HTTPS traffic decryption error: System.Security.Authentication.AuthenticationException

3 Answers 2687 Views
Mobile
Evgeniy
Top achievements
Rank 1
Evgeniy asked on 05 Feb 2015, 08:49 AM
Hi,

Fiddler runs on PC whits Windows 7x64:

Fiddler Web Debugger (v4.4.9.0)
Built: 8 июля 2014 г.
 
64-bit AMD64, VM: 43,00mb, WS: 72,00mb
.NET 4.0.30319.17929 WinNT 6.1.7601 SP1

I'm trying to capture HTTS traffic from Android. Trusted certificate was installed, and I can see traffic from some sites, such as Google.

But on few site, such as Twitter, I get error:

CONNECT twitter.com:443 HTTP/1.1
Host: twitter.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; Nexus 5 Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.99 Mobile Safari/537.36

A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

Version: 3.3 (TLS/1.2)
Random: 54 D3 2B C1 BC 2C 00 09 2A 61 34 84 2A CD 1C CB 14 33 DD 7D 30 44 16 80 E4 94 FA AA CC 76 24 B6
SessionID: 79 46 00 00 36 D9 BA 70 AA 0E 97 A6 10 8B BA 99 95 BD E7 D2 08 4B 5D 93 80 09 14 55 F2 C2 4A 9F
Extensions:
    server_name    twitter.com
    ec_point_formats    uncompressed [0x0]
    elliptic_curves    secp521r1 [0x19], secp384r1 [0x18], secp256r1 [0x17]
    SessionTicket    empty
    signature_algorithms    00 20 06 01 06 02 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03 02 03 03 02 01 02 02 02 03 01 01
    NextProtocolNegotiation    empty
    channel_id(GoogleDraft)    empty
Ciphers:
    [C014]    TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
    [C00A]    TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    [0039]    TLS_DHE_RSA_WITH_AES_256_SHA
    [0038]    TLS_DHE_DSS_WITH_AES_256_SHA
    [0035]    TLS_RSA_AES_256_SHA
    [C012]    TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
    [C008]    TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
    [0016]    SSL_DHE_RSA_WITH_3DES_EDE_SHA
    [0013]    SSL_DHE_DSS_WITH_3DES_EDE_SHA
    [000A]    SSL_RSA_WITH_3DES_EDE_SHA
    [C02F]    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    [C02B]    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    [C013]    TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
    [C009]    TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
    [00A2]    Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
    [009E]    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
    [0033]    TLS_DHE_RSA_WITH_AES_128_SHA
    [0032]    TLS_DHE_DSS_WITH_AES_128_SHA
    [009C]    TLS_RSA_WITH_AES_128_GCM_SHA256
    [002F]    TLS_RSA_AES_128_SHA
    [C011]    TLS_ECDHE_RSA_WITH_RC4_128_SHA
    [C007]    TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
    [0005]    SSL_RSA_WITH_RC4_128_SHA
    [0004]    SSL_RSA_WITH_RC4_128_MD5
    [00FF]    TLS_EMPTY_RENEGOTIATION_INFO_SCSV

Compression:
    [00]    NO_COMPRESSION

HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 11:37:22.290
Connection: close
 
fiddler.network.https> HTTPS handshake to twitter.com failed. System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < The message received was unexpected or badly formatted

On another PC it's OK on the same device. Thanks for any ideas.
Eric Lawrence
Telerik team
commented on 05 Feb 2015, 05:42 PM

Hello, Evgeniy Kozlov--

Are you using the Android browser, or an app?

Can you explain what you mean when you say "On another PC it's OK on the same device."? Is the other PC running the same build of Fiddler? Is there any change if you update to the very latest Fiddler (v4.4.9.0)?

Is there any chance you could get a WireShark PCAP of the failing scenario? You could send it to me using Help > Send Feedback inside Fiddler.

Regards,
Eric Lawrence
Telerik
 

Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

 
Evgeniy
Top achievements
Rank 1
commented on 06 Feb 2015, 07:00 AM

Hi, Eric.

It's same on browser (Chrome) and app, I'm currently testing. Another PC and my PC running same and latest version of Fiddler. I sent you WireShark PCAP via email.

