Making fiddler work with chrome

4
votes

I want to use fiddler to monitor api calls made by my browser when it visits some pages.

The technology - Fiddler 4.6x, Chrome 56, Firefox 51, Windows 7 64 bit.

The problem - Fiddler does not work with chrome. When I open any page on chrome, I get the error "Your connection is not private: Attackers might be trying to steal your information from website (for example, passwords, messages, or credit cards). NET::ERR_CERT_AUTHORITY_INVALID". FYI, I easily fixed a similar issue with firefox.

Solutions I tried that failed - Four hours of google and stack overflow did not give me any solutions.

  1. Convert the fiddler cert to pk 7 ??? format.

  2. Import fiddler cert into chrome. Also, grant the cert all kinds of advanced permissions.

  3. Install the fiddler cert with admin rights on windows, by "running" it.

  4. Run chrome and ignore cert errors.

  5. Regenerating the fiddler cert and restarting fiddler and browsers as given in the official fiddler book.

In 2,3 the cert never appeared in trusted cert store, but appeared in personal and immediate cert store. In 1, nothing even happened. Please tell me how I can make this work. Any links to the basics of all this would help.

4
google-chromehttpscertificatefiddler
Did you find a solution? I am facing this same problem.HCJ

4 Answers

11
votes

I was facing similar issue with Fiddler v4.6 and followed these steps:

Fiddler 4.6.1.5+

  • Click Tools > Fiddler Options.
  • Click the HTTPS tab.
  • Ensure that the text says Certificates generated by CertEnroll engine.
  • Click Actions > Reset Certificates. This may take a minute.
  • Accept all prompts

Fiddler 4.6.1.4 and earlier

  • Click Tools > Fiddler Options.
  • Click the HTTPS tab
  • Uncheck the Decrypt HTTPS traffic checkbox
  • Click the Remove Interception Certificates button. This may take a minute.
  • Accept all of the prompts that appear (e.g. Do you want to delete these certificates, etc)
  • (Optional) Click the Fiddler.DefaultCertificateProvider link and verify that the dropdown is set to CertEnroll
  • Exit and restart Fiddler
  • Click Tools > Fiddler Options.
  • Click the HTTPS tab
  • Re-check the Decrypt HTTPS traffic checkbox
  • Accept all of the prompts that appear (e.g. Do you want to trust this root certificate)

Reference: https://textslashplain.com/2015/10/30/reset-fiddlers-https-certificates/

2
votes

I used these two stack overflow posts -

https://superuser.com/questions/145394/windows-7-will-not-install-a-root-certificate

https://superuser.com/questions/647036/view-install-certificates-for-local-machine-store-on-windows-7

I don't know what is happening. One of these posts worked and I got the fiddler cert into the trusted store. But, fiddler still cannot decrypt many websites https traffic, especially that of google.

1
votes

After I reinstalled fiddler and did what Abir suggested Fiddler still didn't capture any traffic.

In my case it stopped working because I installed a chrome extension named Tunnel Bear, uninstalling the extension solved it for me.

0
votes

Firefox has its own certificate store so I assume you just installed the DO_NOT_TRUST... Fiddler root cert there and everything worked. Pretty much you should do the same with Windows certificate store in order for Chrome to work. So make sure you remove all the fiddler certificates you previously generated and regenerate.