Some HTTPS sites are unaccessible when using Fiddler - Fiddler on PCs

Kurt

5 posts

Member since:
Jul 2014

Posted 24 Jul 2014 Link to this post

Hi,

I reviewed prior posts and I see that this question has been asked before but either I don't fully understand the solution or my problem is slightly different. I am attempting to user Fiddler with SSL decryption enabled to visit a site that we use for a vendor product (which is based in Flash). I am able to access alot of other HTTPs sites (such as Google, Paypal, etc.) and view the resulting traffic, but I cannot access this particular site that I need.

I installed Fiddler today so I have the newest copy.

I see the following log entry when I try to access the site:

16:48:19:9974 fiddler.network.https> HTTPS handshake to <> failed. System.IO.IOException Received an unexpected EOF or 0 bytes from the transport stream.

The SSL certificate is in the trusted root store. When I attempt to visit the site, I am prompted to accept the untrusted certificate and then IE attempts to load the page for quite some time and never gets through. I also tried in Chrome just to make sure this wasn't a browser-specfic problem.

I think I am very close and just need a little help to get through. Please let me know any information I can provide to get to the bottom of this. Thank you in advance.

Kurt

5 posts

Member since:
Jul 2014

Posted 24 Jul 2014 in reply to Kurt Link to this post

Also, I did some research and tried this solution but I receive the same error even after applying the rules, restarting my browser(s), and restarting Fiddler.

Thanks again.

Kurt

5 posts

Member since:
Jul 2014

Posted 24 Jul 2014 in reply to Kurt Link to this post

Didn't mean to post 3 times... here is the solution I was referencing in the above post:

http://blogs.msdn.com/b/ieinternals/archive/2009/12/08/aes-is-not-a-valid-cipher-for-sslv3.aspx

I don't see an edit post option in these forums--my apologies.

Eric Lawrence

Admin

832 posts

Posted 25 Jul 2014 Link to this post

Hello, if you see any message about an Untrusted Certificate, the system's configuration is not correct. Try disabling HTTPS decryption in Fiddler Options, and click "Remove Interception Certificate." Then, reenable Decryption and accept all prompts to trust the certificate. Then load a site and see if there are any error messages in the browser.

Regards,
Eric Lawrence
Telerik

Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

Kurt

5 posts

Member since:
Jul 2014

Posted 25 Jul 2014 in reply to Eric Lawrence Link to this post

Hi Eric,

Thanks for responding so quickly! I should have been more clear. If I remove the cert from the Trusted Store (just for testing), I receive the SSL certificate untrusted and have to manually accept the cert. When the Fiddler cert is in the Trusted Store, I cannot load this particular site. Paypal/Gmail/etc. still work over HTTPS and if I look at the cert, it says that FIDDLER_DO_NOT_TRUST verified the identify of this site as Paypal (for example).

I'll try what you suggested, but I did this yesterday after reading some other posts and came to the same result.

What else might we try? Thanks so much!

Kurt

5 posts

Member since:
Jul 2014

Posted 25 Jul 2014 Link to this post

Got it working! It only works when running IE as a non-administrator account. I also can only access this particular tool via IP address as opposed to FQDN. Thanks so much. Great product.

Eric Lawrence

Admin

832 posts

Posted 27 Jul 2014 Link to this post

Hello, Kurt--

By default, Fiddler only installs its Trusted Root certificate in the running-user's account; this means that a different user (e.g. an Administrator) will not trust that root certificate.

You can configure the root certificate to be trusted Machine wide by running MMC.exe, selecting Certificates, choosing "Local Computer" and choosing to import Fiddler's root .cer (which you can export to your desktop inside Fiddler's Tools > Options > HTTPS) to the machine's Trusted store.

Regards,
Eric Lawrence
Telerik

Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

Jorge

2 posts

Member since:
Apr 2015

Posted 06 Apr 2015 Link to this post

Hi,

I am getting the same error message when trying to access a website using Fiddler v2.5.0.0 and the latest versions of Chrome and Firefox.

I tried the solution posted by Kurt and the workaround Eric suggested, but none of these worked. The funny thing is that I was using Fiddler against this very same site until a few days back, and it started failing today.

Please, check the captured dialog below for details. Thanks!

