Hi,

is possible in to generate/add fiddler root certificate from command line? 

I'm trying to capture traffic from iOS Facebook.app. Because it uses SSL pinning I have jailbroken iOS 7.1 with installed ssl-kill-swithch-2 https://github.com/nabla-c0d3/ssl-kill-switch2 v0.7 on my iPad 3. Everything works just fine with some other apps - I'm able to capture https traffic from itunes account login (which also has ssl pinning), ios system facebook account login (SSO) and event few initial requests from Facebook.app (login/config/SSO login). But later Fiddler stops decryption and I see such messages in fiddler and ios log console: 

!SecureClientPipeDirect failed: System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < The certificate chain was issued by an authority that is not trusted for pipe (CN=graph.facebook.com, O=DO_NOT_TRUST_BC, OU=Created by http://www.fiddler2.com).

iPad Facebook[1050] <Notice>: MS:Notice: Injecting: com.facebook.Facebook [Facebook] (847.24)
iPad Facebook[1050] <Notice>: MS:Notice: Loading: /Library/MobileSubstrate/DynamicLibraries/SSLKillSwitch2.dylib
iPad Facebook[1050] <Warning>: === SSL Kill Switch 2: Preference set to 1.
iPad Facebook[1050] <Warning>: === SSL Kill Switch 2: Subtrate hook enabled.
iPad backboardd[676] <Error>: HID: The 'Passive' connection 'Facebook' access to protected services is denied.

My current configuration for sert generation is (I was trying to use some default engine but with no success at all) -
Certificate Engine: BCCertMaker.BCCertMaker
Engine Version: 1.5.1.1

ValidFrom: 7 days ago
ValidFor: 2 years
HashAlg: SHA256WITHRSA
KeyLen: 2048
RootKeyLen: 2048
ReuseServerKeys: True

That's successfull handshake when https decryption is off 

A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

Version: 3.3 (TLS/1.2)
Random: 63 1C 6F F3 F4 30 30 C6 C4 9F 4E 89 E2 3C FF 72 DD F2 B0 8F 5E 63 B3 9C 17 44 A5 36 C3 D7 63 48
"Time": 6/3/2099 7:47:31 AM
SessionID: empty
Extensions: 
server_name graph.facebook.com
ec_point_formats uncompressed [0x0], ansiX962_compressed_prime [0x1], ansiX962_compressed_char2  [0x2]
elliptic_curves secp256r1 [0x17], secp521r1 [0x19], unknown [0x1C), unknown [0x1B), secp384r1 [0x18], unknown [0x1A), secp256k1 [0x16], sect571r1 [0xE], sect571k1 [0xD], sect409k1 [0xB], sect409r1 [0xC], sect283k1 [0x9], sect283r1 [0xA]
SessionTicket empty
signature_algs sha512_rsa, sha512_dsa, sha512_ecdsa, sha384_rsa, sha384_dsa, sha384_ecdsa, sha256_rsa, sha256_dsa, sha256_ecdsa, sha224_rsa, sha224_dsa, sha224_ecdsa, sha1_rsa, sha1_dsa, sha1_ecdsa
NextProtocolNego empty
ALPN spdy/3.1-fb-0.5, spdy/3.1, spdy/3, http/1.1
Ciphers: 
[C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
[C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
[C028] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
[C024] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
[C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
[C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
[00A5] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
[00A3] TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
[00A1] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
[009F] TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
[006B] TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
[006A] TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
[0069] TLS_DH_RSA_WITH_AES_256_CBC_SHA256
[0068] TLS_DH_DSS_WITH_AES_256_CBC_SHA256
[0039] TLS_DHE_RSA_WITH_AES_256_SHA
[0038] TLS_DHE_DSS_WITH_AES_256_SHA
[0037] TLS_DH_RSA_WITH_AES_256_SHA
[0036] TLS_DH_DSS_WITH_AES_256_SHA
[C032] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
[C02E] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
[C02A] TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
[C026] TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
[C00F] TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
[C005] TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
[009D] TLS_RSA_WITH_AES_256_GCM_SHA384
[003D] TLS_RSA_WITH_AES_256_CBC_SHA256
[0035] TLS_RSA_AES_256_SHA
[C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
[C027] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
[C023] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
[C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
[C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
[00A4] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
[00A2] TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
[00A0] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
[009E] TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
[0067] TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
[0040] TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
[003F] TLS_DH_RSA_WITH_AES_128_CBC_SHA256
[003E] TLS_DH_DSS_WITH_AES_128_CBC_SHA256
[0033] TLS_DHE_RSA_WITH_AES_128_SHA
[0032] TLS_DHE_DSS_WITH_AES_128_SHA
[0031] TLS_DH_RSA_WITH_AES_128_SHA
[0030] TLS_DH_DSS_WITH_AES_128_SHA
[C031] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
[C02D] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
[C029] TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
[C025] TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
[C00E] TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
[C004] TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
[009C] TLS_RSA_WITH_AES_128_GCM_SHA256
[003C] TLS_RSA_WITH_AES_128_CBC_SHA256
[002F] TLS_RSA_AES_128_SHA
[C011] TLS_ECDHE_RSA_WITH_RC4_128_SHA
[C007] TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
[C00C] TLS_ECDH_RSA_WITH_RC4_128_SHA
[C002] TLS_ECDH_ECDSA_WITH_RC4_128_SHA
[0005] SSL_RSA_WITH_RC4_128_SHA
[0004] SSL_RSA_WITH_RC4_128_MD5
[C012] TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
[C008] TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
[0016] SSL_DHE_RSA_WITH_3DES_EDE_SHA
[0013] SSL_DHE_DSS_WITH_3DES_EDE_SHA
[0010] SSL_DH_RSA_WITH_3DES_EDE_SHA
[000D] SSL_DH_DSS_WITH_3DES_EDE_SHA
[C00D] TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
[C003] TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
[000A] SSL_RSA_WITH_3DES_EDE_SHA
[0015] SSL_DHE_RSA_WITH_DES_SHA
[0012] SSL_DHE_DSS_WITH_DES_SHA
[000F] SSL_DH_RSA_WITH_DES_SHA
[000C] SSL_DH_DSS_WITH_DES_SHA
[0009] SSL_RSA_WITH_DES_SHA
[00FF] TLS_EMPTY_RENEGOTIATION_INFO_SCSV

