This is a migrated thread and some comments may be shown as answers.

System wide Fiddler certificate on Ubuntu

9 Answers 523 Views
Linux
This is a migrated thread and some comments may be shown as answers.
ryan
Top achievements
Rank 1
ryan asked on 31 Jan 2017, 01:59 AM

Hello,

I just downloaded and installed Fiddler on my Ubuntu 16.04 machine (Love it on my Windows machine).  Getting the Fiddler certificate installed for Chrome and Firefox was surprisingly easy (I thought I would have to do some converting).

However, when I try to add the same CER file to the system wide trusted certificates, my OS tells me that the FiddlerRoot.pem does not contain a certificate (output pasted below).  I am wondering if this is a known issue since this is still in beta phase or if I am doing something wrong.

 

I am trying to do this so when I run things through the terminal Fiddler will pick them up - specifically HTTPS requests.

 

output:

test@GPA-HSW04:/usr/lib/mono/4.5$ sudo cp '/home/test/Desktop/FiddlerRoot.cer' '/usr/share/ca-certificates/FiddlerRoot.crt'
test@GPA-HSW04:/usr/lib/mono/4.5$ sudo dpkg-reconfigure ca-certificatesProcessing triggers for ca-certificates (20160104ubuntu1) ...
Updating certificates in /etc/ssl/certs...
WARNING: FiddlerRoot.pem does not contain a certificate or CRL: skipping

9 Answers, 1 is accepted

Sort by
0
ryan
Top achievements
Rank 1
answered on 31 Jan 2017, 07:06 PM

Update to say that it looks like I solved my own problem.

I noticed that the FiddlerRoot certificate that I was trying to add to the system didn't look like what I imported into Firefox (The Firefox one contain the key info).  I exported the certificate I had in FireFox and updated the system certs with that file - that one took and now HTTPS requests coming from terminal commands are decoded in Fiddler. =D

The odd thing was the the system didn't want to take the certificate that I exported directly from Fiddler, but Firefox did - maybe a beta limitation?

0
Tim
Top achievements
Rank 1
answered on 24 Feb 2017, 11:25 PM

I'm trying to get fiddler configured for https on Ubuntu 14.04 and keep getting Secure connection Failed. I have errors both on Chrome and FF. I have used it on this machine before for a machine-local server.

I'm testing by trying to goto google.com which redirects to https://google.com - does this work for you?

Did you follow some online procedure to set it up? if so what are you steps?

I have the following:

Fiddler > options > https   Capture Https Connections, Decrypt Https Traffic, from all processes
> Connections port 8888, Allow Remote Comps, Reuse client, reuse server (tried with these unchecked also)
   Act as a sys proxy on startup, Monitor All connections

I exported cert to desktop FiddlerRoot.crt

On Chrome > Settings > Advanced > HTTPS/SSL Manage certs > You Certs > import > (change to all types) > FiddlerRoot.cer  (not crt)

I get an error on import  Certificate Import Error - The Private Key for this Client Certificate is missing or invalid

I generated Cert by using FF: 127.0.0.1:8888  (download FiddlerRoot cert)

I just tried using Chrome to gen the cert, it downloaded, i clicked on it (from within the browser download) which opened up the key.
it looks ok, but when I try to import its asking for a PIN - no idea what this pin is. I built the box and have admin privilege

any help would be great

0
Tsviatko Yovtchev
Telerik team
answered on 06 Mar 2017, 06:06 PM
Hi,

Did you try exporting the certificate by clicking the relevant option in Options ->> HTTPS -> Actions? 

Regards,
Tsviatko Yovtchev
Telerik by Progress
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
0
Sean
Top achievements
Rank 1
answered on 07 Mar 2017, 08:40 PM
I have installed Fiddler on Ubuntu 16.04, but have not imported the certs to Chrome successfully. In Chrome, I go to settings, advanced, Certificate Manager, and click on Import. I think I made a minor error by unzipping the content to my home directory. I can run Fiddler fine when I issue mono Fiddler.exe. I also did issue the command: "/usr/lib/mono//mozroots --import --sync". I think my problem is that I do not know where to look for the certificates, or what format / file extension to look for. There is also no readme file for installation process aside from what is on http://www.telerik.com/blogs/fiddler-for-linux-beta-is-here I think this is a great project, I am just trying to see how to get it working on my Ubuntu 16.04 machine.
0
ryan
Top achievements
Rank 1
answered on 25 Mar 2017, 01:26 AM

Hello,

 

I came back here since I needed to reinstall Ubuntu which meant I needed to set up Fiddler again and I couldn't remember what I did.  After reading my posts above I still can't remember.

