Hi Guys,
We're researching fiddler core with a view to buying a license as an alternative to using browser addons for our upcoming product, for some reason I can't get the following to work reliably across IE and Chrome - Code as follows:
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using Fiddler;
namespace WindowsFormsApplication1
{
public partial class Form1 : Form
{
static Proxy oSecureEndpoint;
static string sSecureEndpointHostname = "localhost";
static int iSecureEndpointPort = 7777;
delegate void UpdateUI();
public Form1()
{
InitializeComponent();
}
private void Form1_Load(object sender, EventArgs e)
{
if (!Fiddler.CertMaker.rootCertExists())
{
if (!Fiddler.CertMaker.createRootCert())
{
throw new Exception("Unable to create cert for FiddlerCore.");
}
}
if (!Fiddler.CertMaker.rootCertIsTrusted())
{
if (!Fiddler.CertMaker.trustRootCert())
{
throw new Exception("Unable to install FiddlerCore's cert.");
}
}
oSecureEndpoint = FiddlerApplication.CreateProxyEndpoint(iSecureEndpointPort, true, sSecureEndpointHostname);
//Fiddler.FiddlerApplication.OnNotification += delegate (object snder, NotificationEventArgs oNEA) { MessageBox.Show("** NotifyUser: " + oNEA.NotifyString); };
//Fiddler.FiddlerApplication.Log.OnLogString += delegate (object snder, LogEventArgs oLEA) { MessageBox.Show("** LogString: " + oLEA.LogString); };
Fiddler.FiddlerApplication.AfterSessionComplete += FiddlerApplication_OnAfterSessionComplete;
Fiddler.FiddlerApplication.Startup(0, FiddlerCoreStartupFlags.Default & FiddlerCoreStartupFlags.DecryptSSL);
}
void FiddlerApplication_OnAfterSessionComplete(Session oSession)
{
// HTTPS TEST
if (oSession.fullUrl.Contains("linkedin.com"))
richTextBox1.Invoke(new UpdateUI(() =>
{
richTextBox1.AppendText(oSession.GetResponseBodyAsString());
}));
// NON HTTPS
if (oSession.fullUrl.Contains("pheme.co.uk"))
richTextBox1.Invoke(new UpdateUI(() =>
{
richTextBox1.AppendText(oSession.GetResponseBodyAsString());
}));
}
private void Form1_FormClosing(object sender, FormClosingEventArgs e)
{
Fiddler.FiddlerApplication.Shutdown();
}
}
}
Essentially the capture doesn't seem to work reliably at all, sometimes it works, sometimes not, I always have to delete old certificates despite removing the DLL's and only deploying makcert.exe in the deployment directory.
I appreciate this is fairly basic but what am I missing?
Thanks
Marc
4 Answers, 1 is accepted
The primary problem with your code sample is here:
Fiddler.FiddlerApplication.Startup(0, FiddlerCoreStartupFlags.Default & FiddlerCoreStartupFlags.DecryptSSL);
You're using an & operator when you mean to use an | operator, and since DecryptSSL is already in the Default flags, you can omit the &DecryptSSL portion entirely.
You also don't need this:
oSecureEndpoint = FiddlerApplication.CreateProxyEndpoint(iSecureEndpointPort, true, sSecureEndpointHostname);
... that code is used for creating a proxy endpoint that itself speaks TLS, an obscure feature of some browsers and not one that you need for your scenario.
When developing any sort of FiddlerCore-based application, you should absolutely attach handlers for OnNotification and OnLogString as these handlers will often emit useful information when something unexpected occurs.
Regards,
Eric Lawrence
Telerik
Rank 1
Hi Eric,
Thanks for your help, it's amazing how simple it can be - can't believe I missed the DecryptSSL being in defaults!
One last question, i'm creating the cert by excluding the DLL's and building with makecert.exe in the output directory.The certificate seems to be linked at each run so if I close it and start it again with the old DO_NOT_TRUST one in there I get privacy errors in chrome etc.
Is there a straight forward solution or a resource I could that that would demonstrate a proper way to manage the certificates?
Kind Regards
Marc
The behavior you're describing sounds like the behavior when MakeCert *isn't* used and a different generator is used. When you attach OnNotification and OnLogString you will get explicit text saying which certificate generator is used. From there, we can explore next steps around certificate root generation and trust...
Regards,
Eric Lawrence
Telerik
Rank 1
Hi Eric,
Right all sorted, thanks for the pointers there. I think what had happened is that where i'd upgraded visual studio it'd reinstalled some of the nuget packages and therfore the .dll's were still being used. Removing the references to both .dll's and adding makecert.exe from the fiddler download package to my own project now makes certificates stick properly.
Thank you very much for your help, I appreciate these were basic questions but there seems to be some very outdated / plain incorrect tutorials on google(from external sources not Telerik) .
Kind Regards
Marc