Fiddler如何与HTTPS一起使用 [英] How does Fiddler work with HTTPS

问题描述

我做了HTTP代理服务器。但是我无法解密SSL流量。

I made HTTP proxy server. But the problem that I can't decrypt SSL traffic.

我发现Fiddler安装了信任根证书。我做了同样的事情，现在我没有出现证书不受信任的错误，但是我遇到了另一个错误：通用名（CN）错误。提琴手如何更改已安装的受信任证书的CN？

I found that Fiddler install Trust Root Certificate. I did the same and now I don't have error that certificate untrusted but I got other error: wrong Common Name (CN). How fiddler change the CN of installed trusted certificate?

将不胜感激。

推荐答案

Fiddler充当SSL终止代理。
即连接是这样的：

Fiddler acts as an SSL termination proxy. I.e. the connection goes like this:

浏览器---（SSL握手）--->提琴手---（SSL握手）->实际站点

Browser ---(SSL handshake)---> Fiddler --- (SSL handshake) ---> Actual Site

因此，您的连接是第一次加密并发送到Fiddler，在此首先由Fiddler解密，然后再次加密以发送到您访问的实际站点。

So your connection is first time encrypted and sent to Fiddler, where it is first decrypted by Fiddler and then again encrypted to be sent to the actual site that you access.

另外，当您访问站点时，Fiddler会自动生成一个服务器证书，其CN等于该站点的主机名，并且该证书由fiddler的CA签名这就是Fiddler需要在浏览器中安装一组可信CA的原因，以便可以针对可信机构进行第一次SSL握手。

Additionally when you access a site Fiddler automatically generates a server certificate with a CN that is equal to the host name of the site and this certificate is signed by the CA of fiddler That's why Fiddler needs to install a set of trusted CAs in your browser so that the first SSL handshake can be made against a trusted authority.

这篇关于Fiddler如何与HTTPS一起使用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！