6

I want to use fiddler to monitor api calls made by my browser when it visits some pages.

The technology - Fiddler 4.6x, Chrome 56, Firefox 51, Windows 7 64 bit.

The problem - Fiddler does not work with chrome. When I open any page on chrome, I get the error "Your connection is not private: Attackers might be trying to steal your information from website (for example, passwords, messages, or credit cards). NET::ERR_CERT_AUTHORITY_INVALID". FYI, I easily fixed a similar issue with firefox.

Solutions I tried that failed - Four hours of google and stack overflow did not give me any solutions.

  1. Convert the fiddler cert to pk 7 ??? format.

  2. Import fiddler cert into chrome. Also, grant the cert all kinds of advanced permissions.

  3. Install the fiddler cert with admin rights on windows, by "running" it.

  4. Run chrome and ignore cert errors.

  5. Regenerating the fiddler cert and restarting fiddler and browsers as given in the official fiddler book.

In 2,3 the cert never appeared in trusted cert store, but appeared in personal and immediate cert store. In 1, nothing even happened. Please tell me how I can make this work. Any links to the basics of all this would help.

Community
  • 1
  • 1
MasterJoe
  • 2,103
  • 5
  • 32
  • 58

5 Answers5

12

I was facing similar issue with Fiddler v4.6 and followed these steps:

Fiddler 4.6.1.5+

  • Click Tools > Fiddler Options.
  • Click the HTTPS tab.
  • Ensure that the text says Certificates generated by CertEnroll engine.
  • Click Actions > Reset Certificates. This may take a minute.
  • Accept all prompts

Fiddler 4.6.1.4 and earlier

  • Click Tools > Fiddler Options.
  • Click the HTTPS tab
  • Uncheck the Decrypt HTTPS traffic checkbox
  • Click the Remove Interception Certificates button. This may take a minute.
  • Accept all of the prompts that appear (e.g. Do you want to delete these certificates, etc)
  • (Optional) Click the Fiddler.DefaultCertificateProvider link and verify that the dropdown is set to CertEnroll
  • Exit and restart Fiddler
  • Click Tools > Fiddler Options.
  • Click the HTTPS tab
  • Re-check the Decrypt HTTPS traffic checkbox
  • Accept all of the prompts that appear (e.g. Do you want to trust this root certificate)

Reference: https://textslashplain.com/2015/10/30/reset-fiddlers-https-certificates/

Abir Pathak
  • 129
  • 1
  • 4
  • This did not work for me at first, so I closed and reopened Fiddler, then it worked. It so easy to dislike Chrome--the Web browser that will not allow you to see the "WEB ADDRESS" of the "WEB PAGE" as of v79. https://www.reddit.com/r/chrome/comments/e9e3er/ver79_chrome_wont_display_https_or_http_and/ Long live Firefox Developer Edition. – LeeC Dec 18 '19 at 18:52
  • Okay, this was not the problem or the solution. Fiddler does not capture traffic from from Chrome--when you use the crosshairs icon to pick a session for the Chrome tab. Ugh. Yet another known issue with the horrid browser. https://feedback.telerik.com/fiddler/1399896-target-any-process-feature-no-longer-working-with-chrome – LeeC Dec 18 '19 at 19:01
  • Best solution: https://www.telerik.com/forums/capturing-traffic-stops-when-dragging-the-any-process-target-to-chrome Meanwhile, you could use a different technique to capture traffic only from the Chrome or Edge browsers. When the first request/response goes through Fiddler you could right-click on the session in the sessions list view on the left side and click on the Filter Now > Show Only Process= ProcessID context menu. Later, when you want to remove the filter, just right-click on the Hide Process!= ProcessID label below the QuickExec command line. – LeeC Dec 18 '19 at 19:07
2

I used these two stack overflow posts -

https://superuser.com/questions/145394/windows-7-will-not-install-a-root-certificate

https://superuser.com/questions/647036/view-install-certificates-for-local-machine-store-on-windows-7

I don't know what is happening. One of these posts worked and I got the fiddler cert into the trusted store. But, fiddler still cannot decrypt many websites https traffic, especially that of google.

Community
  • 1
  • 1
MasterJoe
  • 2,103
  • 5
  • 32
  • 58
  • You don't need to export Fiddler's certificate from Fiddler to trust it on the same PC. Instead choose the `Trust Root Certificate` option in the Actions menu. – EricLaw Jan 27 '17 at 21:14
  • @EricLaw - I completely changed my answer. I am still not able to make fiddler work. Could you please help ? Thanks. – MasterJoe Feb 06 '17 at 05:19
  • 1
    Hundreds of thousands of people use Chrome and Fiddler together every day. I wrote Fiddler, and I work on Chrome. The Fiddler Google Group is probably a better place to iterate on this question to figure out why your PC is behaving differently than everyone elses. – EricLaw Feb 07 '17 at 02:40
1

After I reinstalled fiddler and did what Abir suggested Fiddler still didn't capture any traffic.

In my case it stopped working because I installed a chrome extension named Tunnel Bear, uninstalling the extension solved it for me.

Offir
  • 3,252
  • 3
  • 41
  • 73
0

Firefox has its own certificate store so I assume you just installed the DO_NOT_TRUST... Fiddler root cert there and everything worked. Pretty much you should do the same with Windows certificate store in order for Chrome to work. So make sure you remove all the fiddler certificates you previously generated and regenerate.

TsviatkoYov
  • 297
  • 1
  • 5
  • 1
    I did the same thing with the windows cert store and nothing happened. Fiddler cert did not make it into the trusted store. It went into the immediate and personal store. Every time I messed with certs, I deleted all old certs and reinstalled them for firefox and chrome. Any more suggestions on what I can do ? Could this have anything to do with the way my windows is setup ? – MasterJoe Feb 01 '17 at 19:52
  • Well that's why it isn't working. It should be in the Trusted Root store. Fiddler uses this cert to sign certificates it generates for each https site you visit. If it is not in the Trusted Root then the certificates signed by it are not trusted by Chrome and hence the warning. – TsviatkoYov Feb 02 '17 at 18:35
  • Yes, I did the steps to put it in trusted store. But, it still does not get into trusted store. There is no error message. When I open https site in chrome, i get the error i mentioned in the question. – MasterJoe Feb 04 '17 at 00:49
0

if fiddler do not capture chrome traffic, one solution is checking extensions. in my case i use zenmate vpn. when i disable this extension, fiddler capture all traffic in chrome

hamidreza bina
  • 62
  • 8