How to Capture Https with Fiddler, in Java

how to Capture https with fiddler, in java

Create a keystore containing the Fiddler certificate.
Use this keystore as the truststore for the JVM along with the proxy settings.

Here's how to do that:

  • Export Fiddler's root certificate

Tools -> Fiddler Options... -> HTTPS -> Export Root Certificate to Desktop

  • Create a keystore with this certificate

Open command line as administrator (keytool doesn't work otherwise)

<JDK_Home>\bin\keytool.exe -import -file C:\Users\<Username>\Desktop\FiddlerRoot.cer -keystore FiddlerKeystore -alias Fiddler

Enter a password when prompted. This should create a file called FiddlerKeystore.

  • Now start the JVM with Fiddler as the proxy and this keystore as the truststore. You'll need these vmargs:

-DproxySet=true

-DproxyHost=127.0.0.1

-DproxyPort=8888

-Djavax.net.ssl.trustStore=<path\to\FiddlerKeystore>

-Djavax.net.ssl.trustStorePassword=<Keystore Password>

Use these vmargs in your eclipse run configuration and you should be good to go.

I'm able to capture HTTPS requests made from the JVM without any issues with this setup.

Maven: How to capture HTTPS traffic through Fiddler

Settings.xml in the .m2 folder needs to be configured with proxy against fiddler

<proxies>
    <proxy>
        <id>http</id>
        <active>true</active>
        <protocol>http</protocol>
        <username/>
        <password/>
        <host>localhost</host>
        <port>8888</port>
    </proxy>
    <proxy>
        <id>https</id>
        <active>true</active>
        <protocol>https</protocol>
        <username/>
        <password/>
        <host>localhost</host>
        <port>8888</port>
    </proxy>
</proxies>

The Fiddler certificate needs to be exported and added to jssecacerts in JAVA_HOME ($JAVA_HOME\jre\lib\security).

You create the fiddler certificate by using tools --> options -> https --> actions --> Export Root certificate to Desktop

Command to run (must be changed according to JAVA_HOME path):

"C:\Program Files\Java\jdk-11.0.1\bin\keytool" -importcert -file "<Your path to Fiddler certificate>\fiddler root.cert" -keystore "C:\Program Files\Java\jdk-11.0.1\lib\security\jssecacerts" -storepass changeit

Capturing HTTP traffic with Fiddler

Not an answer to the question, but I was able to get Wireshark working as an alternative to view the outbound traffic since it doesn't work as a proxy.

using fiddler with a java soap application call throws SunCertPathBuilderException

You need to provide fiddler`s certificate to your jvm keystore. here its explained how to Capture https with fiddler, in java


Related Topics

Junit - Run Set Up Method Once

How to Escape Reserved Words in Hibernate's Hql

How to Pass Parameter to Jsp:Include via C:Set? What Are the Scopes of the Variables in Jsp

Capturing Browser Logs with Selenium Webdriver Using Java

JSON - Iterate Through JSONarray

Is the in Relation in Cassandra Bad for Queries

Gc Overhead of Optional<T> in Java

Last Iteration of Enhanced for Loop in Java

How to Get a Token from a Lucene Tokenstream

Java Server with Multiclient Communication

Could Not Serialize Object Cause of Hibernateproxy

Prevent Swing Gui Locking Up During a Background Task

Permutation Algorithm Without Recursion? Java

What's the Difference Between Getrequesturi and Getpathinfo Methods in Httpservletrequest

Java.Net.Socketexception: Software Caused Connection Abort: Recv Failed

Read Rsa Private Key of Format Pkcs1 in Java

Is It Necessary to Close Each Nested Outputstream and Writer Separately

Intellij - Convert a Java Project/Module into a Maven Project/Module


Leave a reply



Submit