Compression: 
[00] NO_COMPRESSION


HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 09:06:07.630
Connection: close

This is a CONNECT tunnel, through which encrypted HTTPS traffic flows.
To view the encrypted sessions inside this tunnel, enable the Tools > Fiddler Options > HTTPS > Decrypt HTTPS traffic option.

A SSLv3-compatible ServerHello handshake was found. Fiddler extracted the parameters below.

Version: 3.3 (TLS/1.2)
SessionID: empty
Random: 02 36 8B 0A 1E C9 E6 9D E9 79 7A 9A AC 58 F4 07 B8 E8 0E 82 F1 30 99 07 E2 73 DE 65 8F 62 13 69
Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [0xC02B]
CompressionSuite: NO_COMPRESSION [0x00]
Extensions:
server_name empty
renegotiation_info 00
ec_point_formats uncompressed [0x0], ansiX962_compressed_prime [0x1], ansiX962_compressed_char2  [0x2]
SessionTicket empty
ALPN spdy/3.1-fb-0.5


That's handshake when https description is on and nothing is working
A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

Version: 3.3 (TLS/1.2)
Random: 2F 1E F8 40 97 85 8E 3D B2 B4 AE D2 94 2A C0 F3 D7 83 74 27 73 C5 2A 81 2C 79 CE C9 30 9F E0 8E
"Time": 7/16/2004 9:27:59 PM
SessionID: F5 62 B7 87 EB 10 5E F8 CB 94 A0 0F 1E 20 65 C5 1E F7 E2 56 D0 DC 2F CE 75 F5 EE 95 18 78 66 30
Extensions: 
server_name graph.facebook.com
ec_point_formats uncompressed [0x0], ansiX962_compressed_prime [0x1], ansiX962_compressed_char2  [0x2]
elliptic_curves secp256r1 [0x17], secp521r1 [0x19], unknown [0x1C), unknown [0x1B), secp384r1 [0x18], unknown [0x1A), secp256k1 [0x16], sect571r1 [0xE], sect571k1 [0xD], sect409k1 [0xB], sect409r1 [0xC], sect283k1 [0x9], sect283r1 [0xA]
SessionTicket 95 4E 45 70 72 EA 25 5C 5D DA A5 42 D4 66 52 F7 96 E8 65 71 CB A1 71 49 8E 02 CD 4F E1 95 FF 99 16 68 E5 3E 6D 0B 30 BB 79 A2 E9 54 C1 0C F0 41 04 5E 30 9F 98 58 69 7B 9D 26 77 32 0E E3 7F 90 7F 1E 99 9E 45 52 10 90 30 F1 8F 4D D3 C3 DD 72 F4 60 E3 CC 61 50 4E 5C A8 49 6D 0C 75 24 C2 2A 5F 1B BC 32 DD C1 BE 61 71 75 06 C5 E2 A7 17 BD 70 75 19 72 6F 15 2D C5 CD D3 B4 36 9B EF 9B DE AF 61 AE 3C 60 B7 28 F5 92 4D 53 DD DB E6 90 DB 35 43 10 86 17 B3 69 CB CC 57 CF 58 17 11 58 AF 80 30 D4 CC 81 16 5F 0F 0F 42 01 63 68 84 54 3A 4F 59 61 E7 F4 63 C3 C4 10 D5 67 8D 34 C1 3E 23
signature_algs sha512_rsa, sha512_dsa, sha512_ecdsa, sha384_rsa, sha384_dsa, sha384_ecdsa, sha256_rsa, sha256_dsa, sha256_ecdsa, sha224_rsa, sha224_dsa, sha224_ecdsa, sha1_rsa, sha1_dsa, sha1_ecdsa
NextProtocolNego empty
ALPN spdy/3.1-fb-0.5, spdy/3.1, spdy/3, http/1.1
Ciphers: 
[C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
[C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
[C028] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
[C024] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
[C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
[C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
[00A5] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
[00A3] TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
[00A1] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
[009F] TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
[006B] TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
