79

I've got Fiddler to decrypt https traffic. which works just fine.

http://fiddler2.com/documentation/Configure-Fiddler/Tasks/DecryptHTTPS

But there are some requests that are shown as "Tunnel to" port 443. Also the protocol of these requests are shown as HTTP instead of HTTPS. I do not see the decrypted content of these requests.

enter image description here

on the response details pane, it's shown as below:

enter image description here

Can someone let me know how I can get fiddler to decrypt these tunnelled requests too. Also appreciate if you could provide me some details about what's going on in this case.

Cheers.

Eranga Dissanayaka
  • 1,930
  • 3
  • 24
  • 27

4 Answers4

34

You should start by reading this thread, which explains what a HTTP CONNECT Tunnel is: https://groups.google.com/forum/#!topic/httpfiddler/RCkzE3HhhxY

Since you have enabled decryption, if you're not seeing any HTTPS traffic in Fiddler, you either have a Filter enabled (click Help > Troubleshoot Filters) or you have not configured Windows to trust the Fiddler root certificate and hence your clients are aborting the connection as soon as they see the (untrusted) Fiddler certificate.

EricLaw
  • 56,563
  • 7
  • 151
  • 196
  • Thanks! great description, helped solve a problem I was having. +1 rep. – classicjonesynz Aug 08 '13 at 01:28
  • I configured Windows to trust the Fiddler root certificate and now I can see traffic from tunnelled connections generated on the PC, but for devices using the PC as proxy I only see the "tunnel to" requests. How can I see the devices' tunnelled requests? – Roberto Dec 14 '14 at 23:24
  • 2
    @Roberto: You're asking a different question, so you should probably do so by creating a new question on StackOverflow. The problem you're almost certainly having is that you haven't configured your devices to trust Fiddler's certificate, and thus they aren't sending any requests, instead aborting the connection when they see Fiddler's certificate. – EricLaw Dec 15 '14 at 16:10
  • @EricLaw I dont think that answers the question asked. You are just explaining how HTTPS works and how to configure Fiddler to decrypt the Https data by adding it as a root certificate, what Eranga is asking is how to view data that is flowing in HTTPS Sockets. Fiddler just shows the Connection parameters in `Tunnel to` but any data exchange later on is not displayed. :-( . Can be done using Wireshark but i guess again we wont be able to decrpyt data in Wireshark – rahulg Aug 31 '15 at 10:50
  • PS : I found that normal HTTPS CONNECTS are well shown in Fiddler but in case of long HTTPS SOCKETS , Fiddler doesn't seem to understand well – rahulg Aug 31 '15 at 11:00
  • 2
    @rahulg: I think you're confused, as was the original author. Fiddler shows the `CONNECT` tunnel as a `Tunnel to` entry. The decrypted HTTPS requests and responses are shown as their own entries within the Session list, following the `Tunnel to` entry. I have no idea what you mean by `https sockets` but you can rest assured that millions of users use Fiddler to watch HTTPS traffic. – EricLaw Aug 31 '15 at 16:48
  • Hi @EricLaw : Sorry for the bad nomenclature, but got mixed up after researching around with various Sniffers. So, what I exactly wanted to say is `Fiddler` does show `HTTPS` data with the proper Root certificate installed, but in case of (not https sockets rather) `WebSockets` (those used by `web.whatsapp.com` ), Fiddler doesn't show the data in the `Tunnel`, at least the `Body` count doesn't seem to increase – rahulg Sep 01 '15 at 08:07
  • If you want to view WebSocket traffic, you need to double-click the WebSocket. See http://www.telerik.com/blogs/what-s-new-in-fiddler-4-5. We're now badly off-topic. – EricLaw Sep 01 '15 at 15:36
  • In my case I had to go to Tools > Options > HTTPS > Decrypt HTTPS Traffic > **...from ALL processes**. That's why it was ignoring my web client. – R. Navega Oct 09 '21 at 07:13
8

As of IOS 10, there is one additional step. You need to trust the certificate. Settings -> General -> About -> Certificate Trust Settings

https://textslashplain.com/2016/07/27/using-fiddler-with-ios-10-and-android-7

Nate Pink
  • 91
  • 1
  • 5
1

Some versions of Fiddler handler this better than others. At my workplace, we needed to route external devices through Fiddler. Following exactly the same setup and Fiddler options, we have four PCs and two devices. Two of PC Fiddler instances get stuck unable to successfully tunnel every time, for either device. Two of the PC Fiddler instances work flawlessly, for either device. The common denominator between PCs was Fiddler version: Fiddler 4.4.9.2: Tunneling works, on both PCs, for both external devices Fiddler 4.4.9.7: Tunneling fails, on both PCs, for both external devices

Also note that there is further setup for Win8 applications to avoid getting stuck tunneling. You may need to follow the "Win8 Config" button, ensure your app is checked as a loopback exemption, restart Fiddler... Unfortunately, and this is something I've only seen once so far, you may still get stuck on tunneling until you turn OFF HTTPS decryption settings and turn them back on. Even after you've trusted the certificate and then restarted Fiddler. I can't explain that one, but I got back to exactly the same settings I started with and it just started working.

Finally, if you are developing your own Win8 applications with an appxmanifest, it couldn't hurt to turn on capabilities like privateNetworkClientServer to help enable certain Fiddler test scenarios.

Guest
  • 11
  • 2
0

I suppose it is pretty late to answer this question as well my answer might not directly resolve the question but I assume it will resolve the main motive.

So if it is web app you are monitoring, basically Google Chrome lets you look into Websockets in Network->Websockets as shown below. enter image description here

rahulg
  • 2,183
  • 3
  • 33
  • 47