where capture HTTPS trafic is on, all MSAL calls fail.
I would like to capture HTTPS only for my API server.
We've been discussing your scenario, and we think we have an alternative approach that should help you resolve the issue. If you set a bypass list by following the steps described below, you should able to capture all traffic (except the MSAL calls) and the MSAL calls should stop failing. Here are the steps that you need to take to make this happen:
1) Start Fiddler Everywhere
2) Start capturing (this step is very important)
3) Open your network preferences and in the Bypass list section you can put the address of the authentication server. This way the requests for authentication will not be proxied to Fiddler Everywhere (attached image for reference)
4) Try the MSAL API
5) Try rest of the calls to the server and verify you can capture them
Let me know if this workaround helps.
Fiddler Everywhere uses a local certificate to decrypt HTTPS traffic and websites that expect a certain certificate (certificate pinning) will see Fiddler's custom certificate and complain about it. With this in mind, there is not way to overcome this issue with the current version of Fiddler Everywhere.
The classic client has an option to skip certain sites (for example *.microsoft.com), so we are aware of a way to remedy the issue. I have forwarded your question to our product manager so he can evaluate if we want to implement the same feature in Fiddler Everywhere. I'll keep you updated in this thread.