HTTPS decryption enabled but not working

9,395 views
Skip to first unread message

JP

unread,
Aug 28, 2013, 5:56:21 PM8/28/13
to httpf...@googlegroups.com
I recently had my laptop reimaged and after installing and configuring Fiddler back to the way I had it previously, the HTTPS decryption is not functioning.

Here are my settings for the HTTPS options tab;

Capture HTTPS CONNECTs - checked
Decrype HTTPS traffic - checked
...from browsers only
Ignore server certificate errors - checked

I have imported the root certificate and it appears when I run certmgr.msc

The only thing that strikes me is that the Remove Interception Certifications button is not active, could that mean that the certificate is not properly setup?

I have tried IE and Chrome, and all I can get is 'Tunnel to' for the host.

I never experienced this issue before and am pretty well versed in using Fiddler, so I am at a loss :)

Any ideas?

Thanks!

EricLaw

unread,
Aug 28, 2013, 6:52:40 PM8/28/13
to httpf...@googlegroups.com
If you look at the Inspectors > Response TextView tab for the Tunnels in question, my bet is that you'll see something like "Fiddler's HTTPS Decryption feature is enabled, but this specific tunnel was configured not to be decrypted. Settings can be found inside Tools > Fiddler Options > HTTPS."
 
If that's the case, look at the Process column in the Web Sessions list. Is it showing "iexplore" or "chrome" or something else (e.g. "tmproxy")? That indicates that another process is intercepting your traffic, and because of that it's not recognized as browser traffic and thus not decrypted due to the state of your decryption dropdown.
 
If that's not the case, what, if anything, do you see on the Log tab?
 
(The Remove Interception Certificates button is disabled while decryption is enabled; untick the decryption box and the button will be enabled.)
 
 

JP

unread,
Aug 28, 2013, 7:13:50 PM8/28/13
to httpf...@googlegroups.com
Looking at the process, avp (Kaspersky) was intercepting the traffic :)

Problem resolved, thank you!!

Venkatesh N

unread,
Sep 16, 2015, 3:20:36 AM9/16/15
to Fiddler
Am getting below message and in the process column getting, its not displaying any of browser's such as iexplore or chrome but showing tmproxy:5708

This is a CONNECT tunnel, through which encrypted HTTPS traffic flows.

Fiddler's HTTPS Decryption feature is enabled, but this specific tunnel was configured not to be decrypted. Settings can be found inside Tools > Fiddler Options > HTTPS.

Any ways to resolve this ?

EricLaw

unread,
Sep 16, 2015, 3:24:42 AM9/16/15
to Fiddler
In your Tools > Fiddler Options > HTTPS Settings, you have selected "Browsers Only."

On your system, you have the Trend Micro security system configured to intercept all of your browser traffic. TMProxy.exe intercepts all of your traffic between the browser and Fiddler, so that when Fiddler receives the traffic, it is coming from TMProxy.exe and not from Chrome.exe. As a consequence, Fiddler does not decrypt the traffic.

You can fix by either disabling TMProxy (which is what I'd do), or by changing your Fiddler setting to decrypt all traffic.
Reply all
Reply to author
Forward
0 new messages