fiddler tunnelled http requests to port 443

0
votes

I've got Fiddler to decrypt https traffic. which works just fine.

http://fiddler2.com/documentation/Configure-Fiddler/Tasks/DecryptHTTPS

But there are some requests that are shown as "Tunnel to" port 443. Also the protocol of these requests are shown as HTTP instead of HTTPS. I do not see the decrypted content of these requests.

enter image description here

on the response details pane, it's shown as below:

enter image description here

Can someone let me know how I can get fiddler to decrypt these tunnelled requests too. Also appreciate if you could provide me some details about what's going on in this case.

Cheers

1
httpfiddlerfiddlercorefiddler-dev

1 Answers

0
votes

As noted in the inspector description the line Tunnel to example.org:443 is the first line of a successful captured HTTPS call.

It is notes as HTTP because at that time the HTTPS channel has not been established yet.

If afterwards no further HTTPS requests to that server are shown this means that the program performing the request has not accepted the presented server certificate generated by Fiddler and therefore the HTTPS requests failed.

There are two possible explanations:

  1. The program performing the requests does not trust the Fiddle root CA certificate. For programs that don't use the Windows certificate store (e.g. Firefox) you have to export this root ca certificate from Fiddler and install it manually into the program's certificate trusted store (list of trusted root-CA certificates).

  2. A second possibility is that the site is certificate pinned. For web browsers this can happen is the web site uses the HSTS configuration.