Making fiddler work with chrome

google-chrome https certificate fiddler
15,882

Solution 1

I was facing similar issue with Fiddler v4.6 and followed these steps:

Fiddler 4.6.1.5+

  • Click Tools > Fiddler Options.
  • Click the HTTPS tab.
  • Ensure that the text says Certificates generated by CertEnroll engine.
  • Click Actions > Reset Certificates. This may take a minute.
  • Accept all prompts

Fiddler 4.6.1.4 and earlier

  • Click Tools > Fiddler Options.
  • Click the HTTPS tab
  • Uncheck the Decrypt HTTPS traffic checkbox
  • Click the Remove Interception Certificates button. This may take a minute.
  • Accept all of the prompts that appear (e.g. Do you want to delete these certificates, etc)
  • (Optional) Click the Fiddler.DefaultCertificateProvider link and verify that the dropdown is set to CertEnroll
  • Exit and restart Fiddler
  • Click Tools > Fiddler Options.
  • Click the HTTPS tab
  • Re-check the Decrypt HTTPS traffic checkbox
  • Accept all of the prompts that appear (e.g. Do you want to trust this root certificate)

Reference: https://textslashplain.com/2015/10/30/reset-fiddlers-https-certificates/

Solution 2

I used these two stack overflow posts -

https://superuser.com/questions/145394/windows-7-will-not-install-a-root-certificate

https://superuser.com/questions/647036/view-install-certificates-for-local-machine-store-on-windows-7

I don't know what is happening. One of these posts worked and I got the fiddler cert into the trusted store. But, fiddler still cannot decrypt many websites https traffic, especially that of google.

Solution 3

After I reinstalled fiddler and did what Abir suggested Fiddler still didn't capture any traffic.

In my case it stopped working because I installed a chrome extension named Tunnel Bear, uninstalling the extension solved it for me.

Share:
15,882
MasterJoe
Author by

MasterJoe

Hello employers ! I am a 21 year old guy with 30 years of work experience ;) Please don't contact me if you need someone with 31 years of experience or more. I doubt I can handle that. My favorite style of interview - Develop non-trivial algorithms in a 1 hour phone screen interview. Please ask me happy path tests only or better yet, use only one test input. Let's spend the first 30 minutes in chit chat to get to know each other. My favorite coworkers - The ones who ask you to read an entire book, when you occasionally ask them a tiny question about a language or technology which you will hardly use at work. My favorite stack overflow users - The ones who down vote or delete answers or questions without any explanation, especially those contributions which are deemed useful or up voted by other users. It would be fun to have such people as coworkers.

Updated on June 04, 2022

Comments

  • MasterJoe
    MasterJoe almost 2 years

    I want to use fiddler to monitor api calls made by my browser when it visits some pages.

    The technology - Fiddler 4.6x, Chrome 56, Firefox 51, Windows 7 64 bit.

    The problem - Fiddler does not work with chrome. When I open any page on chrome, I get the error "Your connection is not private: Attackers might be trying to steal your information from website (for example, passwords, messages, or credit cards). NET::ERR_CERT_AUTHORITY_INVALID". FYI, I easily fixed a similar issue with firefox.

    Solutions I tried that failed - Four hours of google and stack overflow did not give me any solutions.

    1. Convert the fiddler cert to pk 7 ??? format.

    2. Import fiddler cert into chrome. Also, grant the cert all kinds of advanced permissions.

    3. Install the fiddler cert with admin rights on windows, by "running" it.

    4. Run chrome and ignore cert errors.

    5. Regenerating the fiddler cert and restarting fiddler and browsers as given in the official fiddler book.

    In 2,3 the cert never appeared in trusted cert store, but appeared in personal and immediate cert store. In 1, nothing even happened. Please tell me how I can make this work. Any links to the basics of all this would help.

    • HCJ
      HCJ over 5 years
      Did you find a solution? I am facing this same problem.
  • EricLaw
    EricLaw over 7 years
    You don't need to export Fiddler's certificate from Fiddler to trust it on the same PC. Instead choose the Trust Root Certificate option in the Actions menu.
  • MasterJoe
    MasterJoe over 7 years
    I did the same thing with the windows cert store and nothing happened. Fiddler cert did not make it into the trusted store. It went into the immediate and personal store. Every time I messed with certs, I deleted all old certs and reinstalled them for firefox and chrome. Any more suggestions on what I can do ? Could this have anything to do with the way my windows is setup ?
  • TsviatkoYov
    TsviatkoYov over 7 years
    Well that's why it isn't working. It should be in the Trusted Root store. Fiddler uses this cert to sign certificates it generates for each https site you visit. If it is not in the Trusted Root then the certificates signed by it are not trusted by Chrome and hence the warning.
  • MasterJoe
    MasterJoe over 7 years
    Yes, I did the steps to put it in trusted store. But, it still does not get into trusted store. There is no error message. When I open https site in chrome, i get the error i mentioned in the question.
  • MasterJoe
    MasterJoe over 7 years
    @EricLaw - I completely changed my answer. I am still not able to make fiddler work. Could you please help ? Thanks.
  • EricLaw
    EricLaw over 7 years
    Hundreds of thousands of people use Chrome and Fiddler together every day. I wrote Fiddler, and I work on Chrome. The Fiddler Google Group is probably a better place to iterate on this question to figure out why your PC is behaving differently than everyone elses.
  • LeeC
    LeeC over 4 years
    This did not work for me at first, so I closed and reopened Fiddler, then it worked. It so easy to dislike Chrome--the Web browser that will not allow you to see the "WEB ADDRESS" of the "WEB PAGE" as of v79. reddit.com/r/chrome/comments/e9e3er/… Long live Firefox Developer Edition.
  • LeeC
    LeeC over 4 years
    Okay, this was not the problem or the solution. Fiddler does not capture traffic from from Chrome--when you use the crosshairs icon to pick a session for the Chrome tab. Ugh. Yet another known issue with the horrid browser. feedback.telerik.com/fiddler/…
  • LeeC
    LeeC over 4 years
    Best solution: telerik.com/forums/… Meanwhile, you could use a different technique to capture traffic only from the Chrome or Edge browsers. When the first request/response goes through Fiddler you could right-click on the session in the sessions list view on the left side and click on the Filter Now > Show Only Process= ProcessID context menu. Later, when you want to remove the filter, just right-click on the Hide Process!= ProcessID label below the QuickExec command line.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Why does Chrome say "Your connection to this site is not secure" even if the certificate is valid?
How do I disable the warning Chrome gives if a security certificate is not trusted?
How do I view Current User Certificates, and not Local Machine Certificates, on Windows?
How to download a file using HTTPS connection using VBSCRIPT and by accepting all the certiifcates
Comodo SSL: ERR_CERT_AUTHORITY_INVALID on Chrome mobile and Opera mobile (Android)
How to deal with mixed content in a website which should be secured as https?
iPhone: install certificate for SSL connection
Failed to load response data with Chrome on HTTPs
How do I use self signed certificate in Axis2 Java client?
Java web service over https - How to add a self-signed certificate into a client api?