This is a migrated thread and some comments may be shown as answers.

Fiddler as HTTPS MITM proxy

3 Answers 1489 Views
Fiddler Classic
This is a migrated thread and some comments may be shown as answers.
Eric
Top achievements
Rank 1
Eric asked on 09 Feb 2021, 03:04 AM

I'm trying to set up Fiddler as a transparent MITM proxy for HTTPS traffic.  It works fine for HTTP traffic, but am having trouble figuring out configuration for HTTPS.

 

I have Fiddler running on a Windows host, listening on port 8888.

On my linux host, I have added the following rule:\

iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to 192.168.5.212:8888

 

This works great for regular HTTP traffic. I see any request on the linux host get transparently redirected to fiddler.

However, for HTTPS traffic, this does not work as Fiddler's 8888 port is not HTTPS and consequently the following fails to connect/handshake:

iptables -t nat -A OUTPUT -p tcp --dport 443 -j DNAT --to 192.168.5.212:8888

I dug around and found that I can enable an additional listener using QuickExec by doing the following in the QuickExec window

iptables -t nat -A OUTPUT -p tcp --dport 443 -j DNAT --to 192.168.5.212:8888
 

curl https://www.google.com

 

I have installed the FidderRoot CA certificate and this gets me one step closer, but my curl/wget from my host fails in that it receives a certificate to CN=localhost and not the actual host I'm trying to reach.

 

How can I setup Fiddler for it to auto-sign the certificates from port 8889 with proper MITM certificates?

Thanks,

Eric

3 Answers, 1 is accepted

Sort by
0
Nick Iliev
Telerik team
answered on 09 Feb 2021, 09:25 AM

Hello Eric B,

 

While Fiddler is not meant to work as a transparent proxy (refer to this thread).
However, you could actually try to install the Fiddler certificate on the test device - at least this is the step you are missing compared to the mitmproxy instructions (see here). You mentioned that you had installed the certificate, but is it installed in the certificate store of the application you are using to execute the requests?
Try passing the Fiddler certificate when executing the curl command.

curl --proxy 127.0.0.1:8888  --cacert <path-to-fiddler-certifiacate> https://example.com/


 

Regards,
Nick Iliev
Progress Telerik

Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.

0
Eric
Top achievements
Rank 1
answered on 09 Feb 2021, 03:01 PM

Hi Nick,

Thanks, but this is not the issue with the Fiddler Root certificate.  `curl -vvI` shows me that the received certificate is properly signed (by FiddlerRoot), but the endpoint itself (8889) is signed by someone/something other than the expected host (in this case, it is the hostname that is specified when setting up the additional port).

If I try to use port 8888 as my proxy port, my requests fail.

I am intentionally not using the `--proxy` option to curl as I am trying to get this working in transparent mode.  My end game is not curl but another application which has no proxy configuration options.

Is there no way to get Fiddler working as a transparent proxy for SSL connections?

Thanks,

Eric

0
Nick Iliev
Telerik team
answered on 11 Feb 2021, 01:36 PM

Hi Eric B,

 

Indeed Fiddler does not support working as a transparent proxy. Looking into a similar discussion, I found a possible solution suggested here. Could you try this one and let us know if that works out at your end?

 

 

Regards,
Nick Iliev
Progress Telerik

Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.

Tags
Fiddler Classic
Asked by
Eric
Top achievements
Rank 1
Answers by
Nick Iliev
Telerik team
Eric
Top achievements
Rank 1
Share this question
or