I am a longtime user of Fiddler (version 2) proxy and it really is an amazing product. One of it's best features is the ability to decode and inspect HTTPS traffic, including automatic generation of proper certificates. Usually this works without problems, but I've stumbled upon a problem, which is not clear to me.

I am trying to "convince" some java program, which connects to it's server via https, to use Fiddler2 as a proxy (on Windows 7 x64, java 1.6.0_45 64-bit). Java program itself just won't connect through proxy, regardless of what I do or set up via Java control panel. I cannot modify the java source code (not available) or add command line parameters to java because it's started inside a parent .exe program. The only thing I could come up was to use a "proxifier" (ProxyCap), which redirects all traffic from any program (system wide) to a configured Fiddler2 proxy.

If I now test the existing configuration with my own java program (proxified) issuing https requests, I can see the decoded https traffic in Fiddler2 (first tunnel set up, then decoded traffic). If I run the original java program, I can see it sets up the tunnel to the destination IP, but then nothing happens. In request headers I see CONNECT <IP>:443 and in response I see "200 Connection Established".

Is Fiddler2 behaving differently to the application itself as the original https server would? Could an application (java program) stop because the parameters exchanged during the handshake are not the "correct" ones? Or is Fiddler connecting to the remote https server in a "wrong" way and it disconnects it? How can I get more information about what's happening?

Fiddler is not capturing requests from an online game website anymore, I think its because the game has used SSL to block the requests from capturing. Is there any way to still capture and modify them even though the site has somehow prevented Fiddler from doing so?

After clicking on Tools | HTTPS | Capture HTTPS CONNECTS, the minute I click the box next to Decrypt HTTPs traffic Fiddler throws the following error:

makecert.exe returned - 1.

Results from c:\program files (x86)\Fiddler2\MakeCert.exe -r -ss my -n
"CN=DO_NOT_TRUST_FiddlerRoot,    etc, etc

Error:  Can't create the key of the subject ('JoeSoft')
Failed

See attached screenshot.

When I try to export the Root Certificate to the Desktop it throws the following error:
The root certificate could not be located.

OS:  Win8.1

im using windows 8.1, when trying to install certificate to decrypt traffic,i get this error Failed to find the root certificate in User Root List.

When I try to run fiddler setup nothing happens.  A trip over to the event viewer under Application I get warning Event 866 from SoftwareRestrictionPolicies :

Access to C:\Users\username\AppData\Local\Temp\Fiddler4Setup.exe has been restricted by your Administrator by location with policy rule {542edcef-766b-4b80-94e2-42e180f6675d} placed on path C:\Users\username\AppData\Local\*\*.exe.

 

It appears as if this program installer is trying to use the AppData\Local\Temp folder to run executables out of.  This is a big no no and poor programming design.  It is not good practice to install this way as its the cheap and easy way out.  This location is a prime target for malware and ransomware to deposit their payloads and execute.  Therefore we have SRP in place to block the execution of files from this location.  It has saved our arses one time before as it successfully prevented malware from running.

Can any devs try to redesign the installer to utilize a more modern and Microsoft sanctioned way to do an install?  We have many programs that install without issue because they do not take the cheap and easy way out.

Hi,

 

I keep gettiing this error anytime i attempt to open fiddler.

 

---------------------------
Awww, Fiddlesticks!
---------------------------
Fiddler has encountered an unexpected problem. If you believe this is a bug in Fiddler, please copy this message by hitting CTRL+C, and submit a bug report at http://www.telerik.com/forums/fiddler.

Cannot load the "comctl32.dll" DLL into memory.

Type: System.ComponentModel.Win32Exception
Source: System.Windows.Forms
   at System.Windows.Forms.Control.get_CreateParams()
   at System.Windows.Forms.ScrollableControl.get_CreateParams()
   at System.Windows.Forms.ContainerControl.get_CreateParams()
   at System.Windows.Forms.Form.get_CreateParams()
   at .ž“.›“() in C:\JenkinsHome\jobs\FiddlerReleaseBuild\workspace\Fiddler2\SplashScreen.cs:line 62
   at System.Windows.Forms.Control..ctor(Boolean autoInstallSyncContext)
   at System.Windows.Forms.ScrollableControl..ctor()
   at System.Windows.Forms.ContainerControl..ctor()
   at System.Windows.Forms.Form..ctor()
   at .ž“..ctor() in C:\JenkinsHome\jobs\FiddlerReleaseBuild\workspace\Fiddler2\SplashScreen.cs:line 22
   at Fiddler.frmViewer.‹•(String[] ˆ•) in C:\JenkinsHome\jobs\FiddlerReleaseBuild\workspace\Fiddler2\Viewer.cs:line 2763
   at Fiddler.frmViewer.‡•(String[] ˆ•) in C:\JenkinsHome\jobs\FiddlerReleaseBuild\workspace\Fiddler2\Viewer.cs:line 2717
Fiddler v4.6.20171.9220 (x64 AMD64) [.NET 4.0.30319.42000 on Microsoft Windows NT 10.0.14393.0] 
---------------------------
OK   
---------------------------

Hi,

Thanks for Fiddler and Fiddlercore. I use Fiddler to inspect websocket messages but not all messages are readable.

some message are readable but some are in this format :    j 0p { <  D  A  ZO vұ ....

