Fiddler is a handy tool which sits between two applications act as a proxy. It includes the ability to view, decrypt HTTP or HTTPS traffic for debugging proposes. For instance, we need capture the all HTTP or HTTPS request/responses from client Java program to the server, and the HTTPS-secured traffic should be decrypted to plain text and displayed in Fiddler.
Click on Tools -> Fiddler Options, to open the Fiddler Options dialog. Switch to the Connections tab, make sure the default Fiddler listens on port 8888 and select “act as system proxy on startup”.
Switch to the HTTPS tab. Ensure the Decrypt HTTPS traffic checkbox is checked. Click the Export Fiddler Root Certificate to Desktop button, this will generate the file: FiddlerRoot.cer on your Desktop.
The Fiddler’s certificate is self-signed and not trusted by the JDK or web browser (since Fiddler is not a Trusted Root Certification authority), and hence we need import this Fiddler certificate into your local JVM trust keystore by the following command.
keytool -import -alias fiddlercert -file fiddlerRoot.cer -keystore %JAVA_HOME%/jre/lib/security/cacerts -storepass changeit
Configure the client Java program launch with Fiddler as the proxy, Here’re the VM args to configure the fiddler proxy:
jre -DproxySet=true -DproxyHost=127.0.0.1 -DproxyPort=8888 MyApp
Alternatively, we can modify the code to set system HTTP and HTTPS proxyHost and port.
Once you launch your client program, you should clearly view the HTTPS session (request and response) in Inspectors tab.