Some sites block Fiddler's DO NOT TRUST certificate

2 Answers 1548 Views
Fiddler Classic
idia
Top achievements
Rank 1
Iron
idia asked on 14 Sep 2023, 11:02 AM
Hello,

I use Firefox to redirect traffic to Fiddler (with the foxyProxy or FiddlerFox extension). I installed the Fiddler certificate by importing it into Firefox and configured the HTTPS and Fiddler tab with Decrypt HTTPS traffic and Ignore server certificate errors checked.

It works with most sites. But recently I've noticed that some sites are resisting this method. I've tested several workarounds, in Firefox I've set security.certerrors.mitm.auto_enable_enterprise to false and security.enterprise_roots.enabled to true

But it still doesn't work, for example I can't intercept this site's traffic via Firefox: https://www.unibet.fr/sport

Firefox displays this message and no security exception is possible:

Connection blocked: potential security problem

Firefox has detected a problem and stopped www.unibet.fr from loading. Either the site is incorrectly configured or your computer's clock is set to the wrong time.

The site's certificate has probably expired, preventing Firefox from establishing a secure connection.

What can you do about this?

www.unibet.fr uses HTTP Strict Transport Security (HSTS), so a secure connection is required to access it. You cannot add an exception to visit this site.

The problem probably stems from the website, so you can't do anything about it. You can report it to the people who administer the site.

2 Answers, 1 is accepted

Sort by
0
Accepted
Nick Iliev
Telerik team
answered on 14 Sep 2023, 12:13 PM

Hello Idia,

 

It's possible that Firefox trusted a different root certificate than the one used by Fiddler. To solve this, you can reset the Fiddler certificate by going to Tools > Options > HTTPS > Actions > Reset All Certificates. Once done, restart Firefox and try accessing the site again.

Another option is to manually add the Fiddler root CA to Firefox's certificate manager. To do this, export the Fiddler CA to your Desktop folder by going to Fiddler > Tools > Options > Actions > Export Root Certificate to Desktop, and then import it to Firefox by going to Firefox > Settings > Certificates > View Certificates > Authorities > Import.

If the above steps don't work with the default Fiddler CA, you can install the BouncyCastle certificate maker (also known as CertMaker for iOS and Android). After installation, retry the previous steps of importing the CA to Firefox and accessing the site again.

 

Regards,
Nick Iliev
Progress Telerik

Love the Telerik and Kendo UI products and believe more people should try them? Invite a fellow developer to become a Progress customer and each of you can get a $50 Amazon gift voucher.

0
idia
Top achievements
Rank 1
Iron
answered on 14 Sep 2023, 03:27 PM
Thank you it is working
Tags
Fiddler Classic
Asked by
idia
Top achievements
Rank 1
Iron
Answers by
Nick Iliev
Telerik team
idia
Top achievements
Rank 1
Iron
Share this question
or