I use Fiddler2 to analyse some pages that use https connections. I enabled HTTPS decryption, but I still see some Tunnel to host:443 entries in my log. I can see decrypted HTTPS traffic in the log, so I assume the decyption works.
I think, that a Tunnel to host:443 entry is created in addition to the decrypted log entry when the connection is opened.
Is my assumption correct or did I miss something?
Yes, this is expected.
If you click on Tunnel to Host:443 you'll see the following on the Statistics tab:
The selected session is a HTTP CONNECT Tunnel. This tunnel enables a client to send raw traffic (e.g. HTTPS-encrypted streams or WebSocket messages) through a HTTP Proxy Server (like Fiddler). You can automatically hide these tunnels if you like by clicking Rules > Hide Connects.
My HTTPS interception and decryption stopped working and this message was also in my logs.
Perhaps it is unrelated but I was able to resolve but exporting the Fiddler certificate to Desktop (Tools > Fiddler Options > Export Root Certificate to Desktop), double clicking it to install it and restarting Fiddler and my Browser.
