Fiddler Not Able to Decrypt Traffic while MITM Proxy Works Fine

Hello Nick,

The error message TlsFatalAlertReceived illegal_parameter(47) indicates that the server rejected a parameter during the TLS handshake. This usually happens due to a mismatch or incompatibility between Fiddler Everywhere’s certificate or protocol settings and the strict security requirements of the target server.

Common Causes

• SSL/TLS Pinning: Many apps, especially high-profile ones like Facebook, use SSL/TLS pinning. This security measure blocks interception and decryption by proxies—even if you have installed and trusted the Fiddler root certificate on your device.
• Certificate Trust Issues: If the generated Fiddler certificate has expired, is not fully trusted, or is incompatible, the handshake will fail.
• Protocol or Cipher Mismatch: The server may require specific TLS versions or ciphers that Fiddler cannot offer, especially if custom certificate engines are used.

Troubleshooting Steps

To help narrow down the issue, please clarify:

• Is the Fiddler root certificate installed and marked as trusted on your device (that includes the remote device if the traffic is coming from a remote device)?
• Have your tried explicitly enablling or disable the HTTP/2 support in Fiddler Everywhere (refer to the screenshot)? 
• Which app are you targeting? If possible provide link to a used endpoint or details on the applicaiton which traffic you are capturing.

Once you provide this information, consider the following:

1. Certificate Installation

• Make sure the Fiddler Everywhere root certificate is installed on your device and set as trusted. If you are capturing traffic from remote device (such as Android or iOS) ensure that the remote device has the Fiddler CA certificate installed and trusted

2. App Security Limitations

• If the app enforces strong SSL pinning or uses advanced certificate validation, Fiddler and similar tools may not be able to decrypt the traffic, even with correct setup.

Regards,
Nick Iliev
Progress Telerik