[006A] TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
[0069] TLS_DH_RSA_WITH_AES_256_CBC_SHA256
[0068] TLS_DH_DSS_WITH_AES_256_CBC_SHA256
[0039] TLS_DHE_RSA_WITH_AES_256_SHA
[0038] TLS_DHE_DSS_WITH_AES_256_SHA
[0037] TLS_DH_RSA_WITH_AES_256_SHA
[0036] TLS_DH_DSS_WITH_AES_256_SHA
[C032] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
[C02E] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
[C02A] TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
[C026] TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
[C00F] TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
[C005] TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
[009D] TLS_RSA_WITH_AES_256_GCM_SHA384
[003D] TLS_RSA_WITH_AES_256_CBC_SHA256
[0035] TLS_RSA_AES_256_SHA
[C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
[C027] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
[C023] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
[C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
[C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
[00A4] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
[00A2] TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
[00A0] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
[009E] TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
[0067] TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
[0040] TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
[003F] TLS_DH_RSA_WITH_AES_128_CBC_SHA256
[003E] TLS_DH_DSS_WITH_AES_128_CBC_SHA256
[0033] TLS_DHE_RSA_WITH_AES_128_SHA
[0032] TLS_DHE_DSS_WITH_AES_128_SHA
[0031] TLS_DH_RSA_WITH_AES_128_SHA
[0030] TLS_DH_DSS_WITH_AES_128_SHA
[C031] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
[C02D] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
[C029] TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
[C025] TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
[C00E] TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
[C004] TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
[009C] TLS_RSA_WITH_AES_128_GCM_SHA256
[003C] TLS_RSA_WITH_AES_128_CBC_SHA256
[002F] TLS_RSA_AES_128_SHA
[C011] TLS_ECDHE_RSA_WITH_RC4_128_SHA
[C007] TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
[C00C] TLS_ECDH_RSA_WITH_RC4_128_SHA
[C002] TLS_ECDH_ECDSA_WITH_RC4_128_SHA
[0005] SSL_RSA_WITH_RC4_128_SHA
[0004] SSL_RSA_WITH_RC4_128_MD5
[C012] TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
[C008] TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
[0016] SSL_DHE_RSA_WITH_3DES_EDE_SHA
[0013] SSL_DHE_DSS_WITH_3DES_EDE_SHA
[0010] SSL_DH_RSA_WITH_3DES_EDE_SHA
[000D] SSL_DH_DSS_WITH_3DES_EDE_SHA
[C00D] TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
[C003] TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
[000A] SSL_RSA_WITH_3DES_EDE_SHA
[0015] SSL_DHE_RSA_WITH_DES_SHA
[0012] SSL_DHE_DSS_WITH_DES_SHA
[000F] SSL_DH_RSA_WITH_DES_SHA
[000C] SSL_DH_DSS_WITH_DES_SHA
[0009] SSL_RSA_WITH_DES_SHA
[00FF] TLS_EMPTY_RENEGOTIATION_INFO_SCSV

Compression: 
[00] NO_COMPRESSION


HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 09:12:01.913
Connection: close


I'm wonderying how to solve this issue and where this problem come from?

