To record HTTPS traffic, you need to trust the Fiddler root certificate. That should be done only once per machine. There are several ways this can be done.
During installation, the installer will prompt to trust the Fiddler root certificate. Tick the Install Fiddler certificate for add-on version checkbox and click Next.
A Windows confirmation dialog will appear next, where you can confirm that you trust the root certificate upon which it will be added to trusted Certificate Authorities.
You can also install the StresStimulus Certificate root the same way by ticking the Install StresStimulus certificate for standalone version checkbox. You will get another Windows confirmation dialog to confirm trusting the certificate.
When using the add-on version, Fiddler should be configured to decrypt HTTPS traffic. Follow these steps:
1. In Fiddler's main menu, select Tools -> Fiddler Options and click the HTTPS tab.
2. Check three boxes:
- Capture HTTPS CONNECTs
- Decrypt HTTPs traffic
- Ignore server certificate errors and click OK
3. Restart Fiddler
4. If the recorder was open, click Close Recorder and then re-open it from StresStimulus.
Note: Fiddler uses a "man-in-the-middle" technique to decrypt HTTPS traffic. For more details, check this source.
Sometimes after enabling HTTPS and with Fiddler running, secure pages do not appear in the browser, and an error message is displayed instead. In some cases, this happens because the Fiddler certificate was created using incorrect settings. Make sure the CertEnroll engine is used to generate the certificates. For more information, click here.
In some cases, the error pages displayed in the browser because your Webserver uses HTTPS protocols that are not enabled in Fiddler by default. After installation, Fiddler is configured to support SSL3 and TLS1.0. For example, if your server uses TLS1.1, then to add this protocol, click the Protocols link, and in the appeared dialog append the missing protocol.
- No labels