Fiddler is a handy tool which sits between two applications act as a proxy. It includes the ability to view, decrypt HTTP or HTTPS traffic for debugging proposes. For instance, we need capture the all HTTP or HTTPS request/responses from client Java program to the server, and the HTTPS-secured traffic should be decrypted to plain text and displayed in Fiddler.

1. Configure Fiddler as proxy and listens on port

Click on Tools -> Fiddler Options, to open the Fiddler Options dialog. Switch to the Connections tab, make sure the default Fiddler listens on port 8888 and select “act as system proxy on startup”.

fiddler_proxy_connection

2. Export Fiddler’s Root Certificate and Import to JRE Keystore

Switch to the HTTPS tab. Ensure the Decrypt HTTPS traffic checkbox is checked. Click the Export Fiddler Root Certificate to Desktop button, this will generate the file: FiddlerRoot.cer on your Desktop.
fiddler_https_traffic
The Fiddler’s certificate is self-signed and not trusted by the JDK or web browser (since Fiddler is not a Trusted Root Certification authority), and hence we need import this Fiddler certificate into your local JVM trust keystore by the following command.

keytool -import -alias fiddlercert -file fiddlerRoot.cer -keystore %JAVA_HOME%/jre/lib/security/cacerts -storepass changeit

Tips: Fiddler2 relies on a “man-in-the-middle” approach to HTTPS interception. To the client program or web browser, Fiddler2 claims to be the secure web server, and to the web server, Fiddler2 mimics the web browser. In order to pretend to be the web server and dynamically generates a HTTPS certificate.

3. Start the Java program with Fiddler as the proxy

Configure the client Java program launch with Fiddler as the proxy, Here’re the VM args to configure the fiddler proxy:

jre -DproxySet=true -DproxyHost=127.0.0.1 -DproxyPort=8888 MyApp

Alternatively, we can modify the code to set system HTTP and HTTPS proxyHost and port.

System.setProperty(“http.proxyHost”, “127.0.0.1″);
System.setProperty(“https.proxyHost”, “127.0.0.1″);
System.setProperty(“http.proxyPort”, “8888″);
System.setProperty(“https.proxyPort”, “8888″);

4. Monitor HTTPS request and response in Inspectors tab

Once you launch your client program, you should clearly view the HTTPS session (request and response) in Inspectors tab.

fiddler_traffic