Login to start a new topic

Decrypt HTTPS Traffic

I'm not able to view web pages even though I'm capturing HTTPS traffic.  It's showing me clearly encrypted data in the Web tab like this.

image



I looked at this doc but it seems to be for a previous version of the product and I looked at this page which at least seems to be the same UI style as the product I downloaded, but I don't see this

image

I see this instead

image


What am I doing wrong?




Most of the responses are using additional compression or are encoded for the purpose of additional security. So to be able to read the content, you need to activate the Decode option from the Live Traffic toolbar menu (the second icon from the left). Refer to this documentation article for more details.


1 person likes this

Hi, I am having same issue with web browsers even with Decode turned on.

My Fiddler is setup properly to decrypt https traffic because when I point mobile device to it I can see https traffic decrypted.

image



But when I use web browser on mac the traffic is not decrypted.

image


Hey Loveleen.saini,


Thanks for sharing the screenshots. From them I could see that the Content-Encoding is BR (Brotli) which is currently not supported by Fiddler Everywhere. The issue is acknowledged by the team and there is a feature request logged here (which you could upvote).

Thanks for quick response. I have upvoted the feature request.

Hi Nick,


Is it Content-Encoding is gzip, is also not supported by Fiddler Everywhere to decode? Cos i get the similar weird characters from the raw response. I'm using Fiddler Everywhere on Linux.

if i removed gzip from the accept-encoding request, the raw response will be in readable html text.

Hey Koonmin25,


The GZIP decoding should work as expected. I've tested it on my side via


https://httpbin.org/gzip


And with Decode turned on the Raw inspector shows the following:


HTTP/1.1 200 OK
Date: Wed, 14 Oct 2020 10:25:07 GMT
Content-Type: application/json
Content-Length: 227
Connection: keep-alive
Server: gunicorn/19.9.0
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true

{
  "gzipped": true, 
  "headers": {
    "Host": "httpbin.org", 
    "User-Agent": "Fiddler Everywhere", 
    "X-Amzn-Trace-Id": "Root=1-5f86d203-6c49290c3136dbf619fbb4da"
  }, 
  "method": "GET", 
  "origin": "82.103.64.96"
}


Turning off the Decode option and replaying the request is immediately showing an encoded (GZIP-ed) content.


I've used Fiddler for years on Windows and I've used a few different debugging tools on macOS to decrypt HTTPS traffic such as Charles Proxy, OWASP ZAP,  and Wireshark. In short, I've successfully installed trusted root certificates for HTTPS debugging in the past.


It appears that Fiddler Anywhere thinks the Fiddler Root certificate is not installed and trusted. 


When I try using the "Trust root certificate" button on the HTTPS Settings page, I get the popup error "Fiddler Root Certificate NOT Trusted Successfully" and I'm prevented from checking the"Capture HTTPS traffic" option. 


I've also tried exporting the Root certificate to the desktop and manually installing it as trusted into the macOS Keychain Access, but still, the "Capture HTTPS traffic" option is not available. 


macOS version is 10.15.7

Fiddler Anywhere version is 1.2.0


I've tried restarting Fiddler Anywhere, rebooting, removing, and reinstalling the Fiddler root certificate, but still unable to capture HTTPS traffic. I checked Security & Privacy settings in System Preferences but didn't see anything obvious. My user is an Admin on my MacBook. 


Any ideas what might be wrong or what I should look at? 


Cheers,

Michael 


PS - The Captcha on this forum is preventing me from starting a new topic. Lame. 

Hey Michael,


Thank you for letting us know about the CAPTCHA issue - we have temporary removed this requirement until the problem is resolved.


Meanwhile, regarding your issue with the Fiddler Everywhere trust certificate = could you verify that you have checked "Always trust" when adding the certificate manually (see detailed steps here). Additionally, restart Fiddler Everywhere, try to automatically enable HTTPS (via the Settings > HTTPS > Trust Root Certificate), and then send us the Fiddler logs (see details about the logs here), so we could investigate the case further.


1 person likes this

Thanks for the reply, Nick. 


I have verified that "Always trust" is checked on the Fiddler Root certificate in Keychain Access. See attached screenshot, "Always Trust.png".


On the HTTPS Settings, I'm unable to check the "Capture HTTS traffic" (UI indicates the option is unavailable/grayed out) and clicking "Trust root certificate" yields popup message in red, "Fiddler Root Certificate NOT trusted successfully" after I enter my password. See attached screenshot file, "NOT successfully trusted.png".


Attached are the log files captured after starting Fiddler Anywhere and attempting to enable Capture HTTPS and receiving the "NOT successfully tested" popup message.


In addition to restarting Fiddler Anywhere and rebooting, I've also tried deleting it and reinstalling it, but there's been no change. 


Thanks for taking a look and let me know if I can provide any other useful details. 


Regards, 

Michael 


log
(1.53 KB)
log
(3.75 KB)

Today, I updates to version  v1.2.1 to see if that helps, but I'm seeing the exact same issues and unable to decrypt HTTPS. The Fiddler Anywhere app will not allow me to select "Capture HTTPS traffic" in the settings and clicking "Trust root certificate" yields the error message, "Fiddler Root Certificate NOT Trusted Successfully".

Hey Michael,


Could you try the troubleshooting flow described in the KB article for testing the certificate import & trusting on macOS?

Login to start a new topic