Fiddler Ideas

The free web debugging proxy for any browser, system or platform.

Use SSLKEYLOGFILE to decrypt HTTPS as an alternative to Fiddler Root certificate

I came across anĀ article describing how Wireshark is able to decrypt SSL encrypted network traffic by making use of a feature in Mozilla Firefox and Google Chrome: If a system environment variable named SSLKEYLOGFILE is set to a valid filename, those browsers will write SSL key data to the file. Wireshark, in turn, uses to the contents of the file to decrypt SSL encrypted packets that it captures.

Assuming it's technically possible, it would be great if Fiddler could do the same as an alternative to use the Fiddler Root certificate.

  • Dan Stevens
  • Aug 19 2016
  • Needs review
  • Attach files
  • Eric Lawrence commented
    August 23, 2016 06:22

    It's a huge amount of code for very questionable benefit, but it's potentially possible.

  • Tsviatko Yovtchev commented
    September 01, 2016 16:49

    Dan,is there something that bothers you in the certificates approach?

  • Jens Borgland commented
    August 21, 2018 06:12

    I agree that this would be a very valuable enhancement. The current approach with Fiddler acting as a man-in-the-middle for example doesn't work if the server uses HSTS.

  • badr elmers commented
    November 19, 2018 11:12

    fiddler make a new conection when used as a proxy, and this make false results sometimes,while the wireshark method does not touch the conexion. SSLKEYLOGFILE is a must, curl too support it now. please add it. thank you