3 Answers, 1 is accepted

Sort by
0
Accepted
Eric Lawrence
Telerik team
answered on 09 Feb 2015, 08:21 PM
In your capture, you've configured Fiddler to send a client certificate. As far as I know, this isn't a feature supported by the Twitter website: 

X-CLIENT-CERT: C=xx, OU=OWASP ZAP Root CA, O=OWASP Root CA, L=f53bc445cb, CN=OWASP Zed Attack Proxy Root CA Serial#6EC86

It appears that the server issues a RST immediately after receiving the client certificate.

If you remove the client certificate from the scenario, does the problem go away?

Regards,
Eric Lawrence
Telerik
 

Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

 
Evgeniy
Top achievements
Rank 1
commented on 15 Feb 2015, 08:33 AM

Eric, thank you very much!

I have just removed Fiddler2 directory from Documents and all goes without any errors.

Best regards!
Zy
Top achievements
Rank 1
commented on 07 Dec 2015, 10:03 AM

Hello All

 

when i use fiddler laster version view the https data,but we don't see anything

17:53:50:0792 !SecureClientPipeDirect failed: System.Security.Authentication.AuthenticationException 调用 SSPI 失败,请参见内部异常。 < 处理证书时,出现了一个未知错误。 for pipe (CN=mgw.pingan.com.cn, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com).
17:53:56:2720 !SecureClientPipeDirect failed: System.Security.Authentication.AuthenticationException 调用 SSPI 失败,请参见内部异常。 < 处理证书时,出现了一个未知错误。 for pipe (CN=mgw.pingan.com.cn, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com).
17:53:56:2725 !SecureClientPipeDirect failed: System.Security.Authentication.AuthenticationException 调用 SSPI 失败,请参见内部异常。 < 处理证书时,出现了一个未知错误。 for pipe (CN=mgw.pingan.com.cn, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com).
17:53:56:7440 !SecureClientPipeDirect failed: System.Security.Authentication.AuthenticationException 调用 SSPI 失败,请参见内部异常。 < 处理证书时,出现了一个未知错误。 for pipe (CN=mgw.pingan.com.cn, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com).
17:53:57:0616 Fiddler.Network.ProtocolViolation - [#39] The Request's Host header did not match the URL's host component.

 

pls help me,

 Best regards!

 

Steven 

 

 

Eric Lawrence
Telerik team
commented on 07 Dec 2015, 03:51 PM

Hello, Zy--

Please see http://textslashplain.com/2015/10/30/reset-fiddlers-https-certificates/ for instructions on how to reset Fiddler's certificates, which should resolve this problem.

If it doesn't, please open a NEW issue thread and describe your configuration (e.g. what OS, browser, etc).

Regards,
Eric Lawrence
Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
0
Giorgi
Top achievements
Rank 1
answered on 27 Apr 2021, 12:00 AM

Hello Zy,

Did you find solution about your error?

Rosen Vladimirov
Telerik team
commented on 29 Apr 2021, 11:15 AM

Hey Giorgi,

Have you tried reset of your root certificate? To do this, use the Tools -> Options -> HTTPS -> Click on the Actions button and select Reset All Certificates. This will give you several OS prompts - first for removal of old certificates and then for trusting the new one. You should allow all operations.

Hope this helps.

0
yo
Top achievements
Rank 1
Iron
answered on 03 Jun 2021, 07:02 AM

Hello Zy,

Did you find solution about your error?

I've reset my certificate with, but there was still this error.

!SecureClientPipeDirect failed: System.Security.Authentication.AuthenticationException 调用 SSPI 失败,请参见内部异常。 < 处理证书时,出现了一个未知错误。 for pipe (CN=*.huangye.miui.com, O=DO_NOT_TRUST, OU=Created by

I don't know what to do

Many thanks for help
Nick Iliev
Telerik team
commented on 03 Jun 2021, 07:44 AM

Hey Yo Ke,

 

You could try the solution discussed in this thread. Notice that apart from entirely resetting the certificate, there is also a recommendation for using a specific tool for generating the new certificates.

Tags
Mobile
Asked by
Evgeniy
Top achievements
Rank 1
Answers by
Eric Lawrence
Telerik team
Giorgi
Top achievements
Rank 1
yo
Top achievements
Rank 1
Iron
Share this question
or