CONNECT [SERVER NAME]:443 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0
Connection: keep-alive
Connection: keep-alive
Host: [SERVER NAME]:443

A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

Version: 3.1 (TLS/1.0)
Random: DD 2F 64 36 55 5B 79 02 5F 5F 0D 9B 90 71 F0 76 0A 3A D0 46 40 72 4F B3 CD 73 49 A1 C2 5C 79 C3
"Time": 01/12/1998 03:05:17 p.m.
SessionID: 1E 06 00 00 2A 42 2A C3 66 D9 D3 5E 48 5D DF 7F 39 27 3D 55 A8 7A 3D A6 73 46 45 45 B6 10 30 11
Extensions:
server_name [SERVER NAME]
renegotiation_info 00
elliptic_curves secp256r1 [0x17], secp384r1 [0x18], secp521r1 [0x19]
ec_point_formats uncompressed [0x0]
SessionTicket empty
NextProtocolNego empty
ALPN h2-16, h2-15, h2-14, h2, spdy/3.1, http/1.1
status_request OCSP - Implicit Responder
Ciphers:
[C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
[C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
[C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
[C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
[C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
[0033] TLS_DHE_RSA_WITH_AES_128_SHA
[0039] TLS_DHE_RSA_WITH_AES_256_SHA
[002F] TLS_RSA_AES_128_SHA
[0035] TLS_RSA_AES_256_SHA
[000A] SSL_RSA_WITH_3DES_EDE_SHA

Compression:
[00] NO_COMPRESSION

HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 18:23:49.480
Connection: close

fiddler.network.https> HTTPS handshake to [SERVER NAME] failed. System.IO.IOException Received an unexpected EOF or 0 bytes from the transport stream.

Jorge

2 posts

Member since:
Apr 2015

Posted 06 Apr 2015 Link to this post

The above request was made in Windows 8.1 using Fiddler2. With Fiddler4, the error message is a bit different:

HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 19:03:33.858
Connection: close

fiddler.network.https> HTTPS handshake to [SERVER NAME] failed. System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < The message received was unexpected or badly formatted

Eric Lawrence

Admin

832 posts

Posted 07 Apr 2015 Link to this post

Hi, Jorge--

Unless you can share the actual server name and/or a SAZ or PCAPNG capture, it's unlikely that anyone will be able to help you. The message below suggests that the target is not returning a properly-formed HTTPS response.

Regards,
Eric Lawrence
Telerik

See What's Next in App Development. Register for TelerikNEXT.

Kevin

1 posts

Member since:
May 2015

Posted 08 May 2015 in reply to Eric Lawrence Link to this post

I highly suspect that HTTP2 is used here, at least that's the last readable handshake information:

ALPN h2-16, h2-15, h2-14, h2, spdy/3.1, http/1.1

Eric Lawrence

Admin

832 posts

Posted 08 May 2015 Link to this post

Hello, Kevin--

HTTP2 isn't used through Fiddler when HTTPS decryption is on. All clients will fall back to HTTP/1.1 when HTTP2 isn't available.

Regards,
Eric Lawrence
Telerik

See What's Next in App Development. Register for TelerikNEXT.

Nisha

1 posts

Member since:
Sep 2016

Posted 08 Sep 2016 Link to this post

I still see an error HTTPS handshake to <> failed. System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < The message received was unexpected or badly formatted

I tried all the above options but still the same error. Help will be appreciated.

will

2 posts

Member since:
Sep 2016

Posted 14 Sep 2016 Link to this post

I still see an error HTTPS handshake to <> failed. System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < The message received was unexpected or badly formatted

I am seeing the same error.

Fabio

1 posts

Member since:
Nov 2016

Posted 15 Nov 2016 Link to this post

I was seeing the following exception:

System.Security.SecurityException Failed to negotiate HTTPS connection with server.fiddler.network.https. HTTPS handshake to api.etadirect.com (for #9) failed. System.IO.IOException Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. An existing connection was forcibly closed by the remote host

I was able to fix it by enabling the TLS1.2 protocol which is not enabled by default for outgoing connections (Tools / Fiddler Options.. / HTTPS / click on protocols list)

Jason

1 posts

Member since:
Dec 2015

Posted 26 Jan 2017 in reply to Fabio Link to this post

Thanks Fabio, this fixed the issue for me.

Reg

2 posts

Member since:
Apr 2018

Posted 14 Apr Link to this post

...adding the protocols fixed it for me as well. Eric - Fiddler is a superb product and it has saved my sorry backside on countless occasions. Hope it provides you with an excellent pension when you retire, because you deserve it.