Fiddler is not showing HTTPS traffic - https

I enabled "Decrypt HTTPS traffic" and "Ignore server certificate errors" in Fiddler but the traffic of one website is not being showed.
This is the error that Fiddler is returning:
[Fiddler] The connection to '...' failed. System.Security.SecurityException Failed to negotiate HTTPS
connection with server.fiddler.network.https> HTTPS handshake to
... failed. System.IO.IOException Received an unexpected EOF
or 0 bytes from the transport stream.
I remember that I could ignore this error in Fiddler script, but I really don't remember.
Does anyone know what's going on?
Thanks! =)

What is the site's URL?
It is probably caused by either of these two issues: http://blogs.msdn.com/b/ieinternals/archive/2009/12/08/aes-is-not-a-valid-cipher-for-sslv3.aspx or http://blogs.msdn.com/b/fiddler/archive/2012/03/29/https-request-hangs-.net-application-connection-on-tls-server-name-indicator-warning.aspx
The old workaround is to configure Fiddler to only use SSL3 when talking to the host in question. The newer workaround is to either use Fiddler4 with the latest .NET4.5.2 framework, or if you're using Fiddler 2.5.1, see the "SNI Hack" section of http://www.telerik.com/blogs/what-s-new-in-fiddler-4-5-1
In your OnBeforeRequest event handler, add the following code to fix the issue for certain sites:
if (oSession.HTTPMethodIs("CONNECT") && oSession.HostnameIs("BuggySite.com"))
{
oSession["https-DropSNIAlerts"] = "yup";
FiddlerApplication.Log.LogString("Legacy compat applied for request to BuggySite.com");
}

A bit late for the poster unfortunately but I just needed to add tls1.2:
Tools
Options
HTTPS
Protocols
Add tls1.2 to the end of the list and click ok

I was seeing the following exception:
System.Security.SecurityException Failed to negotiate HTTPS connection
with server.fiddler.network.https. HTTPS handshake to
api.etadirect.com (for #9) failed. System.IO.IOException Unable to
read data from the transport connection: An existing connection was
forcibly closed by the remote host. An existing connection was
forcibly closed by the remote host
I was able to fix it by enabling the TLS1.2 protocol which is not enabled by default for outgoing connections
Tools -> Options -> HTTPS -> click on protocols list

Related

read tcp [addr]->[addr] use of closed network connection

I'm using Google's simplehttp2server go-lang program to run some tests and have encountered a recurring error. Upon executing the TLS handshake I receive the following error:
2019/12/12 12:42:55 http: TLS handshake error from 127.0.0.1:36202: read tcp 127.0.0.1:5000->127.0.0.1:36202: use of closed network connection
I have updated my go version to 1.13.5 from 1.12.9 and tried two browsers (brave + chrome) plus curl and receive the same error code each time. It happens over HTTP/2 and HTTP/1.1. I have seem other answers from across the web but am still running into this error (ex1, ex2, ex3, ex4).
Very much appreciate any feedback, advice, or admonishment. Anything to help the migraine this problem is giving me!
edit: screenshot from my curl and running of simplehttp2server
example image from curl and simplehttp2server
This error happens when you have two websockets connected to a singular address using the same port from the same machine. One of the websockets will be able to connect fine but the other wont be able to make the connection.
I was making the same mistake and when I removed the duplicate connection the error resolved.

IBM WAS sslSocket.getEnabledProtocols() issue

We have a single installation of WAS(8.5.5.10), with multiple clusters(JVMs). We enabled TLS1.2 on one of the JVMs, (say JVM1). But when I run the code sslSocket.getEnabledProtocols(), it gives me supported protocols=[TLSv1], which is V 1.0. My application runs on Java 1.7.
When I check in Security > SSL certificate and key management, and under Related Items, click SSL configurations. ( such as CellDefaultSSLsetting , NodedefaultSSLsetting and any other SSLConfig), it shows 'TLS' as the protocol, under QoP settings.
But when I check in SSL certificate and key management > Manage endpoint security configurations > jvm1_cluster, it shows 'TLS1.2' as SSL configuration.
From IBM forums, I came to understand that it is possible to enable TLSV1.2 at only one cluster. and need to use jssehelper to specify an outbound ssl configuration.
Tried following the link on how to programmatically specifying an outbound SSL configuration using JSSEHelper API. https://www.ibm.com/support/knowledgecenter/en/SSAW57_8.5.5/com.ibm.websphere.nd.multiplatform.doc/ae/tsec_ssloutconfiguseJSSE.html
but I still could not get it to work. When I print the properties, I can see protocol as TLSV1.2 (com.ibm.ssl.protocol = TLSv1.2). Application uses com.ibm.jsse2.SSLSocketFactoryImpl for ssl socket provider.
To give you some background, am trying to connect to APNS using okhttp3 library. Am adding these properties, at the place where I create the socket connection. And after the socket is created, when I do sslSocket.getEnabledProtocols(), it gives me supported protocols=[TLSv1], which is V 1.0.
Since it tries to connect via TLS1, it gives javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure, when trying to establish connection to APNS. I have the certificate added to was store already and the firewall rules are in place as well, to allow the connection.
Error:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.ibm.jsse2.j.a(j.java:23)
at com.ibm.jsse2.j.a(j.java:21)
at com.ibm.jsse2.qc.b(qc.java:465)
at com.ibm.jsse2.qc.a(qc.java:451)
at com.ibm.jsse2.qc.h(qc.java:759)
at com.ibm.jsse2.qc.a(qc.java:353)
at com.ibm.jsse2.qc.startHandshake(qc.java:800)
Pls guide me on how to fix the issue. Thanks.

