This is a migrated thread and some comments may be shown as answers.

what is the cause of "invalid signature" response?

3 Answers 471 Views
Fiddler Classic
This is a migrated thread and some comments may be shown as answers.
John
Top achievements
Rank 1
John asked on 17 Jul 2015, 12:10 PM

I have a reverse proxy configured

 

[client machine sending rest api requests] <--https--> [[fiddler listening on port:443] <-->  [web server]]

 

I'm trying to capture and modify web api requests that are sent by the client machine to an https web server(sqa2.ourdomain.com).  This machine can't be configured to go through a proxy which is why I need the reverse proxy solution.  I configured fiddler on the server :

 1. as documented else where, after rebding the website to port 444, I've put the following in the onbeforerequest handler

        if (oSession.HostnameIs("sqa2.ourdomain.com") &&
                (oSession.oRequest.pipeClient.LocalPort == 443)) 
        {
            
            oSession.host = "sqa2.ourdomain.com:444";
        }

 2. I've run !listen 443 sqa2.ourdomain.com

I've been able to successfully capture the outgoing http api request and response, but the response gives

{
  "Status": {
    "code": "770",
    "message": "Authorization error - Invalid signature"
  }
}

What is causing this response? 

 

3 Answers, 1 is accepted

Sort by
0
John
Top achievements
Rank 1
answered on 17 Jul 2015, 12:19 PM
3. I've also installed the exported fiddler root certificate on the client's machine local computer certificate root authority store.
0
Eric Lawrence
Telerik team
answered on 17 Jul 2015, 04:05 PM
It's hard to tell without more context (e.g. a SAZ capture of the traffic) but what you've describe suggests that the request over HTTPS is decrypted properly but the server itself isn't happy with the request in some way. You may need to look into the code on the server that generates that response to see what signature it is referring to.

Just to confirm though-- this server doesn't require a client certificate, does it?

Regards,
Eric Lawrence
Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
0
John
Top achievements
Rank 1
answered on 17 Jul 2015, 07:07 PM
Thanks for the reply. Yes, it is because in the outgoing URL,  the authorization signature is sent. This is generated from the url service end point and data payload. So, for I'll have to speak with the developers to turn this off or some how reconstruct the correct signature before sending it out.
Tags
Fiddler Classic
Asked by
John
Top achievements
Rank 1
Answers by
John
Top achievements
Rank 1
Eric Lawrence
Telerik team
Share this question
or