Fiddler Usage With Secured Database
When you want to use fiddler with secure database you need to configure fiddler that it could response and do requests as you.
Respond to Requests Requiring a Client Certificate
First you need to create .CER file:
-
Open Manege User certificates
-
Right-click the certificate in Personal Certificates Store.
-
Click All Tasks > Export
Then you need to specify the .CER file for Fiddler to return for a given session.
You have two options to do so:
- Add a FiddlerScript to OnBeforeRequest function:
oSession["https-Client-Certificate"] = "C:\\test\\someCert.cer";
- Place your .CER file in '%USERPROFILE%\My Documents\Fiddler2\ClientCertificate.cer' ( the name must be ClientCertificate.cer)
Warning
If you do this your client certificate is exposed through fiddler
Accepting response by the client
-
Option 1: Configure Windows Client to trust Fiddler Root Certificate
-
Click Tools > Fiddler Options > HTTPS.
-
Click the Decrypt HTTPS Traffic box.
-
Next to
Trust the Fiddler Root certificate?
, click Yes. -
After
Do you want to install this certificate?
, click Yes.
-
Danger
If you do this windows will automatically trust any certificate issued by this CA. This is a security risk!
-
Option 2: Client will ignore certificate validation
In the application you should set:
Raven.Client.Http.RequestExecutor.RemoteCertificateValidationCallback += (sender, cert, chain, errors) => true;
Danger
If you do this and forget to remove it from your code, your client will accept any response!