Thursday, December 06, 2012

Fiddler debugging tool with HTTPS

I"m using Fiddler to look at HTTPS traffic between different application servers.

HTTPS isn't setup by default and the Fiddler2 website has information on setting it up correctly and exporting the certificate for Firefox to use.

I have some brief instructions below (for my own future reference and anyone else out there).

Start Fiddler 2.4x

The steps are to go to Tools, Fiddler Options > HTTPS. Check 'Decrypt HTTPS Traffic," under "Capture HTTPs Connects," and click Yes for the scary dialog box. This exports a root certificate for you Windows machine to use.  I then chose ...from browsers only from the pull-down menu because I'm looking at HTTPS traffic only. Check the 'Ignore Server Certificate Errors,' too.

To make Firefox work with Fiddler I choose 'Export Root Certificate to Desktop.'  Launch Firefox and go to Tools > Options. Select the Advanced tab and then the Encryption (or Certificates) tab and click the 'View Certificates ' and choose Import. Import the root certificate from the desktop.

Also, when I wanted to inspect traffic in Fiddler, I used the Inspectors view on the right and WebForms > WebView to see HTTPS browser responses. That wasn't as intuitive when I first started using the program, but was quite helpful when I needed to look at HTTPS html responses