I'm trying to use Fiddler v4.6.20171.7553 with Java app bundled with its own jvm/jre 1.7.0_80

I've exported certificate of Fiddler to desktop and using keytool added certificate to its keystore:

keytool -import -keystore cacerts -file FiddlerRoot.cer -alias fiddler

keytool reported that certificate successfully imported, what I've checked with command:

keytool -list -v -keystore cacerts -alias fiddler

I've also installed certificates to Windows both to local and user space for sure.

Server I'm trying to connect is configured to use TLS1.0;TLS1.1;TLS1.2 protocols, so that what I set in Fiddler options for HTTPS protocols. I've also tried to add <client> and using different combinations of different protocols, but it didn't help.

Resetting of certificates, or deleting Interception certificates and adding again doesn't help.

I always get error:

!SecureClientPipeDirect failed: System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < An unknown error occurred while processing the certificate on pipe (CN=target.website, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com).

On the app side I have error:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

OS details: 64-bit AMD64, VM: 56,0mb, WS: 94,0mb .NET 4.6.2 WinNT 10.0.10240.0

Request headers:

CONNECT target.website:443 HTTP/1.1
User-Agent: Java/1.7.0_80
Host: target.website
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2

A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

Version: 3.1 (TLS/1.0)
Random: some random
"Time": 07.06.2015 3:37:44
SessionID: empty
Extensions:
    elliptic_curves    secp256r1 [0x17], sect163k1 [0x1], sect163r2 [0x3], secp192r1 [0x13], secp224r1 [0x15], sect233k1 [0x6], sect233r1 [0x7], sect283k1 [0x9], sect283r1 [0xA], secp384r1 [0x18], sect409k1 [0xB], sect409r1 [0xC], secp521r1 [0x19], sect571k1 [0xD], sect571r1 [0xE], secp160k1 [0xF], secp160r1 [0x10], secp160r2 [0x11], sect163r1 [0x2], secp192k1 [0x12], sect193r1 [0x4], sect193r2 [0x5], secp224k1 [0x14], sect239k1 [0x8], secp256k1 [0x16]
    ec_point_formats    uncompressed [0x0]
    server_name    target.website
Ciphers:
    [C00A]    TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    [C014]    TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
    [0035]    TLS_RSA_AES_256_SHA
    [C005]    TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
    [C00F]    TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
    [0039]    TLS_DHE_RSA_WITH_AES_256_SHA
    [0038]    TLS_DHE_DSS_WITH_AES_256_SHA
    [C009]    TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
    [C013]    TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
    [002F]    TLS_RSA_AES_128_SHA
    [C004]    TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
    [C00E]    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
    [0033]    TLS_DHE_RSA_WITH_AES_128_SHA
    [0032]    TLS_DHE_DSS_WITH_AES_128_SHA
    [C008]    TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
    [C012]    TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
    [000A]    SSL_RSA_WITH_3DES_EDE_SHA
    [C003]    TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
    [C00D]    TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
    [0016]    SSL_DHE_RSA_WITH_3DES_EDE_SHA
    [0013]    SSL_DHE_DSS_WITH_3DES_EDE_SHA
    [C007]    TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
    [C011]    TLS_ECDHE_RSA_WITH_RC4_128_SHA
    [0005]    SSL_RSA_WITH_RC4_128_SHA
    [C002]    TLS_ECDH_ECDSA_WITH_RC4_128_SHA
    [C00C]    TLS_ECDH_RSA_WITH_RC4_128_SHA
    [0004]    SSL_RSA_WITH_RC4_128_MD5
    [00FF]    TLS_EMPTY_RENEGOTIATION_INFO_SCSV

Compression:
    [00]    NO_COMPRESSION

Many days ago I tried to decrypt data from a websocket.

Please help me

How can I read this data?

I would like to thank and thank you

Hi!

I am receiving data from various third-party sites to my internet browser (Chrome). They use WebSocket. From some suppliers (sites) I see nice JSON formatted data but some sites the data (webSocket payLoad message) is not readable to me (long messy string - you can see it from prictures I attached). Is it possible to extract the human readable data from that long messy string for example with FiddlerScript? I am using Fiddler v4.6.3.

I never had this issue before, but here's what I did. tools > options > ttps > actions > reset with fiddler, and gave me "Added fiddler's root certificate to Machine Root List". On firefox, I did tools > options > Network settings > Configure Proxy Access to the Internet > user system proxy settings.

Another thing I tried is exporting the certificate from fiddler, then on firefox, tools > options > certificates > View certificates > import, then importing the fiddlerRoot.cer, but still get insecure connection.

I wrote my simple fiddler script to automatically copy to clipboard but always getting error

"The current wire must be set to STA mode (Single Thread Apartment) before calling to OLE. Make sure STAThreadAttribute is selected in the Main function."

My workaround is to show dialog box and CTRL+C from there

How do i fix it?

I have just installed Fiddler but it was not what I thought it is. So I need to uninstall it but Fiddler or Telerik do not show up in Add/Remove (win10). How can I uninstall it?

Hi everybody,
I was wondering whether if it was a way to inject the farx file during the loading of the program for test-automation purposes.

Is that possible?

Could it be possible using the command line to do that ?

Howdy Eric,
I want to use AutoResponder to mock a response from my server. The response in question is JSON object and I need to tweak its properties slightly. The thing is I cannot seem to do that via the Edit Response menu in Fiddler. Here's a screenshot: http://screencast.com/t/1f7iNWTF1NX9

There's something called "Send to TextWizard" but I don't know what that's about.

Thanks,
Stoil

Hi,

 

I'm interesting to know what will happen to an application (chrome browser, for example), if https capturing application that uses fiddler core, crashes (for reasons not related to fiddler core)? Will chrome continue to work? What about https sessions that chrome had?

 

Thanks,

Alex.

        Validity
            Not Before: May 21 20:29:01 2017 GMT
            Not After : May 21 20:29:01 2023 GMT

So, Chrome Android complains when certificates have a validity period of over 39 months. (NET::ERR_CERT_VALIDITY_TOO_LONG)

The added checks is probably because of the way I trusted this cert to get it working on Nougat and above for apps and stuff. (converting and copying the cert to /system/etc/security/cacerts)

However, that's not the focus of this post. Is it possible to customize the validity period of FiddlerRoot? I'm using CertEnroll, Android P DP2, and Fiddler 5.