Search code examples
sslhttpsfiddler

How to start fiddler as a https proxy from command line?

I need to start fiddler automatically to parse https requests.

How to force fiddler to generate and use a ssl certificate without GUI? Does anyone know where fiddler stores its certificate? Can I generate my own server certificate and set it to fiddler without GUI?

I can start fiddler in quit mode. I can enable https via registry keys, but fiddler starts without ssl certificate. I can create certificate useing makecert.exe, but I don't know how to set it as active certificate for fiddler without UI.

I'd be very apprciate if anybody helps me to solve it.

Solution

  • Nobody helps me, but I've found solution.

    The Solution:

    To Enable capturing the https trafic update register's values:

    reg.exe add "HKEY_LOCAL_MACHINE\Software\Microsoft\Fiddler2" /v CaptureCONNECT /t REG_SZ /d True /f
reg.exe add "HKEY_LOCAL_MACHINE\Software\Microsoft\Fiddler2" /v CaptureHTTPS /t REG_SZ /d True /f
reg.exe add "HKEY_LOCAL_MACHINE\Software\Microsoft\Fiddler2" /v IgnoreServerCertErrors /t REG_SZ /d True /f

reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Fiddler2" /v CaptureCONNECT /t REG_SZ /d True /f
reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Fiddler2" /v CaptureHTTPS /t REG_SZ /d True /f
reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Fiddler2" /v IgnoreServerCertErrors /t REG_SZ /d True /f

    You need to use custom fiddler's script. It force fiddler to generate ssl certificate (Please see section main in the script CustomRules.js below). If you don't add it fiddler will start without ssl certificate.

    copy /Y /V "<path to file>\CustomRules.js" "%userprofile%\Documents\Fiddler2\Scripts\CustomRules.js"

    Note: don't change the destination file name.

    When fiddler starts in automaticaly attaches to the socket 127.0.0.1:8888

    start "" "%programfiles(x86)%\fiddler2\fiddler.exe" -quiet

    The fiddler automatically creates a new ssl certificate. It can be downloaded:

    curl.exe -s -k -o <dst file path> "http://127.0.0.1:8888/FiddlerRoot.cer"

    Then you need to add it to Trusted Root Certificates

    certutil -addstore -f "Root" <path to certificate>

    Now the fiddelr is started and can capture https trafic useing CustomRules.js.

    Fiddler.bat:

    @ECHO OFF

set currentDir=%~dp0
cd "%currentDir%"

set log="%currentDir%\fiddler.log"
set fiddler_custom_script_dir="%userprofile%\Documents\Fiddler2\Scripts\"
set fiddler_result_dir="C:\fiddler\"

echo "Start Fiddler Script" > "%log%"
echo "Current Dir: %currentDir%" >> "%log%"
echo "Update values in the register" >> "%log%"
reg.exe add "HKEY_LOCAL_MACHINE\Software\Microsoft\Fiddler2" /v CaptureCONNECT /t REG_SZ /d True /f >> "%log%"
reg.exe add "HKEY_LOCAL_MACHINE\Software\Microsoft\Fiddler2" /v CaptureHTTPS /t REG_SZ /d True /f >> "%log%"
reg.exe add "HKEY_LOCAL_MACHINE\Software\Microsoft\Fiddler2" /v IgnoreServerCertErrors /t REG_SZ /d True /f >> "%log%"

reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Fiddler2" /v CaptureCONNECT /t REG_SZ /d True /f >> "%log%"
reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Fiddler2" /v CaptureHTTPS /t REG_SZ /d True /f >> "%log%"
reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Fiddler2" /v IgnoreServerCertErrors /t REG_SZ /d True /f >> "%log%"

echo "Create folder for results: %fiddler_result_dir%" >> "%log%"
mkdir "%fiddler_result_dir%" >> "%log%"

echo "Create folder for the custom fiddler's script: %fiddler_custom_script_dir%" >> "%log%"
mkdir "%fiddler_custom_script_dir%" >> "%log%"

echo "Copy fiddler script to  %fiddler_custom_script_dir%" >> "%log%"
copy /Y /V "%currentDir%\CustomRules.js" "%fiddler_custom_script_dir%\CustomRules.js" >> "%log%"

echo "Start fiddler" >> "%log%"
start "" "%programfiles(x86)%\fiddler2\fiddler.exe" -quiet

set cert_path="%currentDir%\FiddlerRoot.cer"
set /a attempt=0

timeout 10 > nul

:get_cert
    set /a attempt+=1
    timeout 1 > nul
    echo "Attempt #%attempt% to download fiddeler's certificate" >> "%log%"
    curl.exe -s -k -o "%cert_path%" "http://127.0.0.1:8888/FiddlerRoot.cer" >> "%log%"
if not exist "%cert_path%" if %attempt% LSS 300 goto get_cert

if not exist "%cert_path%" (
    echo "FAIL. Certificate "%cert_path%" doesn't exist. Cannot set trusted certificate"  >> "%log%"
    exit /b -100
)

set /a attempt=0
echo "Try to add certificate to trusted" >> "%log%"
echo certutil -addstore -f "Root" %cert_path% >> "%log%"
:import_cert
    set /a attempt+=1
    timeout 1 > nul
    echo "Attempt #%attempt% to download fiddeler's certificate" >> "%log%"
    certutil -addstore -f "Root" %cert_path% >> "%log%"
if "%errorlevel%" LSS 0 if %attempt% LSS 3 goto import_cert

echo "End..." >> "%log%"
exit /b 0

    CustomRules.js

    import System;
import System.Windows.Forms;
import Fiddler;

/**
 This script must be in the folder C:\Users\<USER>\Documents\Fiddler2\Scripts\CustomRules.js
 */
class Handlers
{
    // The Main() function runs everytime your FiddlerScript compiles
    static function Main() {
        var today: Date = new Date();
        FiddlerObject.StatusText = " CustomRules.js was loaded at: " + today;
        CertMaker.createRootCert();
        //CertMaker.GetRootCertificate().GetPublicKeyString()
    }
}