DEV Community

nausaf
nausaf

Posted on • Edited on

Intercepting HTTP Traffic from the Console with Fiddler

Fiddler doesn't work out of the box with HTTP traffic originating from commands run in the terminal (like curl). Luckily, it can be configured to do so.

The configuration given below would allow you to both intercept such traffic and decrypt SSL requests and responses.

Configure Fiddler and your terminal

I tested these steps on Fiddler Classic, which is quite old (but free!) but they should work on the newer, flashier Fiddler Everywhere also:

  1. Click Tools | Options menu to bring up the Options dialog. Go to Connections tab:

    Image description

    Make sure the two checkboxes highlighted in red are checked.

    Take note of the port on which Fiddler listens (8888 in my case).

  2. Go to your terminal and run the following commands (I am using export keyword for Bash, you might need to use set for Windows shells):

    export http_proxy=127.0.0.1:8888
export https_proxy=127.0.0.1:8888

    This needs to be done every time you open a terminal from which you want HTTP traffic to be intercepted.

  3. Run a command on the terminal that executes an HTTP request e.g.:

    curl --ssl-no-revoke -H "Accept: text/plain" https://icanhazdadjoke.com/

    With curl you have to use the --ssl-no-revoke option, for reasons explained shortly.

  4. You should now see traffic to the site accessed by curl, but it would be encrypted.

    Image description

  5. To descrypt SSL traffic, you need can click the yellow button shown in the snapshot above. This would bring up Tools | Options dialog again, this time at the HTTPS tab.

    Configure it as follows (you can play around with the settings):

    Image description

Try out the setup

Try the curl command given above again. You should now be able to see the decrypted SSL traffic of further requests:

Image description

Why we need to use --ssl-no-revoke with cURL

Fiddler is a man-in-the middle. This is what allows it to sniff HTTP traffic and show it to us. To decrypt SSL/TLS traffic Fiddler, issues and uses its own SSL certificate to interface with the client (e.g. the curl command in the example above).

This works fine with many terminal commands that make HTTP calls, for example terraform apply which makes API calls. However, curl throws an error, which I believe is because it actually checks if the certificate that Fiddler is using to establish the TLS tunnel is legit (which it is not, in the sense that it has not been issued by a well-known certificate authority such as VeriSign).

Using the --ssl-no-revoke command line parameter with curl gets around the error.

Top comments (0)