Collaborate Disseminate
I am using Fiddler, and I have to insert a CA Cert to decrypt the SSL certificate coming out of my device. My device running Android 13 is rooted, and when I installed my cert, it went into the user’s section (as expected).
However, I also… Continue reading Move a user CA cert to a trusted root cert in Android 13
Fiddler Auditor is an open-source tool designed to evaluate the robustness of Large Language Models (LLMs) and Natural Language Processing (NLP) models. LLMs can sometimes produce unwarranted content, potentially create hostile responses, and may discl… Continue reading Fiddler Auditor: Open-source tool evaluates the robustness of large language models
When I run fiddler with a proxy for the BlueStacks Android emulator (on Windows), many of the results are listed as "Tunnel to" a random IP address, with no headers and no information on the data sent. Clicking on one reveals &qu… Continue reading Fiddler with Android Emulator mostly shows "A SSLv3-compatible ClientHello handshake was found" with no headers or data
Can websites, server-side apps such as those that rely on a constant connection with server e.g. messaging apps, server-side online games such as those that rely on constant server connection for player movement, inventory data etc. tell t… Continue reading Can applications or websites know if their traffic is decrypted and re-encrypted by Fiddler? [duplicate]
I have a site example.com that I am currently intercepting https traffic for and pointing it to my local server using fiddler. I would like to take fiddler out of the equation by installing the site’s certificate that is generated by fiddl… Continue reading Export Fiddler Site Specific Cert
I currently use fiddler/Charles Proxy/MITM proxy to decrypt and analyze SSL/TLS traffic from suspect mobile apps I want to analyze. The process I follow is to export a CA cert from Fiddler, then import that cert onto the physical phone. I … Continue reading Decrypt mobile phone app TLS/SSL traffic using Wireshark and Fiddler/Charles/MITM Proxy
I would like to understand a point. When I use fiddler it creates a local proxy to analyze the traffic, so far everything is fine. However when Fiddler is launched and I browse an HTTPS site the certificate on the browser is "replaced… Continue reading What are the risks when using proxy such as Fiddler
There’s an API server that only allows connections including specific SSL certificates. Talking about an Android application that has those certificates.
Using Fiddler without SSL decryption as a proxy between the app and the server, I ca… Continue reading Is it possible to extract a certificate that an application uses to connect to an API server?
If you have been following along with us, you know how to set up a Windows 10 Virtual Machine (VM) for web app pentesting. But now we have run into another problem. Let’s say that same client throws in a Windows 10 desktop app in scope. (You know… Continue reading Fiddling with Windows: Proxy tools for Win10
No need to decrypt data. I just want to see the request URL something like download images. I tried with fiddle4 and capture only http but game can’t connect to EA server.