What's happening as I'm not a real developer ...

Thanks

 

>uname -a
Linux Computername 4.8.0-46-generic #49-Ubuntu SMP Fri Mar 31 13:57:14 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

>cat /etc/os-release

NAME="Ubuntu"
VERSION="16.10 (Yakkety Yak)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.10"
VERSION_ID="16.10"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="http://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=yakkety
UBUNTU_CODENAME=yakkety

>mono --version

Mono JIT compiler version 4.8.0 (Stable 4.8.0.524/9d74414 Wed Apr 5 17:57:04 UTC 2017)
Copyright (C) 2002-2014 Novell, Inc, Xamarin Inc and Contributors. www.mono-project.com
TLS: __thread
SIGSEGV: altstack
Notifications: epoll
Architecture: amd64
Disabled: none
Misc: softdebug 
LLVM: supported, not enabled.
GC: sgen

On exiting:
---------------------------
Awww, Fiddlesticks!
---------------------------
Fiddler has encountered an unexpected problem. If you believe this is a bug in Fiddler, please copy this message by hitting CTRL+C, and submit a bug report at http://www.telerik.com/forums/fiddler.
Exception has been thrown by the target of an invocation.
Type: System.Reflection.TargetInvocationException
Source: mscorlib
at System.Reflection.MonoCMethod.InternalInvoke (System.Object obj, System.Object[] parameters) [0x00019] in <f712f98eb8e445c8918edaf595bbe465>:0 
at System.RuntimeType.CreateInstanceMono (System.Boolean nonPublic) [0x000ca] in <f712f98eb8e445c8918edaf595bbe465>:0 
at System.RuntimeType.CreateInstanceSlow (System.Boolean publicOnly, System.Boolean skipCheckThis, System.Boolean fillCache, System.Threading.StackCrawlMark& stackMark) [0x0001a] in <f712f98eb8e445c8918edaf595bbe465>:0 
at System.RuntimeType.CreateInstanceDefaultCtor (System.Boolean publicOnly, System.Boolean skipCheckThis, System.Boolean fillCache, System.Threading.StackCrawlMark& stackMark) [0x0002a] in <f712f98eb8e445c8918edaf595bbe465>:0 
at System.Activator.CreateInstance (System.Type type, System.Boolean nonPublic) [0x00040] in <f712f98eb8e445c8918edaf595bbe465>:0 
at System.Configuration.ConfigInfo.CreateInstance () [0x00029] in <c88268b2ab694baf8f53384cac3b8843>:0 
at System.Configuration.SectionInfo.CreateInstance () [0x00000] in <c88268b2ab694baf8f53384cac3b8843>:0 
at System.Configuration.Configuration.GetSectionInstance (System.Configuration.SectionInfo config, System.Boolean createDefaultInstance) [0x00022] in <c88268b2ab694baf8f53384cac3b8843>:0 
at System.Configuration.ConfigurationSectionCollection.get_Item (System.String name) [0x00032] in <c88268b2ab694baf8f53384cac3b8843>:0 
at System.Configuration.Configuration.GetSection (System.String path) [0x00021] in <c88268b2ab694baf8f53384cac3b8843>:0 
at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection (System.String configKey) [0x00006] in <c88268b2ab694baf8f53384cac3b8843>:0 
at System.Configuration.ConfigurationManager.GetSection (System.String sectionName) [0x00005] in <c88268b2ab694baf8f53384cac3b8843>:0 
at System.Configuration.PrivilegedConfigurationManager.GetSection (System.String sectionName) [0x00000] in <5641e4edad4f4464ba58c620a7b8ea48>:0 
at System.Diagnostics.DiagnosticsConfiguration.GetConfigSection () [0x00000] in <5641e4edad4f4464ba58c620a7b8ea48>:0 
at System.Diagnostics.DiagnosticsConfiguration.Initialize () [0x00033] in <5641e4edad4f4464ba58c620a7b8ea48>:0 
at System.Diagnostics.DiagnosticsConfiguration.get_IndentSize () [0x00000] in <5641e4edad4f4464ba58c620a7b8ea48>:0 
at System.Diagnostics.TraceInternal.InitializeSettings () [0x00060] in <5641e4edad4f4464ba58c620a7b8ea48>:0 
at System.Diagnostics.TraceInternal.get_UseGlobalLock () [0x00000] in <5641e4edad4f4464ba58c620a7b8ea48>:0 
at System.Diagnostics.TraceInternal.WriteLine (System.String message) [0x00000] in <5641e4edad4f4464ba58c620a7b8ea48>:0 
at System.Diagnostics.Trace.WriteLine (System.String message) [0x00000] in <5641e4edad4f4464ba58c620a7b8ea48>:0 
at Fiddler.FiddlerApplication.ReportException (System.Exception eX, System.String sTitle, System.String sCallerMessage) [0x00059] in <1f5c91af40d14c0eb3b0cb76da0ecdcc>:0 
at Fiddler.FiddlerApplication.ReportException (System.Exception eX, System.String sTitle) [0x00000] in <1f5c91af40d14c0eb3b0cb76da0ecdcc>:0 
at .ƒ.ž () [0x0002e] in <1f5c91af40d14c0eb3b0cb76da0ecdcc>:0 
at System.Threading.ThreadHelper.ThreadStart_Context (System.Object state) [0x00017] in <f712f98eb8e445c8918edaf595bbe465>:0 
at System.Threading.ExecutionContext.RunInternal (System.Threading.ExecutionContext executionContext, System.Threading.ContextCallback callback, System.Object state, System.Boolean preserveSyncCtx) [0x0008d] in <f712f98eb8e445c8918edaf595bbe465>:0 
at System.Threading.ExecutionContext.Run (System.Threading.ExecutionContext executionContext, System.Threading.ContextCallback callback, System.Object state, System.Boolean preserveSyncCtx) [0x00000] in <f712f98eb8e445c8918edaf595bbe465>:0 
at System.Threading.ExecutionContext.Run (System.Threading.ExecutionContext executionContext, System.Threading.ContextCallback callback, System.Object state) [0x00031] in <f712f98eb8e445c8918edaf595bbe465>:0 
at System.Threading.ThreadHelper.ThreadStart () [0x0000b] in <f712f98eb8e445c8918edaf595bbe465>:0
System.Threading.ThreadAbortException
at (wrapper managed-to-native) System.Reflection.MonoCMethod:InternalInvoke (System.Reflection.MonoCMethod,object,object[],System.Exception&)
at System.Reflection.MonoCMethod.InternalInvoke (System.Object obj, System.Object[] parameters) [0x00002] in <f712f98eb8e445c8918edaf595bbe465>:0 
Fiddler v4.6.20171.14978 (x64 ) [.NET 4.0.30319.42000 on Unix 4.8.0.46]

