1 Answer, 1 is accepted
Hello Luke,
Could you elaborate more about what you mean by handling? As a MITM proxy, Fiddler could track all authorization flows and can be used to debug potential issues for any authorization functionalities. (that are using HTTP or HTTPS). Modern authentication is not a single set of methods but a different combination of protocols like SAML, OAuth, etc. There are many examples of how to use Fiddler to debug those protocols, for example:
https://jackstromberg.com/2016/08/tutorial-using-fiddler-to-debug-saml-tokens-issued-from-adfs/
https://stackoverflow.com/questions/23106210/trying-to-get-a-oauth-token-using-fiddler
Regards,
Nick Iliev
Progress Telerik
Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.
Rank 1
Sorry for the late replay and thanks for responding and the examples. I am specifically working with 0365 applications and fiddlercore, whilst using the default configuration for fiddlercore I cannot sign in to 0365 applications using oauth authentication and I get 401 responses. If I sign in without the fiddlercore application running the application gets a refresh token and uses that successfully when I turn fiddlercore back on, however this expires and fiddlercore app cannot obtain a new token. By the look of those examples it seems possible that you can decrypt the https message and store the valid token received and reuse and replace it in any requests that are sent out?
