- I have Fiddler Anywhere Version : 3.1.1Built : Friday, April 1, 2022
- I'm getting the following error when trying to login to a site that uses Google Authentication
I have SSL enabled as well as HTTP 2
I followed this following article to test via Curl: https://docs.telerik.com/fiddler-everywhere/knowledge-base/troubleshoot-traffic-capturing
And that seems to work fine
curl -v --url https://accounts.google.com/ -x 127.0.0.1:8866
* Trying 127.0.0.1:8866...
* Connected to 127.0.0.1 (127.0.0.1) port 8866 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to accounts.google.com:443
> CONNECT accounts.google.com:443 HTTP/1.1
> Host: accounts.google.com:443
> User-Agent: curl/7.79.1
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection Established
< FiddlerGateway: Direct
< StartTime: 16:38:22.875
< Connection: close
<
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
* CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305
* ALPN, server accepted to use h2
* Server certificate:
* subject: OU=Created by http://www.fiddler2.com; O=DO_NOT_TRUST_BC; CN=*.google.com
* start date: Apr 11 00:00:00 2022 GMT
* expire date: Mar 18 00:00:00 2023 GMT
* subjectAltName: host "accounts.google.com" matched cert's "*.google.com"
* issuer: OU=Created by http://www.fiddler2.com; O=DO_NOT_TRUST_BC; CN=DO_NOT_TRUST_FiddlerRoot
* SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x141011400)
> GET / HTTP/2
> Host: accounts.google.com
> user-agent: curl/7.79.1
> accept: */*
>
< HTTP/2 302
< content-type: text/html; charset=UTF-8
< strict-transport-security: max-age=31536000; includeSubDomains
< x-frame-options: DENY
< content-security-policy: script-src 'nonce-VYoRQAxt6ue7JSa7k4ypgQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
< location: https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F
< content-length: 338
< date: Mon, 18 Apr 2022 22:38:23 GMT
< expires: Mon, 18 Apr 2022 22:38:23 GMT
< cache-control: private, max-age=0
< x-content-type-options: nosniff
< x-xss-protection: 1; mode=block
< server: GSE
< set-cookie: __Host-GAPS=1:d7lQPkd-mj-X5xjZLsdLHUWgaG92oA:9aBwNT8dN9_fk9ZE;Path=/;Expires=Wed, 17-Apr-2024 22:38:23 GMT;Secure;HttpOnly;Priority=HIGH
< alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
<
<HTML>
<HEAD>
<TITLE>Moved Temporarily</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
<H1>Moved Temporarily</H1>
The document has moved <A HREF="https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F">here</A>.
</BODY>
</HTML>
* Connection #0 to host 127.0.0.1 left intact
Not sure what else I can do here. What else can I do to debug an application that uses Google Auth? The login process itself is exactly what I'm trying to debug in my application.
I'm using Chrome Version 100.0.4896.127 (Official Build) (x86_64 translated)