Find the differences :-) .. get a prize!

1 Answer 218 Views
Fiddler Classic iOS Mobile
Carlos
Top achievements
Rank 2
Iron
Carlos asked on 11 Nov 2022, 11:45 PM

Ok no prize but this has been bothering me for a while and after endless googling and searching I can't figure it out so asking here for some help. Using Fiddler Classic and have this connection that won't work and can't figure out why.. while another almost identical and to same server works! .. so listing both, good one and bad one here and hoping someone can help and let me know what I'm missing.

The name of the party involved has been changed to protect its identity! :-P

Thank you all in advance!

The one that works:

CONNECT xx-xxxx.xxxx.com:443 HTTP/1.1

Host: cn-geo1.uber.com

User-Agent: Xxxxxx/x.xxx.xxxxx CFNetwork/1240.0.4 Darwin/20.6.0

Connection: keep-alive

Connection: keep-alive

 

A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

 

Version: 3.3 (TLS/1.2)

Random: D6 98 B2 86 F9 D5 6C 89 44 34 E5 CE 3D 7E DE B8 5E 17 80 09 C8 1B 4A 89 32 E9 76 33 02 B8 13 1D

"Time": 8/11/2041 12:31:18 PM

SessionID: D7 1A 00 00 28 58 81 5E 09 42 2C 7D FF 52 69 45 04 1F 6A 9A F1 AC 7F 1C 8A 4F BB 05 B6 90 1D 07

Extensions: 

grease (0xcaca) empty

server_name xx-xxxx.xxxx.com

extended_master_secret empty

renegotiation_info 00

supported_groups grease [0xdada], x25519 [0x1d], secp256r1 [0x17], secp384r1 [0x18], secp521r1 [0x19]

ec_point_formats uncompressed [0x0]

ALPN http/1.1

status_request OCSP - Implicit Responder

signature_algs ecdsa_secp256r1_sha256, rsa_pss_rsae_sha256, rsa_pkcs1_sha256, ecdsa_secp384r1_sha384, ecdsa_sha1, rsa_pss_rsae_sha384, rsa_pss_rsae_sha384, rsa_pkcs1_sha384, rsa_pss_rsae_sha512, rsa_pkcs1_sha512, rsa_pkcs1_sha1

SignedCertTimestamp (RFC6962) empty

key_share 00 29 DA DA 00 01 00 00 1D 00 20 FB 83 F0 42 95 E5 7A A0 20 36 5D 34 31 B9 CF D2 F1 1C 6C D7 E4 4A 32 0E 4B 33 96 4C 90 4C 91 12

psk_key_exchange_modes 01 01

supported_versions grease [0xa0a], Tls1.3, Tls1.2

grease (0x6a6a) 00

padding 210 null bytes

Ciphers: 

[5A5A] Unrecognized cipher - See https://www.iana.org/assignments/tls-parameters/

[1301] TLS_AES_128_GCM_SHA256

[1302] TLS_AES_256_GCM_SHA384

[1303] TLS_CHACHA20_POLY1305_SHA256

[C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

[C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

[CCA9] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256

[C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

[C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

[CCA8] TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

[C024] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

[C023] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

[C00A] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

[C009] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

[C028] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

[C027] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

[C014] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

[C013] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

 

Compression: 

[00] NO_COMPRESSION

 

 

HTTP/1.1 200 Connection Established

FiddlerGateway: Direct

StartTime: 17:35:47.943

Connection: close

 

Encrypted HTTPS traffic flows through this CONNECT tunnel. HTTPS Decryption is enabled in Fiddler, so decrypted sessions running in this tunnel will be shown in the Web Sessions list.

 

Secure Protocol: Tls12

Cipher: Aes128 128bits

Hash Algorithm: Sha256 ?bits

Key Exchange: ECDHE_RSA (0xae06) 255bits

 

== Server Certificate ==========

[Subject]

  CN=*.xxxx.com, O="Xxxx Xxxxxxxxxxxx, Inc.", L=San Francisco, S=California, C=US

 

[Issuer]

  CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US

 

[Serial Number]

  04B114FE39AFD58E244CD867F6289C33

 

[Not Before]

  9/29/2022 8:00:00 PM

 

[Not After]

  10/3/2023 7:59:59 PM

 

[Thumbprint]

  A3973CE541FA00B8ABFAF00A7A656566D9C8B85E

 

[SubjectAltNames]

*.xxxx.com, xxxx.com

 

The one that does NOT work:

CONNECT xx-xxxx.xxxx.com:443 HTTP/1.1

Host: cn-geo1.uber.com

User-Agent: com.apple.WebKit.Networking/8611.4.1.0.3 CFNetwork/1240.0.4 Darwin/20.6.0

Connection: keep-alive

Connection: keep-alive

 

A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

 

Version: 3.3 (TLS/1.2)

