 85 seconds I launch Fiddler anywhere and you see how everything comes to a grinding hault.
https://youtu.be/Ue5UhfIseu4?t=85
Then in this video, I disable the "Ignore server certificate errors (unsafe)" and "Enable HTTP/2 support"
https://youtu.be/IDqd16BhUCk
Thank you for the provided details! I have a few suggestions that you can try and see if they have an effect:
1) Do not use the "Open Browser" option in Fiddler Everywhere. This Chrome instance is automatically configured as a test browser and when Google services detect that, you will not be able to login to a Google account. Only use a normal browser instance with capturing turned in Fiddler Everywhere.
2) Switch off the "Stream" option for responses in Fiddler Everywhere. It might interfere with the specific response the browser expects during the login process and cause it to fail.
3) Disable HTTP/2 support. In your second video, you disable it, but then use the "Open Browser" option, which will not work for different reasons as I mentioned above.
Finally, if possible, try updating your Chrome version to a newer release. We are testing using the current official build (100.0.x) and the problem you have might be a caused by combination of the Fiddler Everywhere proxy and the insecure (old) browser version.
Rank 1
Iron
Wow, thank you! that did seem to fix it.
2 above) Switch off the "Stream" option for responses in Fiddler Everywhere. seems to have made a HUGE difference.
I did also upgrade Chrome at the same time, so that could have helped.
I'm curious how Google detects that I'm using a test browser when use I the "Open Browser" option?