Targeted certificates and traffic capture using Fiddler on Safari, IE, and iOS devices

I installed my Fiddler proxy, as in here .

the code:

public class ProxyConfig { private readonly string _secureEndpointHostname = IPAddress.Any.ToString(); private readonly int _secureEndpointPort = 4555; private readonly int _port = 18882; private static readonly ICollection<Session> AllSessions = new List<Session>(); private static Fiddler.Proxy _secureEndpoint; private static readonly LoggerCnx Logger = new LoggerCnx(); private Action<string> onRequest; public ProxyConfig() { } public ProxyConfig(Action<string> onRequest) { this.onRequest = onRequest; } public void SetupProxyListener() { FiddlerApplication.SetAppDisplayName("FiddlerCoreProxyApp"); // This is a workaround for known issue in .NET Core - https://github.com/dotnet/coreclr/issues/12668 CultureInfo.DefaultThreadCurrentUICulture = new CultureInfo("en-US"); // Simply echo notifications to the console. Because Fiddler.CONFIG.QuietMode=true // by default, we must handle notifying the user ourselves. //Fiddler.FiddlerApplication.OnNotification += delegate (object sender, NotificationEventArgs oNEA) { System.Diagnostics.Debug.WriteLine("** NotifyUser: " + oNEA.NotifyString); }; FiddlerApplication.Log.OnLogString += delegate (object sender, LogEventArgs oLEA) { Logger.Info("** LogString: " + oLEA.LogString); }; FiddlerApplication.BeforeRequest += delegate (Session session) { if (!CertMaker.rootCertIsTrusted()) { CertMaker.trustRootCert(); } if (onRequest != null) { onRequest(session.fullUrl); } // In order to enable response tampering, buffering mode MUST // be enabled; this allows FiddlerCore to permit modification of // the response in the BeforeResponse handler rather than streaming // the response to the client as the response comes in. session.bBufferResponse = false; lock (AllSessions) { AllSessions.Add(session); Logger.Info("Session: " + session.fullUrl); } session["X-AutoAuth"] = "(default)"; if ((session.oRequest.pipeClient.LocalPort == _secureEndpointPort) && (session.hostname == _secureEndpointHostname)) { session.utilCreateResponseAndBypassServer(); session.oResponse.headers.SetStatus(200, "OK"); session.oResponse["Content-Type"] = "text/html; charset=UTF-8"; session.oResponse["Cache-Control"] = "private, max-age=0"; session.utilSetResponseBody("<html><body>Request for httpS://" + _secureEndpointHostname + ":" + _secureEndpointPort.ToString() + " received. Your request was:<br /><plaintext>" + session.oRequest.headers.ToString()); } }; Logger.Info($"Starting {FiddlerApplication.GetVersionString()}..."); CONFIG.IgnoreServerCertErrors = true; CONFIG.bCaptureCONNECT = true; FiddlerApplication.Prefs.SetBoolPref("fiddler.network.streaming.abortifclientaborts", true); FiddlerCoreStartupFlags startupFlags = FiddlerCoreStartupFlags.Default; startupFlags = (startupFlags | FiddlerCoreStartupFlags.DecryptSSL); startupFlags = (startupFlags | FiddlerCoreStartupFlags.AllowRemoteClients); startupFlags = (startupFlags & ~FiddlerCoreStartupFlags.MonitorAllConnections); startupFlags = (startupFlags & ~FiddlerCoreStartupFlags.CaptureLocalhostTraffic); FiddlerApplication.Startup(_port, startupFlags); Logger.Info("Created endpoint listening on port {0}", _port); Logger.Info("Starting with settings: [{0}]", startupFlags); Logger.Info("Gateway: {0}", CONFIG.UpstreamGateway.ToString()); // Create a HTTPS listener, useful for when FiddlerCore is masquerading as a HTTPS server // instead of acting as a normal CERN-style proxy server. _secureEndpoint = FiddlerApplication.CreateProxyEndpoint(_secureEndpointPort, true, _secureEndpointHostname); if (null != _secureEndpoint) { Logger.Info("Created secure endpoint listening on port {0}, using a HTTPS certificate for '{1}'", _secureEndpointPort, _secureEndpointHostname); } } } 

Its goal is to capture and analyze traffic from Windows, Mac OS X, Android and iOS browsers (Chrome, Firefox and Safari mainly on desktop and mobile devices).

So far, it seems he is working on:

• Windows Browsers: Chrome, Firefox. Does not work on IE and Edge.
• Android: Chrome
• Mac OS: Chrome, Firefox. Safari does not work.
• iOS: none

In my log files, I see the following errors registered by Fiddler in browsers that do not work (for all devices). HTTPS request example:

2018-02-14 17: 25: 50.3860 | INFO | ** LogString: SecureClientPipeDirect failed: Authentication System.IO.IOException failed because the remote side closed the transport stream. for pipe (CN = *. optimizely.com, O = DO_NOT_TRUST_BC, OU = Created http://www.fiddler2.com )

From what I read in the last couple of days, trying to find a solution for this, the reason may be certificates that are not trusted by the device.

Tests run on BrowserStack using the function they provide, called BrowserStack Local. Details here and here .

Now my questions can be divided between Desktop and Mobile:

• Why can Chrome and Firefox make HTTPS requests until IE, Edge, and Safari can do this?
• In particular, for iOS, there is the Fiddler documentation for iOS here that outlines the steps required to configure the device. However, as I already mentioned, I do not use my own iOS devices, and physical devices do not use BrowserStack. Is there a way to programmatically trust a certificate on an iOS device (iOS 9.x, iOS 10.x, iOS 11.x)?

Are there any workarounds that I could use?

EDIT: FiddlerCore and BrowserStack False Logs here.