SSL received a record that exceeded the maximum allowable length when changing a request using a violinist

Question

SSL received a record that exceeded the maximum allowable length when changing a request using a violinist

I am trying to implement an intra-system SSL server using FiddlerCore:

using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Threading.Tasks; namespace fiddlerCoreTest { using System.IO; using System.Threading; using Fiddler; class Program { static Proxy oSecureEndpoint; static string sSecureEndpointHostname = "localhost"; static int iSecureEndpointPort = 7777; static void Main(string[] args) { //var tt = Fiddler.CertMaker.GetRootCertificate().GetRawCertData(); //File.WriteAllBytes("root.crt",tt); Fiddler.FiddlerApplication.BeforeRequest += delegate(Fiddler.Session oS) { oS.bBufferResponse = false; if ((oS.hostname == sSecureEndpointHostname)&&oS.port==7777) { oS.utilCreateResponseAndBypassServer(); oS.oResponse.headers.HTTPResponseStatus = "200 Ok"; oS.oResponse["Content-Type"] = "text/html; charset=UTF-8"; oS.oResponse["Cache-Control"] = "private, max-age=0"; oS.utilSetResponseBody("<html><body>Request for httpS://" + sSecureEndpointHostname + ":" + iSecureEndpointPort.ToString() + " received. Your request was:<br /><plaintext>" + oS.oRequest.headers.ToString()); } }; FiddlerCoreStartupFlags oFCSF = FiddlerCoreStartupFlags.Default; oFCSF = (oFCSF & ~FiddlerCoreStartupFlags.RegisterAsSystemProxy); Fiddler.FiddlerApplication.Startup(8877, oFCSF); oSecureEndpoint = FiddlerApplication.CreateProxyEndpoint(iSecureEndpointPort, true, sSecureEndpointHostname); if (null != oSecureEndpoint) { FiddlerApplication.Log.LogFormat("Created secure end point listening on port {0}, using a HTTPS certificate for '{1}'", iSecureEndpointPort, sSecureEndpointHostname); } Console.WriteLine("Press any key to exit"); Console.ReadKey(); } } }

in firefox, GET http://localhost:7777/ works fine, but when I get GET https://localhost:7777/ , firefox reports the following error:

SSL received a record that exceeded the maximum permissible length

Why am I getting this and how to fix it?

UPDATE This only happens when I use fiddler as a proxy server with firefox. When I delete the Fiddler proxy, I can access https://localhost:7777/ . However, I would also like to have access to https://localhost:7777/ through a proxy

+7

c # ssl fiddler fiddlercore

Arsen zahray Jan 05 '13 at 9:38

source share

2 answers

HTTPS traffic is encrypted, and the script as a proxy server for the web debugger cannot decrypt / analyze packet data sent through the violinist. It uses the MITM attack to decrypt SSL traffic sent through the violinist, see here: http://www.fiddler2.com/fiddler/help/httpsdecryption.asp

So, you have to enable the SSL parameter in the violin, and then double-check it. If this does not work, try providing a manual MITM certificate for the violinist.

+1

Vahid farahmand Jan 31 '13 at 1:27

source share

EricLaw · Accepted Answer · 2014-04-03T17:50:29+0000

The problem in this scenario is that you are processing this traffic twice:

Firstly, the browser sends a CONNECT to port 8888, saying: “Please give me a TCP / IP tunnel for port 7777,” and then after Fiddler says, “OK, we will do it”, the client sends an HTTPS request through this tunnel to port 7777.

The problem is that you are managing this CONNECT response and returning the HTML instead of skipping the HTTPS handshake from port 7777.

The easiest way to fix this is to change the BeforeRequest code to the following:

 if ( (oS.hostname == sSecureEndpointHostname) && (oS.port==7777) && !oS.HTTPMethodIs("CONNECT")) {

After this, your CONNECT tunnel will no longer be crippled and the HTTPS handshake will succeed.

SSL received a record that exceeded the maximum allowable length when changing a request using a violinist

More articles: