This is a migrated thread and some comments may be shown as answers.

Unable to communicate with server

4 Answers 607 Views
Windows
This is a migrated thread and some comments may be shown as answers.
Salvatore
Top achievements
Rank 1
Salvatore asked on 07 Mar 2014, 10:04 AM
Hello,

I've been trying to debug some network issues of a .NET WinForms-based application, but when the "Decrypt HTTPS traffic" option is enabled in Fiddler (screenshot1), I always experience issues with the application (screenshot2). The "Decrypt HTTPS traffic" is working for HTTPS traffic handled by web-browsers, but it does not work at all with this Windows program, despite the fact that the "response header" to CONNECT <removed>:443 HTTP/1.1 is

HTTP/1.1 200 Connection Established
Misc: Proxy-Agent: IWSS

Is there any way to decrypt HTTPS traffic generated by applications other than web-browsers?
I guess that the issue may be related to some conflict with the corporate firewall Trend Micro InterScan Web Security Suite (IWSS), but I'd appreciate some ideas / advices.

Thanks,
Salvatore

4 Answers, 1 is accepted

Sort by
0
Salvatore
Top achievements
Rank 1
answered on 07 Mar 2014, 10:05 AM
Note: when "Decrypt HTTPS traffic" is not enabled, there are no communication issues with server.
0
Salvatore
Top achievements
Rank 1
answered on 07 Mar 2014, 10:49 AM
Maybe the Fiddler logs can provide some hints:

-= Fiddler Event Log =-

11:48:15:7501 !SecureClientPipeDirect failed: The credentials supplied to the package were not recognized on pipe to (CN=<removed>, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com)
11:48:15:9691 !SecureClientPipeDirect failed: The credentials supplied to the package were not recognized on pipe to (CN=<removed>, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com)
11:48:17:7363 !SecureClientPipeDirect failed: The credentials supplied to the package were not recognized on pipe to (CN=<removed>, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com)
11:48:17:9523 !SecureClientPipeDirect failed: The credentials supplied to the package were not recognized on pipe to (CN=<removed>, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com)
11:48:18:2104 !SecureClientPipeDirect failed: The credentials supplied to the package were not recognized on pipe to (CN=<removed>, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com)
11:48:18:4254 !SecureClientPipeDirect failed: The credentials supplied to the package were not recognized on pipe to (CN=<removed>, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com)
11:48:18:6564 !SecureClientPipeDirect failed: The credentials supplied to the package were not recognized on pipe to (CN=<removed>, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com)
11:48:18:8704 !SecureClientPipeDirect failed: The credentials supplied to the package were not recognized on pipe to (CN=<removed>, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com) 
0
Salvatore
Top achievements
Rank 1
answered on 07 Mar 2014, 11:07 AM
I sorted this out removing and re-creating the certificate:

1) I clicked "Remove Interception Certificates" button in Fiddler's Tools >>> Fiddler Options >>> HTTPS tab.

2) I re-created and trusted a new certificate

Now the log tab contains:

12:01:24:7034 /Fiddler.CertMaker> Invoking makecert.exe with arguments: -r -ss my -n "CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com" -sky signature -eku 1.3.6.1.5.5.7.3.1 -h 1 -cy authority -a sha1 -m 132 -b 03/06/2013
12:01:24:7054 /Fiddler.CertMaker>1-CreateCert(DO_NOT_TRUST_FiddlerRoot) => (0).

12:02:12:2504 /Fiddler.CertMaker> Invoking makecert.exe with arguments: -pe -ss my -n "CN=<removed>, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com" -sky exchange -in DO_NOT_TRUST_FiddlerRoot -is my -eku 1.3.6.1.5.5.7.3.1 -cy end -a sha1 -m 132 -b 03/06/2013
12:02:12:5234 /Fiddler.CertMaker>38-CreateCert(<removed>) => (0). 

And HTTPS traffic is decoded correctly!

It may help someone else. :-)

Salvatore
0
Илья
Top achievements
Rank 1
answered on 16 Mar 2020, 08:27 AM
I had the same issue with pfx container directly from OpenSSL application. Try to export PFX container from Windows Certificate Manager and to use this in Fiddler.
Tags
Windows
Asked by
Salvatore
Top achievements
Rank 1
Answers by
Salvatore
Top achievements
Rank 1
Илья
Top achievements
Rank 1
Share this question
or