Reputation: 351
Https interception by Fiddler
How to prevent HTTPS interception by Fiddler?
Upvotes: 1
Views: 619
Answers (1)
Reputation: 127563
Fiddler does it's interception by setting up a transparent proxy, the traffic sent to the browser is not signed by the a standard CA but by the custom CA that fiddiler installs when you enable the SSL decryption feature.
It only works because you chose to install the CA certificate on your machine and it would not work without that participation on the part of the end user to voluntarily compromise their security by adding the certificate.
Many corporate proxy servers do the same thing to inspect SSL traffic, but once again, the end user computer must have the corporate proxy servers' certificate installed on their computer or errors will be produced.
To actually answer your question "Also,is there any solution in .NET using which we can stop this interception?" You can check the fingerprint of your certificate (or it's CA) and verify that it is the fingerprint you expected to see, if something like fiddiler intercepted the traffic the fingerprints would not match.
Upvotes: 4
Related Questions
- Fiddler doesn't capture Https requests that made by HttpClient and HttpClientHandler
- HTTPS->HTTP via Fiddler
- Fiddler blocking specific https url
- Fiddler - Unable to capture https traffic
- Why can I see information travelling through HTTPS with Fiddler?
- Prevent Application from Fiddler Interception
- How do I prevent an https response from throwing an AuthenticationException with Fiddler running?
- Communication security: Fiddler intercepts my talks. How can I secure my app?
- Httpwebrequest and Fiddler
- How to enable HTTPS monitoring in FiddlerCore WITHOUT decrypting SSL