windows - Changing HTTP response

i have a windows 10 computer and a program, that sends to a server (xxx.com aka x.x.x.x) a request. server responses with, for example, "false". that program reads that response and based on that gives output. I need to locally (not on the server, only for me) change that value for, for example, "true". I tried Charles, but it doesn't work for my soft (in browser same requests that go through Charles give "true"). What is the problem here?
Charles "doesn't work" for your program because the HTTP request sent from your program is not intercepted. Charles can autoconfigure the proxy setting for browsers, that's why in your browser "same requests that go through Charles give true".
In order to make Charles intercept your program's HTTP request, a reverse proxy need to be configured:
Step 1. Launch Charles, and go to Proxy - Reverse Proxies...
Step 2. Check Enable Reverse Proxies and click Add.
Step 3. Configure a reverse proxy:
Local port: 59110 // any unused local port
Remote host: xxx.com // the target server
Remote port: 80 // the port opened in target server
Step 4. In your program, send all HTTP requests to localhost:59110.
In this way, Charles can intercept all HTTP requests sent from your program, and you can change the HTTP response data.
If the target server provides HTTPS service instead of HTTP, some additional work need to be done:
SSL-Step 1. In Charles, go to Proxy - SSL Proxying Settings - SSL Proxying
SSL-Step 2. Check Enable SSL Proxying and click Add:
SSL-Step 3. Configure an SSL proxy:
Host: xxx.com // the target server
Port: 443 // the SSL port opened in target server
SSL-Step 4 (1). go to Help - SSL Proxying - Install Charles Root Certificate. This will allow your program trust the self-generated certificate from Charles.
or
SSL-Step (2). If you don't want to install Charles' root CA, you can change your program to prevent certificate error. For example, in Node.js, the following code can prevent program from rejecting unauthorized certificate:
process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";

FTP Connection Refused (Using FTPZilla)

I have googled and searched all over but I am still having trouble getting connected to a site using the ftpzilla
I am getting this read out when I try to connect to the server using the network connection wizard
Connecting to probe.filezilla-project.org
Response: 220 FZ router and firewall tester ready
USER FileZilla
Response: 331 Give any password.
PASS 3.9.0.6
Response: 230 logged on.
Checking for correct external IP address
Retrieving external IP address from
http://ip.filezilla-project.org/ip.php
Checking for correct external IP address IP 173.56.114.112
bhd-fg-bbe-bbc
Response: 200 OK
PREP 60010
Response: 200 Using port 60010, data token 1063172065
PORT 173,56,114,112,234,106
Response: 200 PORT command successful
LIST
Response: 150 opening data connection
Response: 503 Failure of data connection.
Server sent unexpected reply.
Connection closed
The weird thing is I only get this error for this particular server and the server I use for my personal site (namecheap.com) gives me no such error. Does anyone know why this may be happening? And please try not to point me to the network configuration wiki because I have read through that and I still am at this point.
PORT 173,56,114,112,234,106
....
Response: 503 Failure of data connection.
...
please try not to point me to the network configuration wiki
You are using active mode, that is the ftp client (FileZilla) waits for a connection from the server. Obviously the server can not connect to the client which indicates that something like a firewall restricts the connection.
Since according to your description this happens only with few servers, you either use only these servers with active mode or these servers are protected by firewalls which do not allow active mode. Have you tried with passive mode?
I had a similar issue connecting and made the following changes and had success.
Go to File>>>Site Manager>>>
For my site, I changed the Encryption to "Only use plain FTP(insecure)" and had success. May you find the same success.

Unable to redirect https traffic from external IP to loopback interface in Fiddler

I'm trying to use Fiddler to capture traffic that comes to my machine on its external ip address, and redirect it to the loopback interface without affecting the host header.
I have added the following to the OnBeforeRequest method:
if (oSession.HostnameIs("MyMachineName")){
oSession.bypassGateway = true;
oSession["x-overrideHost"] = "localhost";
}
This works fine for http traffic: I do indeed see a request to http://MyMachineName hit the loopback adaptor with its host header intact.
However, when intercepting https traffic I get the following in the response raw view:
fiddler.network.https> HTTPS handshake to auth.time-wise.net failed. System.IO.IOException The handshake failed due to an unexpected packet format.
I have Fiddler configured to capture and decrypt https traffic.
Does anyone know why this problem occurs and how it can be remedied?
Edit: in response to Eric's request for more information
Fiddler is running as a proxy (i.e. as standard), listening on port 8888.
The clients are (currently) web browsers on the same machine, and so are automatically using the Fiddler proxy, as they've picked up the change in default proxy.
You've left out some important details (e.g. what port is Fiddler running on, and how did you configure the remote client to send its traffic to Fiddler?)
Having said that, you will probably want to change your use of x-overrideHost to x-overrideHostname such that the port number of the traffic being retargeted is preserved.

Resources