Fiddler Ideas

The free web debugging proxy for any browser, system or platform.

SSL troubleshooting

I am testing against an HTTPS intranet server that Fiddler is unable to proxy to.  I set the Protocols to <client>;tls1.2 and that did not work.  I changed back to tls 1.0.

 

I restarted Fiddler with this as the Protocols list:

<client>;tls1.0

 

Wireshark shows Fiddler is still sending a Client Hello with TLS 1.2!

 

Please add additional logging  / troubleshooting.

 

Current log:

 

14:23:17:3284 Assembly 'C:\Users\xxxx\AppData\Local\Programs\Fiddler\CertMaker.dll' was not found. Using default Certificate Generator.
14:23:17:3349 /Fiddler.CertMaker> Using .‰+˜ for certificate generation; UseWildcards=True.

14:23:17:4280 fiddler.network.https> HTTPS handshake to xxxxx.xxxxx.com (for #7) failed. System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < The message received was unexpected or badly formatted
Win32 (SChannel) Native Error Code: 0x80090326
 

 

  • Guest
  • Feb 21 2018
  • Needs review
Bug
  • Attach files
  • Guest commented
    February 21, 2018 21:38

    I changed from to

     

    <client>; ssl3;tls1.1

     

    ssl3;tls1.0

     

    And now it WORKS.

     

    In this configuration Fidder is sending a Client Hello

     

    Version TLS 1.0 (ox0301)

    Handshake Protocol: Client Hello

       Version TLS 1.2 (ox0303)

     

    This works.

     

    Please add logging so it shows what exactly Fiddler is sending on the handshake.  Evidently the user input for the HTTPS Protocols is a  bit buggy / finicky. 

     

    Please document what <client> does as well.

     

  • Eric Lawrence commented
    February 22, 2018 23:37

    If you use <client>;tls1.0, this means that Fiddler will use whatever protocols your client offers, as well as TLS/1.0. In the event that there is no client (e.g. you're using the Composer), only TLS/1.0 should be offered: https://www.telerik.com/blogs/fiddler-and-modern-tls-versions

     

  • Guest commented
    May 08, 2018 15:41

    more woes with this.  Try doing a GET by entering this in the browser ( I was using Edge on Windows 10 here)

    https://login.microsoftonline.com/sdfdsfdsf

     

    This will return a 404 NOT FOUND if Fiddler is not enabled.

    It will block and eventually return a Proxy error if you enable Fiddler - regardless of what is in the Protocols list, and even if I whitelist the domain in"skip decryption"