Configuration changed:

Tools -> Telerik Fiddler Options -> Tab "HTTPS"

- [checked] Capture HTTPS CONNECTs

- [checked] Decrypt HTTPS traffic -> ...from browsers only

- [changed] "Perform decryption" only for the following host: <site to decrypt only>

(BTW: The text for the option above ["Perform decryption"] appears cut off, only around 2/3 of the label is visible )

 

I am setting up a reverse proxy, and I've got everything working except the correct SSL cert. When I try to do the following:

```

    static function Main() {
        var today: Date = new Date();
        FiddlerObject.StatusText = " CustomRules.js was loaded at: " + today;

        //CertMaker.removeFiddlerGeneratedCerts();
        FiddlerObject.log("Main - Start StoreCerts");
         var oCert = new System.Security.Cryptography.X509Certificates
            .X509Certificate2("C:\\temp\\geotrust.pfx", "*****");
        FiddlerObject.log("FriendlyName: " + oCert.FriendlyName);
        FiddlerObject.log("Issuer: " + oCert.Issuer);
        FiddlerObject.log("PrivateKey: " + oCert.HasPrivateKey.ToString());
        FiddlerObject.log("Subject: " + oCert.Subject);
        CertMaker.StoreCert("wdtest.casepacer.com", oCert);
        FiddlerObject.log("Main - End StoreCerts");
        var test = CertMaker.FindCert("wdtest.casepacer.com")
        FiddlerObject.log("FriendlyName: " + test.FriendlyName);
        FiddlerObject.log("Issuer: " + test.Issuer);
```

The output I get is this:

```

17:25:45:1722 Main - Start StoreCerts
17:25:45:1722 FriendlyName: GeoTrustCP
17:25:45:1722 Issuer: CN=GeoTrust SSL CA - G3, O=GeoTrust Inc., C=US
17:25:45:1722 PrivateKey: True
17:25:45:1722 Subject: CN=*.casepacer.com, O=Case Pacer LLC, L=Indianapolis, S=Indiana, C=US
17:25:45:1722 Assembly 'C:\Program Files (x86)\Fiddler2\CertMaker.dll' was not found. Using default Certificate Generator.
17:25:45:1722 /Fiddler.CertMaker> Using .‰+˜ for certificate generation; UseWildcards=True.
17:25:45:1722 Main - End StoreCerts
17:25:45:1722 FriendlyName:
17:25:45:1722 Issuer: CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com

```

I added the loggers so that I could verify that it was correctly reading the cert (which it is), and that it has the private key (which it does). This is the same key I'm using on my IIS instance on the same machine, so I know it works. However, when I try to connect, or as you can see in the script when I tell it to FindCert(), It gets the DO_NOT_TRUST cert instead of the one I'm trying to add/specify.

I've even tried deleting the DO_NOT_TRUST certs, but it just recreates them. Why won't it use the cert I'm loading?

Thanks in advance,

David

We have a small program created for us that we install locally on windows. I don't have access to the code or database. 

When I log in, Fiddler detects some traffic, but detects nothing while using the program. It most certainly is posting and fetching data from remote servers. Why would Fiddler not see this traffic?

I know I haven't provided a ton of info but perhaps there are some things I can look out for?