Fiddler is a very useful tool for capturing HTTP traffic. One can use it such as for figuring out what headers and POST-parameters are sent to a webserver when filling out a form. This information can then be used to programmatically create the same request to a webserver.
Fiddler is also able to decrypt SSL traffic. I used it recently to capture traffic over SSL sent by my browser and wanted then to use it again to check if my programmatic requests look the same as those from the browser. Because fiddler links itself as man-in-the-middle proxy between client and server, it also needs to provide a certificate for SSL requests. As this is not recognized as valid certificate, .NET throws an WebException at System.Net.HttpWebRequest.GetResponse() and no traffic shows up in fiddler.
To still be able to check accuracy of the programmatic requests with fiddler, it is possible to directly add a new delegate to ServicePointManager.ServerCertificateValidationCallback which always returns true:
//* Hack for debugging purposes to accept Fiddler certificate
ServicePointManager.ServerCertificateValidationCallback +=
delegate(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors errors)
{
return true;
};
//*/
// Create request, write post parameters and so on..
HttpWebRequest req = (HttpWebRequest)HttpWebRequest.Create(“https://www.someurl.com”)
0 Response to “HttpWebRequest over SSL with Fiddler running”