how to Capture https with fiddler, in java
Create a keystore containing the Fiddler certificate. Use this keystore as the truststore for the JVM along with the proxy settings.
Here's how to do that:
- Export Fiddler's root certificate
Tools -> Fiddler Options... -> HTTPS -> Export Root Certificate to Desktop
- Create a keystore with this certificate
Open command line as administrator (keytool doesn't work otherwise)
<JDK_Home>\bin\keytool.exe -import -file C:\Users\<Username>\Desktop\FiddlerRoot.cer -keystore FiddlerKeystore -alias Fiddler
Enter a password when prompted. This should create a file called FiddlerKeystore.
- Now start the JVM with Fiddler as the proxy and this keystore as the truststore. You'll need these vmargs:
-DproxySet=true
-DproxyHost=127.0.0.1
-DproxyPort=8888
-Djavax.net.ssl.trustStore=<path\to\FiddlerKeystore>
-Djavax.net.ssl.trustStorePassword=<Keystore Password>
Use these vmargs in your eclipse run configuration and you should be good to go.
I'm able to capture HTTPS requests made from the JVM without any issues with this setup.
Create a keystore containing the fiddler certificate and use it:
java -DproxySet=true -DproxyHost=127.0.0.1 -DproxyPort=8888 -Dhttps.proxyPort=8888 -Dhttps.proxyHost=127.0.0.1 -Djavax.net.ssl.trustStore=<path to FiddlerKeystore> -Djavax.net.ssl.trustStorePassword=<password> -jar test.jar
If you use third party HTTP libraries, you need to set the connection proxies. Example with Apache Commons HttpClient:
HttpClient httpClient = new HttpClient();
httpClient.getHostConfiguration().setProxy("localhost", 8888);
UPDATE:
if you are using Apache HttpClient 4.5.5 or newer, you need to do it like this:
HttpHost proxy = new HttpHost("localhost", 8888, "http");
DefaultProxyRoutePlanner routePlanner = new DefaultProxyRoutePlanner(proxy);
CloseableHttpClient httpclient = HttpClients.custom()
.setRoutePlanner(routePlanner)
.build();
You can also import the Fiddler key into the Java trusted certificates store (as long as you are aware that this is not secure and you don't do this on any non-development environment):
- Export Fiddler's root certificate from within Fiddler:
Tools → Fiddler Options... → HTTPS → Actions → Export Root Certificate to Desktop
- Start an elevated Command Prompt and use the following command to import the certificate. Replace the
jdk1.7.0_79
part with your appropriate JDK/JRE version. If you have multiple JDK/JRE's installed, you'll need to perform this action per environment.
"keytool.exe" -import -noprompt -trustcacerts -alias FiddlerRoot -file c:\work\FiddlerRoot.cer -keystore "C:\Program Files\Java\jdk1.7.0_79\jre\lib\security\cacerts" -storepass changeit
I also had a problem with decrypting HTTPS traffic using the Google API Client in combination with Fiddler. The problem was that by default, the client uses it's own cert store:
InputStream keyStoreStream = GoogleUtils.class.getResourceAsStream("google.jks");
SecurityUtils.loadKeyStore(certTrustStore, keyStoreStream, "notasecret");
And this is how i fixed this:
HttpTransport transport = new NetHttpTransport()
//instead of transport = GoogleNetHttpTransport.newTrustedTransport();