I am running the following java program in the Eclipse IDE:
import java.net.*;
import java.io.*;
public class HH
{
public static void main(String[] args) throws Exception
{
//if i comment out the system properties, and don't set any jvm arguments, the program runs and prints out the html fine.
System.setProperty("http.proxyHost", "localhost");
System.setProperty("http.proxyPort", "8888");
System.setProperty("https.proxyHost", "localhost");
System.setProperty("https.proxyPort", "8888");
URL x = new URL("https://www.google.com");
HttpURLConnection hc = (HttpURLConnection)x.openConnection();
hc.setRequestProperty("User-Agent","Mozilla/5.0 (Windows NT 6.0)
AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.121 Safari/535.2");
InputStream is = hc.getInputStream();
int u = 0;
byte[] kj = new byte[1024];
while((u = is.read(kj)) != -1)
{
System.out.write(kj,0,u);
}
is.close();
}
}
This produces the following exception, if fiddler is RUNNING, both while capturing, and not capturing:
Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown ...
If I close fiddler, the program runs fine without any exceptions, producing the html on the url i am connecting to.
alternatively, if i specify System.setProperty("https.proxyPort", "443");
, instead of: System.setProperty("https.proxyPort", "8888");
, it runs and prints out all html, without exceptions, even while fiddler is open, in capturing mode, but there is still no capturing from fiddler at all.
Then if I set these system properties through eclipse's jvm arguments like: -DproxySet=true -DproxyHost=127.0.0.1 -DproxyPort=8888
, the same exact exception happens again, so long as the fiddler app is running, both in capturing and non capturing mode. If i close fiddler, the program will run perfectly fine.
If i use: System.setProperty("http.proxyHost", "127.0.0.1");
instead of: System.setProperty("http.proxyHost", "localhost");
, it runs fine with fiddler application running, both cap-/non capturing mode, but also NO captured traffic.
Is anyone out there, able to capture their own https traffic with fiddler, NOT through a web browser, but through a java program? What are the jvm arguments, how do you set it up to do this? thanks
Create a keystore containing the Fiddler certificate. Use this keystore as the truststore for the JVM along with the proxy settings.
Here's how to do that:
Tools -> Fiddler Options... -> HTTPS -> Export Root Certificate to Desktop
Open command line as administrator (keytool doesn't work otherwise)
<JDK_Home>\bin\keytool.exe -import -file C:\Users\<Username>\Desktop\FiddlerRoot.cer -keystore FiddlerKeystore -alias Fiddler
Enter a password when prompted. This should create a file called FiddlerKeystore.
-DproxySet=true
-DproxyHost=127.0.0.1
-DproxyPort=8888
-Djavax.net.ssl.trustStore=<path\to\FiddlerKeystore>
-Djavax.net.ssl.trustStorePassword=<Keystore Password>
Use these vmargs in your eclipse run configuration and you should be good to go.
I'm able to capture HTTPS requests made from the JVM without any issues with this setup.