FiddlerCore: Java Keystore Question

4 posts, 0 answers
  1. Trees
    Trees avatar
    2 posts
    Member since:
    Jun 2018

    Posted 06 Jun Link to this post

    Hello,

    I'm using Fiddler to intercept Java HTTPS traffic. This was accomplished by using the Fiddler Root certificate to create a keystore file which is read by the JVM.

    It works fine in Fiddler GUI, but in a FiddlerCore application, the connections are not going through.

    I am just wondering if I need to set the cert in FiddlerCore, or something similar to get this to work.

  2. Alexander
    Admin
    Alexander avatar
    336 posts

    Posted 12 Jun Link to this post

    Hello,

    Fiddler and FiddlerCore by default use separate certificates and that's why FiddlerCore does not work out of the box in an environment setup for Fiddler.

    First, you have to tell FiddlerCore to start decrypting HTTPS. Depending on the Startup method you use it is done differently, but it shouuld be pretty straightforward. The option you are looking for is "DecryptSSL".

    Then you have to add FiddlerCore's root certificate to the keystore, which is one-time operation. The easiest way of doing it is the following:
    1. Call CertMaker.trustRootCert() and trust the certificate.
    2. Go to the Windows certificate store and export the certificate. If you want to capture the traffic only from Java app you should be fine also removing it.
    3. Add the certificate to the Java keystore.

    There is also way of exporting the certificate directly, but it is more complicated and need more code from your side, since the API to do it is not public. If you want to go this path, please, let me know and I will do my best to guide you through it.

    Regards,
    Alexander
    Progress Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  3. Trees
    Trees avatar
    2 posts
    Member since:
    Jun 2018

    Posted 12 Jun in reply to Alexander Link to this post

    Alexander said:Hello,

    Fiddler and FiddlerCore by default use separate certificates and that's why FiddlerCore does not work out of the box in an environment setup for Fiddler.

    First, you have to tell FiddlerCore to start decrypting HTTPS. Depending on the Startup method you use it is done differently, but it shouuld be pretty straightforward. The option you are looking for is "DecryptSSL".

    Then you have to add FiddlerCore's root certificate to the keystore, which is one-time operation. The easiest way of doing it is the following:
    1. Call CertMaker.trustRootCert() and trust the certificate.
    2. Go to the Windows certificate store and export the certificate. If you want to capture the traffic only from Java app you should be fine also removing it.
    3. Add the certificate to the Java keystore.

    There is also way of exporting the certificate directly, but it is more complicated and need more code from your side, since the API to do it is not public. If you want to go this path, please, let me know and I will do my best to guide you through it.

    Regards,
    Alexander
    Progress Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items

    What is the default name of the FiddlerCore certificate? I am having trouble locating it in the Windows Certificate Store.

     

  4. Alexander
    Admin
    Alexander avatar
    336 posts

    Posted 14 Jun Link to this post

    Hello,

    The root certificate is issued to and issued by "DO_NOT_TRUST_FiddlerRoot". It is located under Trusted Root Certification Authorities -> Certificates. If you have more than one such certificate (because of Fiddler) it is ussually the one with the included private key, which is designated with the little key next to the certificate in the icon.

    Regards,
    Alexander
    Progress Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Back to Top