Hi. I think I've worked through all the steps required to enable https decryption and added the fiddler cert to the trusted keychain store. However, the only sessions I get in the capture are the "Tunnel to <my server>".
The inspector shows messages that say the usual "This is a CONNECT tunnel"... and "Fiddler's HTTPS Decryption feature is enabled, but this specific tunnel was configured not to be decrypted. Settings can be found inside Tools > Options > HTTPS."
But I'm confused because when I go back to that dialog, I can confirm that "Capture HTTPS CONNECTS" and "Decrypt HTTPS traffic" are both checked and that "from all processes is selected". I did export the cert from here which is the one I put in the trusted store.
So it seems like its telling me that I've enabled everything but it still does not decrypt the https traffic. On the windows version I seem to remember needing to put a cert in my user directory that was named "ClientCertificate.cer" so I tried that too but no help.
Did I miss anything or is there anything I can troubleshoot?
Thanks!
Mark
1 Answer, 1 is accepted
Hi Mark,
This is most likely because of Certificate Pinning. In this case, the application itself only accepts a specific certificate and completely bypasses the Fiddler Root Certificate. This is common in mobile applications but becoming more common in desktop apps as well. Since the Root Certificate Trust is up to the application developer, there isn't anything Fiddler can do to resolve this circumstance.
I hope this helps. Please let me know if you need any additional information. Thank you for using the Fiddler Forums.
Regards,
Eric R | Technical Support Engineer
Progress Telerik