I was trying to capture the HTTP/HTTPS Traffic in Firefox using Fiddlercore but i am getting the error "This Connection is Untrusted". i had tried to change the proxy setting to the Use System Proxy and added the FiddlerCore Certificate even though i am getting "This Connection is Untrusted" This is the Error I am getting.
问题:
回答1:
My other answer is still relevant so I'm posting a new one.
I came across updated information in regards to this issue. It is due to a Fiddler update. Explanation here from Fiddler's author: http://textslashplain.com/2015/10/30/reset-fiddlers-https-certificates/
To fix: Fiddler 4.6.1.5+
- Click Tools > Fiddler Options.
- Click the HTTPS tab.
- Ensure that the text says Certificates generated by CertEnroll engine.
- Click Actions > Reset Certificates. This may take a minute.
- Accept all prompts
That page also has instructions for how to reset scripts for older versions of Fiddler.
After resetting Fiddler's certificates, I then had to configure Firefox to trust Fiddler's cert again (see Trusting the Certificate section here).
回答2:
The key here is this statement:
This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate.
You could try removing the header in Fiddler rules by inserting this line in the OnPeekAtResponseHeaders function.
oSession.oResponse.headers.Remove("Strict-Transport-Security");
You would also need to remove any existing HSTS settings already in the browser. Instructions can be found here
or just use Chrome. It seems a little less strict in these scenarios.
回答3:
I had Fiddler enabled and was trying to connect to a Dynamics CRM page online--something that has always worked--and I kept getting the same issue.
The only workaround I've found to be successful so far is:
- Make sure the Fiddler cert is imported into Firefox (see "Trusting the Certificate" here)
Press Ctrl + Shift + Del and delete all Site Preferences for time range: Everything as shown. Note that this also clears other site preferences such as site-specific permissions or zoom levels.
This is required because Firefox stores HSTS information in the Site Preferences.
Another workaround for my scenario is to just use IE.