Proxying HTTPS traffic through Fiddler fails for remote clients?

user2248562 picture user2248562 · Apr 5, 2013 · Viewed 24.2k times · Source

Started fiddler on one machine, enabled remote connections and HTTPs. When trying to open IE browser on a remote machine (after configuring proxy settings manually) and trying to browse to https://www.gmail.com, I am getting the usual warning. When trying to "Continue to Web Site" I am getting a "Certificate error: Navigation failed".

Everything works fine when Fiddler and the browser are running on the same machine.

Any help would be appreciated.

Answer

EricLaw picture EricLaw · Apr 5, 2013

You must configure the client machine to trust the Fiddler Server's certificate.

From the help:

Q: Can Fiddler decrypt HTTPS traffic from a different machine?

A: Yes, if you've configured Fiddler to proxy traffic from a second computer or device, you can decrypt that traffic, with two caveats:

  1. If the client computer itself previously had run Fiddler in HTTPS-decryption mode, all attempts to visit HTTPS pages secured by the other computer's version of Fiddler will fail with an unspecified certificate error. To resolve this, remove the old Fiddler root certificate that is in the client's Trusted Root certificate store using certmgr.msc. (The mismatched root certificate causes the problem, as every Fiddler instance generates its own unique root).

  2. If you want the client computer to trust the Fiddler certificate, you will have to copy or download the Fiddler Root certificate to the client computer and manually install it into the Trusted Root Certification Authorities store. You can download the Fiddler Root certificate by visiting using the URL:

    http://hostname.of.FiddlerMachine:8888/FiddlerRoot.cer