Fiddlercore is not able Capture the traffic for HTTPS in Firefox V 41?

Question

I was trying to capture the HTTP/HTTPS Traffic in Firefox using Fiddlercore but i am getting the error "This Connection is Untrusted". i had tried to change the proxy setting to the Use System Proxy and added the FiddlerCore Certificate even though i am getting "This Connection is Untrusted" This is the Error I am getting.

Answer 1

My other answer is still relevant so I'm posting a new one.

I came across updated information in regards to this issue. It is due to a Fiddler update. Explanation here from Fiddler's author: http://textslashplain.com/2015/10/30/reset-fiddlers-https-certificates/

To fix: Fiddler 4.6.1.5+

1. Click Tools > Fiddler Options.
2. Click the HTTPS tab.
3. Ensure that the text says Certificates generated by CertEnroll engine.
4. Click Actions > Reset Certificates. This may take a minute.
5. Accept all prompts

That page also has instructions for how to reset scripts for older versions of Fiddler.

After resetting Fiddler's certificates, I then had to configure Firefox to trust Fiddler's cert again (see Trusting the Certificate section here).

Answer 2

The key here is this statement:

This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate.

You could try removing the header in Fiddler rules by inserting this line in the OnPeekAtResponseHeaders function.

oSession.oResponse.headers.Remove("Strict-Transport-Security");

You would also need to remove any existing HSTS settings already in the browser. Instructions can be found here

or just use Chrome. It seems a little less strict in these scenarios.

Answer 3

I had Fiddler enabled and was trying to connect to a Dynamics CRM page online--something that has always worked--and I kept getting the same issue.

The only workaround I've found to be successful so far is:

1. Make sure the Fiddler cert is imported into Firefox (see "Trusting the Certificate" here)

2. Press Ctrl + Shift + Del and delete all Site Preferences for time range: Everything as shown. Note that this also clears other site preferences such as site-specific permissions or zoom levels.

   

   This is required because Firefox stores HSTS information in the Site Preferences.

Another workaround for my scenario is to just use IE.