6

Is it possible to use a custom root CA for FiddlerCore to intercept HTTPS traffic.

What I need is assigning a certificate to be used to to sign all host certificates.

Another solution can be supplying certificate information to FiddlerCore before creating root certificate.

dereli
  • 1,814
  • 15
  • 23

3 Answers3

2
FiddlerApplication.Startup(9999, FiddlerCoreStartupFlags.DecryptSSL);
var path = Path.GetDirectoryName(Assembly.GetCallingAssembly().Location) + @"\sslcertificate.pfx";
var secureEndpoint = FiddlerApplication.CreateProxyEndpoint(443, true, new X509Certificate2(path, "password"));

You can create your own certificate using Visual Studio tools, however, I used this free program to create a test one cause I am lazy: http://www.xenossoftware.com/freetools/certificategenerator/

If the certificate is installed on the machine, I believe you can also do the same thing using the X509Store class.

Here is some code to do this (not tested):

FiddlerApplication.Startup(9999, FiddlerCoreStartupFlags.DecryptSSL);
var store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
try
{

    store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);

    var x509Certificate2 = store.Certificates.Find(X509FindType.FindBySubjectName, "YourSSLCertificateName", true)[0];

    secureEndpoint = FiddlerApplication.CreateProxyEndpoint(443, true, x509Certificate2);

}
finally
{
    store.Close();
}
josefresno
  • 440
  • 3
  • 12
  • FiddlerApplication.CreateProxyEndpoint(443, true, new X509Certificate2(path, "password")); ... do the certificate parameter represents the new signing root certificate that will be used instead of DO_NOT_TRUST_FIDDLER Certificate ?? – mahmoud nezar sarhan Dec 13 '18 at 16:56
1

FiddlerCore does not currently offer the ability to customize the information contained in its self-signed root. It will generate all end-entity certificates chained to the root named DO_NOT_TRUST_FiddlerRoot.

Can you elaborate on why you seek this capability?

EricLaw
  • 56,563
  • 7
  • 151
  • 196
  • We're using FiddlerCore to provide proxy support on a commercial tool. When user starts the proxy feature, FiddlerCore tries to install Fiddler generated root certificate and FiddlerRoot text is shown. The aim is customizing this text. – dereli Oct 07 '10 at 11:49
  • For actually installing the root, you can do so yourself without calling the FiddlerCore method that does that. However, note that the text of the prompt is from Windows, not Fiddler. X509Store certStore = new X509Store(StoreName.Root, StoreLocation.CurrentUser); certStore.Open(OpenFlags.ReadWrite); try { certStore.Add(oRootCert); // May fail due to user declining Windows' security prompt } finally { certStore.Close(); } There are other ways to install the root, but they require that your application is running as admin. – EricLaw Oct 08 '10 at 15:31
  • It is OK to install a root certificate but the problem is that FiddlerCore won't use that certificate to sign automatically generated per-site certificates. – dereli Oct 10 '10 at 09:30
  • Yes, you need to install the root certificate that FiddlerCore itself uses. Installing some other certificate wouldn't be useful. – EricLaw Oct 11 '10 at 19:22
  • Do you have a plan to let customize text or use custom root certificate? – dereli Oct 13 '10 at 22:36
  • 1
    The text in question is provided by Windows and cannot be changed. To install the root without the text, your application needs to be running as an administrator. – EricLaw Oct 14 '10 at 18:58
-1

You can use oDefaultClientCertificate property of FiddlerApplication to specify existing certificate. I used this on my window service application using FiddlerCoreAPI to capture HTTPS traffic.

var path = Path.GetDirectoryName(Assembly.GetExecutingAssembly().GetName().CodeBase);
path = path.Replace("file:\\", "");
if (!path.EndsWith(@"\")) path += @"\";
path += "FiddlerRoot.cer";

FiddlerApplication.AfterSessionComplete += FiddlerApplication_AfterSessionComplete;
FiddlerApplication.oDefaultClientCertificate = new X509Certificate(path);
FiddlerApplication.Startup(8888, FiddlerCoreStartupFlags.DecryptSSL);
Francis
  • 299
  • 3
  • 2
  • `oDefaultClientCertificate` concerns what client certificate is used; the question is about the root certificate used for *server* certificate generation. – EricLaw May 06 '14 at 18:36