I was trying to capture the HTTP/HTTPS Traffic in Firefox using Fiddlercore but i am getting the error "This Connection is Untrusted". i had tried to change the proxy setting to the Use System Proxy and added the FiddlerCore Certificate even though i am getting "This Connection is Untrusted" This is the Error I am getting.
可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
回答1:
My other answer is still relevant so I'm posting a new one.
I came across updated information in regards to this issue. It is due to a Fiddler update. Explanation here from Fiddler's author: http://textslashplain.com/2015/10/30/reset-fiddlers-https-certificates/
To fix: Fiddler 4.6.1.5+
- Click Tools > Fiddler Options.
- Click the HTTPS tab.
- Ensure that the text says Certificates generated by CertEnroll engine.
- Click Actions > Reset Certificates. This may take a minute.
- Accept all prompts
That page also has instructions for how to reset scripts for older versions of Fiddler.
After resetting Fiddler's certificates, I then had to configure Firefox to trust Fiddler's cert again (see Trusting the Certificate section here).
回答2:
The key here is this statement:
This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate.
You could try removing the header in Fiddler rules by inserting this line in the OnPeekAtResponseHeaders function.
oSession.oResponse.headers.Remove("Strict-Transport-Security");
You would also need to remove any existing HSTS settings already in the browser. Instructions can be found here
or just use Chrome. It seems a little less strict in these scenarios.
回答3:
I had Fiddler enabled and was trying to connect to a Dynamics CRM page online--something that has always worked--and I kept getting the same issue.
The only workaround I've found to be successful so far is:
- Make sure the Fiddler cert is imported into Firefox (see "Trusting the Certificate" here)
Press Ctrl + Shift + Del and delete all Site Preferences for time range: Everything as shown. Note that this also clears other site preferences such as site-specific permissions or zoom levels.
This is required because Firefox stores HSTS information in the Site Preferences.
Another workaround for my scenario is to just use IE.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://i.stack.imgur.com/Jd0s9.png', '推荐 贼婆χ 的文章《Fiddlercore is not able Capture the traffic for HT》','https://www.manongdao.com/article-2199362.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}