Hello,

I'm using Fiddler to intercept Java HTTPS traffic. This was accomplished by using the Fiddler Root certificate to create a keystore file which is read by the JVM.

It works fine in Fiddler GUI, but in a FiddlerCore application, the connections are not going through.

I am just wondering if I need to set the cert in FiddlerCore, or something similar to get this to work.

Hello,

Fiddler and FiddlerCore by default use separate certificates and that's why FiddlerCore does not work out of the box in an environment setup for Fiddler.

First, you have to tell FiddlerCore to start decrypting HTTPS. Depending on the Startup method you use it is done differently, but it shouuld be pretty straightforward. The option you are looking for is "DecryptSSL".

Then you have to add FiddlerCore's root certificate to the keystore, which is one-time operation. The easiest way of doing it is the following:
1. Call CertMaker.trustRootCert() and trust the certificate.
2. Go to the Windows certificate store and export the certificate. If you want to capture the traffic only from Java app you should be fine also removing it.
3. Add the certificate to the Java keystore.

There is also way of exporting the certificate directly, but it is more complicated and need more code from your side, since the API to do it is not public. If you want to go this path, please, let me know and I will do my best to guide you through it.

Regards,
Alexander
Progress Telerik

Alexander said:Hello,

Fiddler and FiddlerCore by default use separate certificates and that's why FiddlerCore does not work out of the box in an environment setup for Fiddler.

First, you have to tell FiddlerCore to start decrypting HTTPS. Depending on the Startup method you use it is done differently, but it shouuld be pretty straightforward. The option you are looking for is "DecryptSSL".

Then you have to add FiddlerCore's root certificate to the keystore, which is one-time operation. The easiest way of doing it is the following:
1. Call CertMaker.trustRootCert() and trust the certificate.
2. Go to the Windows certificate store and export the certificate. If you want to capture the traffic only from Java app you should be fine also removing it.
3. Add the certificate to the Java keystore.

There is also way of exporting the certificate directly, but it is more complicated and need more code from your side, since the API to do it is not public. If you want to go this path, please, let me know and I will do my best to guide you through it.

Regards,
Alexander
Progress Telerik

Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items

What is the default name of the FiddlerCore certificate? I am having trouble locating it in the Windows Certificate Store.

 

Hello,

The root certificate is issued to and issued by "DO_NOT_TRUST_FiddlerRoot". It is located under Trusted Root Certification Authorities -> Certificates. If you have more than one such certificate (because of Fiddler) it is ussually the one with the included private key, which is designated with the little key next to the certificate in the icon.

Regards,
Alexander
Progress Telerik