Discussions Fiddler Everywhere Forum macOS

Can't capture https package from PHP curl program

 

I can use Fiddler Everywhere normally even in Linux container until I try to analyze packages from PHP program.


My environment is

PHP@7.2MacBook Pro with M1 chipMacOS 12.0.1Root cert is already trusted.

and then run my code on local machine (not in container) by php artisan tinker


These are my sample code:


$ch = curl_init(); curl_setopt($ch, CURLOPT_PROXY, '127.0.0.1:8866');curl_setopt ( $ch, CURLOPT_URL, "https://www.google.com/" );
curl_exec ( $ch );


Fiddler only shows a close connection as the following image, and curl_exec will return false.


CleanShot 2021-12-24 at 01.00.54.png


But when I just remove CURLOPT_PROXY option, it back to normal.

curl_exec will return HTML of https://www.google.com.

2 CommentsSorted by Oldest First

Sorry for my formatting.


my environment is

  • PHP@7.2
  • MacBook Pro with M1 chip
  • MacOS 12.0.1
  • Root cert is already trusted.

Sample code is 

$ch = curl_init(); 
curl_setopt($ch, CURLOPT_PROXY, '127.0.0.1:8866');
curl_setopt ( $ch, CURLOPT_URL, "https://www.google.com/" );
curl_exec ( $ch );

Hey Jared,


I've posted the suggestions below in our email thread, but for transparency and for added visibility to the community I am also reposting those here:


...

It looks like that only the non-secure HTTP traffic goes through, while the HTTPS traffic is failing. You can try to disable the SSL/TLS  check. The flag --ssl-no-revoke does the job for a CLI executed curl request.
curl --url https://www.example.com/ -x 127.0.0.1:8866 --ssl-no-revoke -v
The above probably corresponds to CURLOPT_SSL_VERIFYPEER https://curl.se/libcurl/c/CURLOPT_SSL_VERIFYPEER.html and CURLOPT_SSL_VERIFYHOST https://curl.se/libcurl/c/CURLOPT_SSL_VERIFYHOST.html

I am not familiar with PHP curl in detail, but you can also try to specify the Fiddler root certificate explicitly.  The curl CLI documentation mentions the flag --cacert
--cacert <file>

(TLS) Tells curl to use the specified certificate file to verify the peer. The file may contain multiple CA certificates. The certificate(s) must be in PEM format. Normally curl is built to use a default file for this, so this option is typically used to alter that default file...
The above probably corresponds to CURLOPT_CAINFO https://curl.se/libcurl/c/CURLOPT_CAINFO.html

If none of the above helps, you could try to output more verbose errors from curl while using curl_error and curl_errno
Comments to this discussion are now closed!
More topics in macOS
See all 53 topics
Copyright © 2020, Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.