Change the root signing certificate used by Fiddler

3
votes

Fiddler allows one to decrypt HTTPS traffic by doing a MITM attack. Fiddler generates a root certificate, that when added to the Trusted Root Authorities, apps that use the certificate store can be intercepted as they trust the generated root certificate.

However, the specific app that I want to intercept is using a weak form of certificate pinning. The site certificate must have a specific value for the Issuer.CN field. Therefore the generated root certificate must have a CN value that I specify, and not the default value of DO_NOT_TRUST_FiddlerRoot.

Is it possible to use a custom root certificate with Fiddler?

1
ssl-certificatefiddlercertificate-authority

1 Answers

3
votes

You can use either:

CertMaker.StoreCert("example.com", certMyCert);`

or

CertMaker.StoreCert("example.com", "C:\\temp\\cert.pfx", "TopSecretPassword");

to have Fiddler return the certificate of your choice to the client application. You will, of course, have to generate the certificates (using whatever tools you like) and possibly configure the OS to trust the self-signed root you use.

The first call requires that your X509Certificate2 be installed in your certmgr.msc (so its private key can be found) while the second allows you to specify a PFX file from disk.