Re: How to make fiddler use the same private key for all domains

2,181 views
Skip to first unread message

EricLaw

unread,
Jan 8, 2013, 11:48:57 AM1/8/13
to httpf...@googlegroups.com
I'm curious to understand what you'll be using Wireshark for, since if you're using Fiddler you can already see the traffic?
 
The default certificate generator builds a unique certificate per host, which means that each has its own private key.
 
However, the plugin certificate maker (http://www.fiddler2.com/dl/FiddlerCertMaker.exe) uses the same public/private key for each certificate by default, and you can set the fiddler.certmaker.bc.LogPrivateKeys preference to True and Fiddler will log that private key to the Log tab.
 
Please let me know how it goes!
 
-Eric
 

On Tuesday, January 8, 2013 3:19:31 AM UTC-6, Shachar Ofek wrote:
Hello,

I am trying to capture the SSL traffic between my browser and Fiddler with wireshark. I understand that the certificates that Fiddler creates for each domain have different private keys. Since I am capturing traffic to many different domains it would be impractical for me to export all the private keys from the keystore and import them to wireshark. 
Is there a way to force fiddler to use one private key too all domains?

Thanks very much

Shachar Ofek

unread,
Jan 9, 2013, 7:42:34 AM1/9/13
to httpf...@googlegroups.com
Hi Eric,

Thanks very much. I will give it a try and let you know.
We are using Wireshrak as we need to see the packets structure in addition to the Http view (e.g. for analyzing fragmentation etc.) and it is very convenient to have a shared PK for all domains.

Thanks,
Shachar

EricLaw

unread,
Jan 9, 2013, 5:34:25 PM1/9/13
to httpf...@googlegroups.com
Okay. It's important to recognize that as soon as you introduce a re-signing intermediary gateway in the middle of your connection, the packet structure is almost certain to change from what it would be without that intermediary.

Shachar Ofek

unread,
Jan 10, 2013, 8:28:58 AM1/10/13
to httpf...@googlegroups.com
Hi Eric,
I installed the plugin and and added the fiddler.certmaker.bc.LogPrivateKeys preference. The log tab displays a line like this:
Private Key for example.com: <.....private key chars........>
In order to import the private key to wireshark I tried to use it as a PEM format. I broke the text into lines of 64 characters and wrapped it with the BEGIN RSA PRIVATE KEY and END RSA PRIVATE KEY strings. I attached the outcome. Wireshark did not load this file, in its ssl debug log it wrote ssl_load_key: can't import pem data.
Was I wrong to assume that the displayed private key's format is in a PEM, and that it is not protected by password? I noticed that that the length of the PEM file I ended up with is shorter than other PEM files I usually have.

Thanks,
Shachar

EricLaw

unread,
Jan 10, 2013, 3:26:18 PM1/10/13
to httpf...@googlegroups.com
This is the base64'd version of the private key, and as far as I know, reformatting as you describe ought to work. Unfortunately, I don't see any attachments to your message; you might just try pasting it in inline.
 
(Literally, here's what BouncyCastle call: PrivateKeyInfo.ToAsn1Object().GetDerEncoded(); )
 
-Eric

Shachar Ofek

unread,
Jan 11, 2013, 1:21:32 AM1/11/13
to httpf...@googlegroups.com
Here it is pasted in:
-----BEGIN RSA PRIVATE KEY-----
MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAO6ASh9Xzm7W1q1V
U7prmDansSDgIiRzbRuCcM6R+2HXD0HJx/WhhkdE3Z95+u3Z3FBh1IKyJxqBw41r
hRdRLouO5wwMHMo6lMTirph4w06NE/EJklSvLXfvYCH21Tgt2iq5W/xSrGW8/jw8
ltBnywO3XpsNOU+U06UNy36VdTg9AgMBAAECgYEAhdpQP0j7XW+LqloiFJUAJ2Rz
35yK7OQvDuplPznk2KNnN6f0ZmHRx7vZmgBOmSDVKfPN3c/4bEL5qiv21QBF2w3i
Brie0cZXTi1E6kDINzUBwTj+JaVSl98yCsWZyMRVoxKBmVpDGcpGwmAZv5ADx7qE
bIy1jgHuOW2gJ+cMIeECQQD7UpHa0eU2mtKyM12M36ujfwj81BufSNGosz70zv1i
r+b14cPqkNA4zvt9nzxRKXGjDJgoAIigX4vzvb5DsUZZAkEA8vChyoXPKN8RxwAL
4VBDUhaLQJflZCohiMMhqlR5BCbWZfaunkSpi4C3bkqiyGk1mu9UkICmN9UwbRkF
4JuMhQJBALqFkmhDhQkcqKjGxHRsABesjYAO750szyWUOnI4OQgIIrJz5xJsfYzb
2PxntL1Ls+Hd1ANEOiJEJzszpETbCakCQCcKjLWjM1t6Hb1BQKeA4pC6lr5WqsKi
EqmL0kkxMhF8vE++iOleV3DXyqKq0+YpIjg35fsi8ZNfa1zc/JjP5pECQQDcDZ2Y
+drmRy0SLiWe38EufnRJ76460QYjXNaFjkzJuih//tiojxFAhpxFkCWsBtj1Qaep
bqG4p/tzdMyb9Bc5
-----END RSA PRIVATE KEY-----

EricLaw

unread,
Jan 21, 2013, 2:19:28 PM1/21/13
to httpf...@googlegroups.com
Hello, Shachar:
 
Please try upgrading to the latest (1.4.3.4) version of the Certificate Maker: https://www.fiddler2.com/dl/fiddlercertmaker.exe. After you do so, when you type !dumpcerts in the QuickExec box underneath the session list, this plugin will export all of the in-memory certificates to files on your desktop. For each certificate, there will be one .CER file, and one private key file exported in PEM format. I've verified that the PEM files are recognized by OpenSSL, which suggests to me that WireShark should work with them.
 
Please let me know.
 
thanks,
 
Eric

Shachar Ofek

unread,
Jan 27, 2013, 10:14:12 AM1/27/13
to httpf...@googlegroups.com
Hi Eric,

I installed the new version of the plugin, and it works great. It's very convenient to use it in conjunction with wireshark.

Thanks,
Shachar
Reply all
Reply to author
Forward
0 new messages