Random: 14 C3 70 A0 97 D7 EE 8D 7E 4D 55 83 5B 7E 11 78 B4 0D 5A 05 A7 CA FF 72 E7 6F D3 FE 84 80 57 67

"Time": 4/19/2055 6:48:52 AM

SessionID: 94 40 2D 65 53 37 B5 35 DB 44 9C 7C 02 08 6E CF D3 D2 96 F1 5F 2F 8D F6 16 E3 00 69 28 89 F1 1A

Extensions: 

grease (0xbaba) empty

server_name xx-xxxx.xxxx.com

extended_master_secret empty

renegotiation_info 00

supported_groups grease [0x2a2a], x25519 [0x1d], secp256r1 [0x17], secp384r1 [0x18], secp521r1 [0x19]

ec_point_formats uncompressed [0x0]

ALPN h2, http/1.1

status_request OCSP - Implicit Responder

signature_algs ecdsa_secp256r1_sha256, rsa_pss_rsae_sha256, rsa_pkcs1_sha256, ecdsa_secp384r1_sha384, ecdsa_sha1, rsa_pss_rsae_sha384, rsa_pss_rsae_sha384, rsa_pkcs1_sha384, rsa_pss_rsae_sha512, rsa_pkcs1_sha512, rsa_pkcs1_sha1

SignedCertTimestamp (RFC6962) empty

key_share 00 29 2A 2A 00 01 00 00 1D 00 20 D5 A3 35 60 CC 62 00 38 0B DD F3 4E FC 27 42 B6 5C 0B 4A CA 6B 98 5A 0D 4C 64 A9 8E 38 74 A9 0A

psk_key_exchange_modes 01 01

supported_versions grease [0x3a3a], Tls1.3, Tls1.2

grease (0x4a4a) 00

padding 207 null bytes

Ciphers: 

[6A6A] Unrecognized cipher - See https://www.iana.org/assignments/tls-parameters/

[1301] TLS_AES_128_GCM_SHA256

[1302] TLS_AES_256_GCM_SHA384

[1303] TLS_CHACHA20_POLY1305_SHA256

[C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

[C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

[CCA9] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256

[C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

[C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

[CCA8] TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

[C024] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

[C023] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

[C00A] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

[C009] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

[C028] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

[C027] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

[C014] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

[C013] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

 

Compression: 

[00] NO_COMPRESSION

 

 

HTTP/1.1 200 Connection Established

FiddlerGateway: Direct

StartTime: 17:36:31.802

Connection: close

Lance | Manager Technical Support
Telerik team
commented on 11 Nov 2022, 11:50 PM

Hi Carlos, I recommend posting this question on one of these options for a timely response:

 
Ryuu
Top achievements
Rank 1
commented on 27 Dec 2022, 01:49 PM

Hi, I've nearly problem with you. My question is waiting for approval somehow. Although a bit different, my request is really same request (all except Random&Time) but with 2 exact same Fiddler version+settings in 2 pc instead. Then I try to proxy to one of computer that works, it works. In your case, I see it has different User-Agent (maybe because you censor one) and ALPN h2, http/1.1 * I think, this is most likely to be the case. Do you try the script like oSession["x-OverrideSslProtocols"] = "tls1.0"; already? I found it all over the place and it help in some cases if server is misconfigured.
Lance | Manager Technical Support
Telerik team
commented on 27 Dec 2022, 02:04 PM

Hi Ryuu,

Yes, you're getting caught by the spam filter for attempting to open multiple posts with the same (slightly reworded) content.

My recommendation is still the same, you will want to post in those resources I linked to above. Fiddler Classic is not a heavily visited forum and you probably won't get any replies from the community in the timeframe you're hoping for.

For your convenience, here are those links again:

Technical Support Note: If this is a business-critical implementation and you would like professional support for Fiddler Classic, you can contract with our Outsourcing Services partners for some 1:1 help => https://www.progress.com/services/outsourcing

Scott
Top achievements
Rank 1
commented on 04 Jan 2023, 07:50 PM

Are these load balanced? Are these your servers your troubleshooting?  I need just a little context. 
Lance | Manager Technical Support
Telerik team
commented on 04 Jan 2023, 08:11 PM

Scott, the fundamental problem is Ryuu's trying to use Fiddler Classic on HTTP/2 traffic.  Fiddler Classic is too old for modern TLS over HTTP/2, he must upgrade to Fiddler Everywhere in order to inspect this traffic.

1 Answer, 1 is accepted

Sort by
0
Nick Iliev
Telerik team
answered on 28 Dec 2022, 08:12 AM

Hi Carlos,

 

The failing request offers TLS negotiation over HTTP/2 (through ALPN h2), and HTTP/2 is not yet supported in Fiddler Classic. You can retry the request through Fiddler Everywhere, which already supports HTTP/2.

 

Regards,
Nick Iliev
Progress Telerik

Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.

Tags
Fiddler Classic iOS Mobile
Asked by
Carlos
Top achievements
Rank 2
Iron
Answers by
Nick Iliev
Telerik team
Share this question
or