How does Fiddler decrypt the https headers?

2 posts, 0 answers
  1. Mark
    Mark avatar
    3 posts
    Member since:
    Jun 2010

    Posted 15 Feb 2017 Link to this post

    Being the very noobie I am with https, how is it that Fiddler can decrypt what is in the headers?  Does that imply that any "man in the middle" could decrypt those?  Is it REQUIRED that I encrypt what is in the Header content?  Or, if it is https, everything is encrypted including the headers?
  2. Tsviatko Yovtchev
    Admin
    Tsviatko Yovtchev avatar
    549 posts

    Posted 20 Feb 2017 Link to this post

    Hi,

    Fiddler does just that - man in the middle. Once you put Fiddler generated certificate in your Trusted Root store Fiddler can impersonate any website you visit. Any other party that has a certificate in your Trusted Root could do the same.

    Regards,
    Tsviatko Yovtchev
    Telerik by Progress
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Back to Top