How to capture HTTPS traffic with FiddlerCore without installing the DO_NOT_TRUST certificate?

[Øyvind Pedersen]

Hi,

I'm developing an application in .NET 4 using a WebBrowser control that needs to capture https traffic to and from a third party server. To accomplish this the end users seem to have to install and trust Fiddler's DO_NOT_TRUST certificate (when we use the CertMaker.trustRootCert() method). The problem is that most users will probably not trust a certificate which explicitly says "Do not trust" in the name.

Can we work around this in some way, e.g. by installing our own self-signed certificate? Which properties does this certificate need to have? Or is there another solution? All we really need, is to capture outgoing Ajax calls and preferably the responses from the server. We also like to prevent the user from navigating away from the site, which I guess we can do just by short-circuiting all non-Ajax calls.

Regards,

Øyvind.

[EricLaw]

If your code was trusted by the user to run as Administrator, you can simply put the root certificate in the machine's Trusted Root certificate store. This is a silent operation when run by a process that is elevated.