stackoom
  简体   繁体   中英

How does Fiddler work with HTTPS

 原文  2015-01-24 01:25:54       ssl/ https/ certificate

Question

I made HTTP proxy server. But the problem that I can't decrypt SSL traffic.

I found that Fiddler install Trust Root Certificate. I did the same and now I don't have error that certificate untrusted but I got other error: wrong Common Name (CN). How fiddler change the CN of installed trusted certificate?

Will appreciate any answer.

1 answers

solution1
 0  2015-01-24 08:38:15

Fiddler acts as an SSL termination proxy. Ie the connection goes like this:

Browser ---(SSL handshake)---> Fiddler --- (SSL handshake) ---> Actual Site

So your connection is first time encrypted and sent to Fiddler, where it is first decrypted by Fiddler and then again encrypted to be sent to the actual site that you access.

Additionally when you access a site Fiddler automatically generates a server certificate with a CN that is equal to the host name of the site and this certificate is signed by the CA of fiddler That's why Fiddler needs to install a set of trusted CAs in your browser so that the first SSL handshake can be made against a trusted authority.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Fiddler how to remove HTTPS extensions? How does the communication with an HTTPS Web Proxy Work? How to capture python SSL(HTTPS) connection through fiddler2 How to start fiddler as a https proxy from command line? Fiddler fail to access HTTPS page Intercepting HTTPS trafic with libcurl and Fiddler QNetworkAccessManager does not work on windows with https 1and1 HTTPS redirect does not work but HTTP does How to capture HTTPS(TLS 1.0) communications from Android App with Fiddler4? Fiddler - Capture HTTPS Traffic from Web Application
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM