My objective is to capture and decrypt all incoming https traffic(specifically just a 2 rest api url end points) to a asp mvc website on an IIS 7.5 webserver.
steps I've completed
1. I've unbinded the website from 443 and moved it to 444.
2. I altered the fiddlercore(4.4.9.8) sample demo to just have a secure listener on port 443 and display the request headers in a windows form application.
3. I've attached the server's real certificate using Proxy.AssignEndpointCertificate(x509Certificate2). I've confirmed the attached certificate was found by messagebox
of the thumbprint. here is the code
oSecureEndpoint = FiddlerApplication.CreateProxyEndpoint(iSecureEndpointPort, true, sSecureEndpointHostname);
if (isCertFound) {
oSecureEndpoint.AssignEndpointCertificate(x509Certificate2);
}
4. I've written the logs to a text file and I see :
a. /Fiddler.CertMaker> Using Fiddler.DefaultCertificateProvider+MakeCertEngine for certificate generation
and
b. !SecureClientPipeDirect failed: System.NotSupportedException The server mode SSL must use a certificate with the associated private key. on pipe to (CN=*.ourdomain.com, OU=Domain Control Validated)
things i don't get
1. how does the fiddlercore app know to send the forward requests to port 444 (of the website). How do i specify this? If I don't specify this, where does it go?
2. What is causing the !secureclientpipdirect failed from 4b above?