System wide Fiddler certificate on Ubuntu

Update to say that it looks like I solved my own problem.

I noticed that the FiddlerRoot certificate that I was trying to add to the system didn't look like what I imported into Firefox (The Firefox one contain the key info).  I exported the certificate I had in FireFox and updated the system certs with that file - that one took and now HTTPS requests coming from terminal commands are decoded in Fiddler. =D

The odd thing was the the system didn't want to take the certificate that I exported directly from Fiddler, but Firefox did - maybe a beta limitation?

I'm trying to get fiddler configured for https on Ubuntu 14.04 and keep getting Secure connection Failed. I have errors both on Chrome and FF. I have used it on this machine before for a machine-local server.

I'm testing by trying to goto google.com which redirects to https://google.com - does this work for you?

Did you follow some online procedure to set it up? if so what are you steps?

I have the following:

Fiddler > options > https   Capture Https Connections, Decrypt Https Traffic, from all processes
> Connections port 8888, Allow Remote Comps, Reuse client, reuse server (tried with these unchecked also)
   Act as a sys proxy on startup, Monitor All connections

I exported cert to desktop FiddlerRoot.crt

On Chrome > Settings > Advanced > HTTPS/SSL Manage certs > You Certs > import > (change to all types) > FiddlerRoot.cer  (not crt)

I get an error on import  Certificate Import Error - The Private Key for this Client Certificate is missing or invalid

I generated Cert by using FF: 127.0.0.1:8888  (download FiddlerRoot cert)

I just tried using Chrome to gen the cert, it downloaded, i clicked on it (from within the browser download) which opened up the key.
it looks ok, but when I try to import its asking for a PIN - no idea what this pin is. I built the box and have admin privilege

any help would be great

Hi,

Did you try exporting the certificate by clicking the relevant option in Options ->> HTTPS -> Actions? 

Regards,
Tsviatko Yovtchev
Telerik by Progress

I have installed Fiddler on Ubuntu 16.04, but have not imported the certs to Chrome successfully. In Chrome, I go to settings, advanced, Certificate Manager, and click on Import. I think I made a minor error by unzipping the content to my home directory. I can run Fiddler fine when I issue mono Fiddler.exe. I also did issue the command: "/usr/lib/mono//mozroots --import --sync". I think my problem is that I do not know where to look for the certificates, or what format / file extension to look for. There is also no readme file for installation process aside from what is on http://www.telerik.com/blogs/fiddler-for-linux-beta-is-here I think this is a great project, I am just trying to see how to get it working on my Ubuntu 16.04 machine.

Hello,

 

I came back here since I needed to reinstall Ubuntu which meant I needed to set up Fiddler again and I couldn't remember what I did.  After reading my posts above I still can't remember.

 

I think I am inching closer to getting this certificate to recognize.  By that I mean that when I went to Google a few hours ago, while using Fiddler, I would see the 'Connection Not Secure message' - which I think means Google is just actively refusing to recognize Fiddler's certificate.  Now, I am getting a This Site Can't Be Reached page (ERR_SOCKET_NOT_CONNECTED) page.

 

I have tried a number of different things today to try to get this to work, but this is what I did with my last attempt:

- Installed mono 4.8.0

- Did not run the '/usr/lib/mono//mozroots --import --sync' command from the Linux setup page since when I tried I got a message in Terminal saying that mozroots is depreciated and to use client_sync instead.  (client_sync seems to just update the mono cert store with whatever CRT file you pass to it.  

- Installed Fiddler (Left it as default as I could - using 8888 as listing port)

- Ticked the 'Decrpyt HTTPS' box in Fiddler

- Exported the Fiddler certificate to the desktop

- Converted the CER cert file to PEM format (CRT specifically) with openssl (CA-certificates on ubuntu needs a PEM formatted cert file and the CER file Fiddler exports is in a binary format.)

- Copied the CRT file to /usr/share/ca-certificates/

- From terminal ran 'sudo dpkg-reconfigure ca-certificates'   (Clicked 'Ask' then 'OK')  (this re configures ca-certificates,  runs update-ca-certificate, and updates mono cert store (by running client_sync from mono and passes it the updated ca-certificates.crt file that this process creates).  This places a PEM version of the Fiddler CRT file into /etc/ssl/ca-certificates/ and packages it into the bigger ca-certificates.conf file which lists out all the certs that is in your root authority.

 

This is pretty much where I am at right now.  Turning Fiddler off - I can get to Google just fine, turning it on gives me the page I mentioned at the top of this post.  I can see all other HTTP requests as expected.

 

When I got this to work last time, I was reading a lot of suggestions of the web for how to get a CA certificate installed on Ubuntu and tried to pick that trail up again, but everything I read has since blended together.  I do vaguely remember importing the Fiddler cert file into Firefox as a Person, exporting that cert, then importing the file I just exported back into FF as a CA trusted root, then deleted the person cert that I installed in the first place.  I think I them used the cert exported from FF to import to the system with -update-ca-certificates'.  I have no idea if this was a critical step or not.

I was also playing around with mitmproxy at the same time which also needed a proxy - again, no idea if that helped the process at all.

 

@Tim - I see 'Certificate Import Error - The Private Key for this Client Certificate is missing or invalid' when attempting to import the cert file as anything except a trusted root in Chrome or FF.

 

I am basically throwing things at a wall right now and seeing what sticks.

Tsviatko,

I'm using fiddler on Ubuntu 14.04 (not the new linux beta version).

There  is no [Action] button.

Is it the case Fiddler on linux/Ubuntu just doesn't handle HTTPS?

Thanks,

Tim

Hi Tim,

It looks like the UI is broken on your side. Could you attach a screenshot of that? Have you moved/deleted any files in the FIddler folder?

Regards,
Tsviatko Yovtchev
Telerik by Progress

I too hit this particular problem, the fix for me was after exporting the cert to ensure I was importing it into the "Authorities" certificate store using certificate manager within Chromium.

Since then I am able to successfully decrypt HTTPS streams and I no longer receive the annoying Chromium stoppage warning.

 

Just like in windows  navigate to ipv4.fiddler:8888 in your browser and it will add it to your browser automatically after you download it.  Also i do know that fiddler through stand alone OS as opposed to VM or Virtual box if you boot into linux from your hdd or a flash drive you will have issues capturing traffic as fiddler has trouble occupying Sockets in linux ... if your running linux on a vm or VB you shouldnt have that problem.