 

I think I am inching closer to getting this certificate to recognize.  By that I mean that when I went to Google a few hours ago, while using Fiddler, I would see the 'Connection Not Secure message' - which I think means Google is just actively refusing to recognize Fiddler's certificate.  Now, I am getting a This Site Can't Be Reached page (ERR_SOCKET_NOT_CONNECTED) page.

 

I have tried a number of different things today to try to get this to work, but this is what I did with my last attempt:

- Installed mono 4.8.0

- Did not run the '/usr/lib/mono//mozroots --import --sync' command from the Linux setup page since when I tried I got a message in Terminal saying that mozroots is depreciated and to use client_sync instead.  (client_sync seems to just update the mono cert store with whatever CRT file you pass to it.  

- Installed Fiddler (Left it as default as I could - using 8888 as listing port)

- Ticked the 'Decrpyt HTTPS' box in Fiddler

- Exported the Fiddler certificate to the desktop

- Converted the CER cert file to PEM format (CRT specifically) with openssl (CA-certificates on ubuntu needs a PEM formatted cert file and the CER file Fiddler exports is in a binary format.)

- Copied the CRT file to /usr/share/ca-certificates/

- From terminal ran 'sudo dpkg-reconfigure ca-certificates'   (Clicked 'Ask' then 'OK')  (this re configures ca-certificates,  runs update-ca-certificate, and updates mono cert store (by running client_sync from mono and passes it the updated ca-certificates.crt file that this process creates).  This places a PEM version of the Fiddler CRT file into /etc/ssl/ca-certificates/ and packages it into the bigger ca-certificates.conf file which lists out all the certs that is in your root authority.

 

This is pretty much where I am at right now.  Turning Fiddler off - I can get to Google just fine, turning it on gives me the page I mentioned at the top of this post.  I can see all other HTTP requests as expected.

 

When I got this to work last time, I was reading a lot of suggestions of the web for how to get a CA certificate installed on Ubuntu and tried to pick that trail up again, but everything I read has since blended together.  I do vaguely remember importing the Fiddler cert file into Firefox as a Person, exporting that cert, then importing the file I just exported back into FF as a CA trusted root, then deleted the person cert that I installed in the first place.  I think I them used the cert exported from FF to import to the system with -update-ca-certificates'.  I have no idea if this was a critical step or not.

I was also playing around with mitmproxy at the same time which also needed a proxy - again, no idea if that helped the process at all.

 

@Tim - I see 'Certificate Import Error - The Private Key for this Client Certificate is missing or invalid' when attempting to import the cert file as anything except a trusted root in Chrome or FF.

 

I am basically throwing things at a wall right now and seeing what sticks.

0
Tim
Top achievements
Rank 1
answered on 07 Apr 2017, 10:58 PM

Tsviatko,

I'm using fiddler on Ubuntu 14.04 (not the new linux beta version).

There  is no [Action] button.

Is it the case Fiddler on linux/Ubuntu just doesn't handle HTTPS?

Thanks,

Tim

0
Tsviatko Yovtchev
Telerik team
answered on 13 Apr 2017, 02:30 PM
Hi Tim,

It looks like the UI is broken on your side. Could you attach a screenshot of that? Have you moved/deleted any files in the FIddler folder?

Regards,
Tsviatko Yovtchev
Telerik by Progress
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
0
Rob
Top achievements
Rank 1
answered on 12 Oct 2017, 02:11 PM

I too hit this particular problem, the fix for me was after exporting the cert to ensure I was importing it into the "Authorities" certificate store using certificate manager within Chromium.

Since then I am able to successfully decrypt HTTPS streams and I no longer receive the annoying Chromium stoppage warning.

 

0
Joshua
Top achievements
Rank 1
answered on 05 Mar 2020, 02:01 AM
Just like in windows  navigate to ipv4.fiddler:8888 in your browser and it will add it to your browser automatically after you download it.  Also i do know that fiddler through stand alone OS as opposed to VM or Virtual box if you boot into linux from your hdd or a flash drive you will have issues capturing traffic as fiddler has trouble occupying Sockets in linux ... if your running linux on a vm or VB you shouldnt have that problem.
Tags
Linux
Asked by
ryan
Top achievements
Rank 1
Answers by
ryan
Top achievements
Rank 1
Tim
Top achievements
Rank 1
Tsviatko Yovtchev
Telerik team
Sean
Top achievements
Rank 1
Rob
Top achievements
Rank 1
Joshua
Top achievements
Rank 1
Share this question
or