In the CONNECT response frame, we have the "Client Certificate" so we know there was a CERTIFICATE REQUEST made by the server as part of its SERVER HELLO response. What I would like to know is what DN(s)/CN(s) the server sent down with the CERTIFICATE REQUEST. I have not been able to find any references to pull this out of the SERVER HELLO response.
Fiddler Everywhere shows the CONNECT request for each secure connection it makes to a server. If you open the request in the session inspectors, the body of the request/response will contain all relevant information about the TLS handshake - request body shows client hello and server body shows server hello. In the server hello details you can find the [Subject] section with all Distinguished Name values (CN/O/L/S/C). Any extensions the server supports, like Subject Alternative Name, should also be listed further down in the response body inspector of the CONNECT session