Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to make proxy settings match between IE and Fiddler2 to decrypt HTTPS traffic

Posted on 2014-01-14
6
Medium Priority
?
1,261 Views
Last Modified: 2014-01-19
I applied Fiddler2 to capture HTTPS traffic one PC within corporate environment successfully. It's IE8 running on Win7. There was no special configuration required to make it work. All the HTTPS traffic data packets were decrypted succeccfully.

However, it was not so well to apply same to the laptop PC, Win 7 + IE10, in my house. No problem to general HTTP. When trying to capture HTTPS traffic, I got proxy error in the begining. I tried to set the connected ISP proxy setting in the "LAN setting", and make sure Fiddler2 did use this proxy settings. There was "Proxy error" until the server/domain of HTTPS communicating with were listed in the "Skip ....." list of decryption list.


How can I make both IE and Fiddler2 match with each other to decrypt HTTPS traffic successfully?
0
Comment
Question by:ChihChieh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 64

Expert Comment

by:btan
ID: 39782058
I thinking of the below and also the key difference is the proxy and the browser version. But always try with cache and cookie cleared first. The 502 error (bad gateway or proxy error) is mostly network error so if browser with fiddler is complaining that it means fiddler is not responding or browser just not even seeing its traffic upstream acknowledged.

(0) Isolate test without ISP proxy instead if possible, e.g. VPN established then try IE10

(1) Tried Chrome which is following IE proxy and see if it also encounter such error. Or try fiddlercap though it may also be using the fiddler2 setting.
@ http://fiddler2.com/fiddlercap/

(2) Every browser allows you to connect a proxy server; usually this is the Options (or Preferences) menu.  You can either point directly at Fiddler (address: 127.0.0.1, port: 8888), or you can use Proxy Auto-configuration. The advantage of auto-configuration is that Fiddler rewrites the configuration script when it is attached and detached, meaning you shouldn't need to manually enable or disable the proxy in your client depending on whether or not Fiddler is loaded.  Simply restart the browser and the new setting is detected. You can get the correct auto-configuration URL from Fiddler by clicking Tools / Fiddler Options / Connections, and clicking the "Copy Browser Proxy Configuration URL" link.

(3) It is not stated in the "known issues"
@ http://www.enhanceie.com/fiddler/help/knownissues.asp

(4) Note that Fiddler does not support upstream proxy configuration scripts that are accessed using the FILE:// protocol, only those accessed using the HTTP or HTTPS protocols
@ http://fiddler2.com/documentation/KnowledgeBase/Proxy
0
 

Author Comment

by:ChihChieh
ID: 39790509
checked with my ISP. There is no proxy server for its clients. Try to point to public external proxy server manualling in Fiddler. It does not work. Could installing a proxy server be an solution?
0
 
LVL 64

Expert Comment

by:btan
ID: 39790528
Wondering if using other browser will work? This is for the sake of isolation to see if ie10 is an issue. If other browser also has the errors likely the https proxy may need an "internal" tier before reaching ISP. that is the same setup as your success case.

Hence we can try doing vpn into internal enterprise lan and try https proxy using ie10 to see if there is any differences. This test will be via the internal proxy.

The challenge is now if all don't work then likely fiddler2 and ie10 combi need more search ...
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 64

Accepted Solution

by:
btan earned 2000 total points
ID: 39790568
We also want to make sure there is no other service proxying ssl in the machine. There are some AV that may have such service.  The ie proxy setting should have exception list emptied and set all protocol to go through the same proxy address that work for your http test.

Also the client certificate if needed should be in current user personal certificate store. You can see using certmgr.exe. maybe just have one client cert and not multiple for a start.

Otherwise try other proxy likes Burp suite which is java based
http://portswigger.net/burp/help/suite_gettingstarted.html#browser
0
 

Author Comment

by:ChihChieh
ID: 39791742
I might have found the root cause - Entrust installation running on my PC. What error message displayed on IE distracted the investigation.
There was error message in Fiddler log, "SecureClientPopeDirect failed: The credentials supplied to the package were not recognized on pipe ". Searching all relevant document, and located one had to do with "Entrust", which was installed on my PC. This also matched about ssl service and certificate.
After uninstall Entrust, it worked. Nothing to do with proxy setting, IE version and any others. Just Entrust.

Thanks
0
 
LVL 64

Expert Comment

by:btan
ID: 39791832
thanks for sharing
0

Featured Post

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Businesses who process credit card payments have to adhere to PCI Compliance standards. Here’s why that’s important.
The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question