Login to start a new topic

Decrypt HTTPS Traffic

I'm not able to view web pages even though I'm capturing HTTPS traffic.  It's showing me clearly encrypted data in the Web tab like this.

image



I looked at this doc but it seems to be for a previous version of the product and I looked at this page which at least seems to be the same UI style as the product I downloaded, but I don't see this

image

I see this instead

image


What am I doing wrong?



1 person has this question

OK, Nick.  Your work is much appreciated.

Hey Mhadavi,


There is a bug that might change the switch's ON/OFF state. The team already acknowledged the issue, and we will introduce a fix in one of the upcoming releases.


As for the disappearing content (when the content is encoded), the original behavior idea was to hide the encoded content and show it only when the Decode button is used - this is why you see the content only when it is decoded. However, we are currently researching other UX approaches like showing the encoded content or a sample string that informs the users that there is encoded content in the body. I will post here as soon as I know more about the final implementation we will publish.

Nick, what is interesting is that in my case the tool tip for the same symbol says "Click to show original body"; whereas, in your case it says "Click to show decoded ...".     


And, the behavior is consistent in that when I press the button I see the encoded body.  When I unpress the button, the encoded body disappears (please see the attached screenshot).


Now, I wonder how come?    Do I have a configuration issue/step that I need to take care of?


Thanks.

docx

Try toggling the Decode button in the Raw inspector.

Thank you again, Nick.  I believe I'm using the Raw inspector in the Request.  I see the Preview option only in the Response.


Here is another set of screen shots (attached).  I copy paste the compressed content into another tool to decompress it.  My hope was Fiddler could do that for me since we are using a supported Content-Encoding.


Please feel free to point out something that I might be missing.

pdf

Hey Mhadavi,


Try using the Raw inspector to see the decoded content (instead of the Preview inspector used in the screenshot). The Preview inspector should show some known image formats and HTML pages. I suspect that in your case, the content is now some known format. If possible, please let us know what the decoded content should represent.

Thanks, Nick.  I'm no sure what I'm overlooking since I do see the compressed text.  However, when I try to decode it, I get nothing.  Please see the attached file.

pdf
(51.1 KB)

Hey Mhadavi,


In the latest version of Fiddler Everywhere (1.5.1 ) all Inspectors (except for the Raw inspector) are decoding the content by default. The Raw inspector also could decode the content (here we moved the decode button) as described in this documentation article.

Just installed Fiddler Everywhere (v1.5.1).  Works great and I can capture http/https messages.  However, if an https message has: "Content-Encoding: gzip", I cannot unzip the body.  In fact, I do not even see the "Decrypt HTTPS Traffic" checkbox.  The attached file shows what I see.  Please advise....Thanks.

Hey Michael,


Could you try the troubleshooting flow described in the KB article for testing the certificate import & trusting on macOS?

Today, I updates to version  v1.2.1 to see if that helps, but I'm seeing the exact same issues and unable to decrypt HTTPS. The Fiddler Anywhere app will not allow me to select "Capture HTTPS traffic" in the settings and clicking "Trust root certificate" yields the error message, "Fiddler Root Certificate NOT Trusted Successfully".

Thanks for the reply, Nick. 


I have verified that "Always trust" is checked on the Fiddler Root certificate in Keychain Access. See attached screenshot, "Always Trust.png".


On the HTTPS Settings, I'm unable to check the "Capture HTTS traffic" (UI indicates the option is unavailable/grayed out) and clicking "Trust root certificate" yields popup message in red, "Fiddler Root Certificate NOT trusted successfully" after I enter my password. See attached screenshot file, "NOT successfully trusted.png".


Attached are the log files captured after starting Fiddler Anywhere and attempting to enable Capture HTTPS and receiving the "NOT successfully tested" popup message.


In addition to restarting Fiddler Anywhere and rebooting, I've also tried deleting it and reinstalling it, but there's been no change. 


Thanks for taking a look and let me know if I can provide any other useful details. 


Regards, 

Michael 


log
(1.53 KB)
log
(3.75 KB)

Hey Michael,


Thank you for letting us know about the CAPTCHA issue - we have temporary removed this requirement until the problem is resolved.


Meanwhile, regarding your issue with the Fiddler Everywhere trust certificate = could you verify that you have checked "Always trust" when adding the certificate manually (see detailed steps here). Additionally, restart Fiddler Everywhere, try to automatically enable HTTPS (via the Settings > HTTPS > Trust Root Certificate), and then send us the Fiddler logs (see details about the logs here), so we could investigate the case further.


1 person likes this

I've used Fiddler for years on Windows and I've used a few different debugging tools on macOS to decrypt HTTPS traffic such as Charles Proxy, OWASP ZAP,  and Wireshark. In short, I've successfully installed trusted root certificates for HTTPS debugging in the past.


It appears that Fiddler Anywhere thinks the Fiddler Root certificate is not installed and trusted. 


When I try using the "Trust root certificate" button on the HTTPS Settings page, I get the popup error "Fiddler Root Certificate NOT Trusted Successfully" and I'm prevented from checking the"Capture HTTPS traffic" option. 


I've also tried exporting the Root certificate to the desktop and manually installing it as trusted into the macOS Keychain Access, but still, the "Capture HTTPS traffic" option is not available. 


macOS version is 10.15.7

Fiddler Anywhere version is 1.2.0


I've tried restarting Fiddler Anywhere, rebooting, removing, and reinstalling the Fiddler root certificate, but still unable to capture HTTPS traffic. I checked Security & Privacy settings in System Preferences but didn't see anything obvious. My user is an Admin on my MacBook. 


Any ideas what might be wrong or what I should look at? 


Cheers,

Michael 


PS - The Captcha on this forum is preventing me from starting a new topic. Lame. 

Hey Koonmin25,


The GZIP decoding should work as expected. I've tested it on my side via


https://httpbin.org/gzip


And with Decode turned on the Raw inspector shows the following:


HTTP/1.1 200 OK
Date: Wed, 14 Oct 2020 10:25:07 GMT
Content-Type: application/json
Content-Length: 227
Connection: keep-alive
Server: gunicorn/19.9.0
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true

{
  "gzipped": true, 
  "headers": {
    "Host": "httpbin.org", 
    "User-Agent": "Fiddler Everywhere", 
    "X-Amzn-Trace-Id": "Root=1-5f86d203-6c49290c3136dbf619fbb4da"
  }, 
  "method": "GET", 
  "origin": "82.103.64.96"
}


Turning off the Decode option and replaying the request is immediately showing an encoded (GZIP-ed) content.


Login to start a new topic