All,

Is it possible to install Fiddler in SLES 12.3 (SESU linux ?)

thanks

-Siva

Hi, attempting to debug sporadic issues with website.  In a fiddler trace or in an imported IE F12 network trace I will see bad requests that only contain following header.  There is no response and request header is even incomplete.  What causes such a request as not even a GET or POST and the URL is even malformed?  url is missing the domain and type is NONE and http is 0.0.  ??

 

NONE https:///registration/1/registercli/reg HTTP/0.0

 

Thank you

Hi,

 

I am using an app in C# to send POST web requests to another website and I want to capture the response but I have to specify the proxy first:

 

The following is used in my code

 

    request.Proxy = new WebProxy("url", 8888);

 

I am not sure what I should write in the URL part for the proxy to work

Hello,

i recently deinstalled Fiddler and since that many of my apps on my Windows 10 machine are not working anymore. I checked proxy settings and made sure i'm not using a proxy. The only way these apps work again is when fiddler is running. This affects Adobe CreativeCloud as well as some other apps. Both browsers (edge and firefox) work fine, it appears apps using Libcurl.dll do not seem to get a connection anymore.

 

Hi,

I have a custom extension that compress/decompress the body of request/response. It's working fine within UI. But it's effect of compress/decompress is not seen in exported sessions.

 

How to get this scenario working?

Thanks,

Rasheed

Hi, I'm parsing a response. It is encoded in base64. On pasting into the text wizard, and selecting "From deflated SAML", these are examples of what shows up:

�
�������
����������NSystem.Data 

System.Data.SerializationFormat
���value__����

FunctionID
���
��������
�����

 

together with large portions of both clear text and binary data. How can I get the entire response in clear text? Thank you in advance.

New to fiddler. I am trying to do a REST API curl request but getting a red 502 response.

Here is the curl request:

curl -X GET https://sandbox.forte.net/api/v3/organizations/org_333251/locations/loc_191620/customers/
-H "Content-Type: application/json"
-H "X-Forte-Auth-Organization-Id: org_333251" 
-H "Authorization: Basic Mjk3NjMwMGJiNjlmMDhiMmRmZTU3NzU0ZDkyMWI4Y2Q6NmU4N2QwZjUwMmE4ZGE5M"
-H "Accept: application/json"
-H "Cache-Control: no-cache"

It is a sandbox account so no problem if you want to play around with it.

All the credentials are good, and it works in Postman and it works in a Windows command prompt.

But for the life of me I can't get it to work in Fiddler :(

What am I missing?

Dear All,

 

I´ve been really happy with fiddler since a few days ago where I started using it.

Till this point it all made sense to me, installing an SSL certificate and seeing the content of all packages. 

But I then realized that the host where I receive packets from, some communication wasn´t showing in fiddler, being a channel through which information is being pushed through to the client. Not sure how this is done, by simple keeping a communications port open, or by that the client on a very frequent basis checks if the host has anything new. 

The packets that I was succesful in looking at in Fiddler all were based around client sending parameters to the server, and getting responses back.

So what I did was to log in commview, wireshark and omnipeek at the same as doing it in fiddler during times were the packages presumably not showing fiddler were sent.

This is what I found out: 

Https packages sent from IP adresses on the same domain (for instance, the data visible in fiddler comes from x.x.x.220, where the others are from x.x.x.221 and x.x.x.222) are showing in the other monitors, but never in fiddler. I would think that they contain the missing packages.

Next thing I did was to save them in different pcap formats from wireshark and import them to fiddler, but with no luck: Fiddler just shows a blank screen where packages normally would be showing. The imported files are 41 kb, and import fine back into wireshark, so nothing´s wrong with them.

I have tried this without any filters, but the result is the same.

Also, I have hardly changed anything to fiddlers configuration. It´s using the system proxy.

Finally, I amended the settings of firefox in order to work with fiddler, which works fine but the problem also happens when connecting to the website (it´s all done in the browser) from google chrome.

What could be wrong, and what can be done to resolve this?

 

Thanks in advance!