Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Making fiddler work with chrome

I want to use fiddler to monitor api calls made by my browser when it visits some pages.

The technology - Fiddler 4.6x, Chrome 56, Firefox 51, Windows 7 64 bit.

The problem - Fiddler does not work with chrome. When I open any page on chrome, I get the error "Your connection is not private: Attackers might be trying to steal your information from website (for example, passwords, messages, or credit cards). NET::ERR_CERT_AUTHORITY_INVALID". FYI, I easily fixed a similar issue with firefox.

Solutions I tried that failed - Four hours of google and stack overflow did not give me any solutions.

  1. Convert the fiddler cert to pk 7 ??? format.

  2. Import fiddler cert into chrome. Also, grant the cert all kinds of advanced permissions.

  3. Install the fiddler cert with admin rights on windows, by "running" it.

  4. Run chrome and ignore cert errors.

  5. Regenerating the fiddler cert and restarting fiddler and browsers as given in the official fiddler book.

In 2,3 the cert never appeared in trusted cert store, but appeared in personal and immediate cert store. In 1, nothing even happened. Please tell me how I can make this work. Any links to the basics of all this would help.

like image 722
MasterJoe Avatar asked Jan 27 '17 20:01

MasterJoe


Video Answer


2 Answers

I was facing similar issue with Fiddler v4.6 and followed these steps:

Fiddler 4.6.1.5+

  • Click Tools > Fiddler Options.
  • Click the HTTPS tab.
  • Ensure that the text says Certificates generated by CertEnroll engine.
  • Click Actions > Reset Certificates. This may take a minute.
  • Accept all prompts

Fiddler 4.6.1.4 and earlier

  • Click Tools > Fiddler Options.
  • Click the HTTPS tab
  • Uncheck the Decrypt HTTPS traffic checkbox
  • Click the Remove Interception Certificates button. This may take a minute.
  • Accept all of the prompts that appear (e.g. Do you want to delete these certificates, etc)
  • (Optional) Click the Fiddler.DefaultCertificateProvider link and verify that the dropdown is set to CertEnroll
  • Exit and restart Fiddler
  • Click Tools > Fiddler Options.
  • Click the HTTPS tab
  • Re-check the Decrypt HTTPS traffic checkbox
  • Accept all of the prompts that appear (e.g. Do you want to trust this root certificate)

Reference: https://textslashplain.com/2015/10/30/reset-fiddlers-https-certificates/

like image 150
Abir Pathak Avatar answered Sep 24 '22 17:09

Abir Pathak


I used these two stack overflow posts -

https://superuser.com/questions/145394/windows-7-will-not-install-a-root-certificate

https://superuser.com/questions/647036/view-install-certificates-for-local-machine-store-on-windows-7

I don't know what is happening. One of these posts worked and I got the fiddler cert into the trusted store. But, fiddler still cannot decrypt many websites https traffic, especially that of google.

like image 36
MasterJoe Avatar answered Sep 24 '22 17:09

MasterJoe