Tracking HTTPS Web Services Through Fiddler

Introduction

Many times, in our projects, we have to work with secure Web Services. Most of the time, for development purposes, we need to track the Service requests and responses.

In this post we will discuss, how we can secure Services through Fiddler. Fiddler is a free Web debugging proxy that works with any Browser, system or platform. For further information, check it out here.

Now, let’s see, how we can enable Fiddler to track the secured Services.

Configure Fiddler

We are using Fiddler Web Debugger (v4.5.1.2) in this demonstration, but the process is similar for all nearby Fiddler versions.

Launch Fiddler and go to “Fiddler Options…”

Fiddler

Select HTTPS tab and select “Capture HTTPS CONNECTs”, “Decrypt HTTPS traffic” and “Ignore Server certification errors (unsafe)” check boxes and click “OK”.

https

This will export the certificate on the selected location. Below messages will be shown, once it is completed successfully. Click “OK”.

message

Now, let’s register this certificate in the system. For this, first go to Run and type “MMC” command. This will open “Microsoft Management Console”.

run

Click “File” and select “Add/Remove Snap-in…”.

Add/Remove Snap-in

Select “Certificates” on the left and click “Add >”.

Add

It will ask for type of account to be used, select “Computer account” and click “Next”.

Next

Next, select “Local computer” as a computer type and click “Finish”.

Local computer

This will add Certificates in the selected snap-ins. Click “OK”.

Certificates

Once you are back on Console Window, Certificates (Local Computer) is now visible on the left column. Right click on “Trusted Root Certification”, select “All Tasks” and click “Import…”.

Import

It will open a Certificate Import Wizard. Just click “Next >”.

Next

Select the certificate we have saved on the desktop earlier and click “Open”.

Open

Next screen shows, what file you are importing. Don’t change anything and click “Next >”.

Next

In its final step, Wizard shows the summary of what is imported. Click “Finish”. In case of success, it will show you a message “The import was successful”.

import

import

Don’t forget to save Console. Try to close the Console Window and it will ask to save it. Click “Yes” to save the settings.

save

If you have also saved the settings previously, it will ask for overwrite, save the new settings.

settings

In the last step, add the code, given below in your Application’s Web.config. This will route everything through your local proxy.

  1. <defaultProxy>  
  2.     <proxy proxyaddress="http://127.0.0.1:8888" usesystemdefault="False" />   
  3. </defaultProxy>  
Now, open Fiddler and run your Application. Fiddler will now track all HTTP as well as HTTPS Web Services.