How to create Man in the Middle instrumentation

Question

I\'m trying to see how a certain application is talking to a server in SSL. Basically, the process just hangs when it claims to have done some SSL communication. I want to

Answer 1

Fiddler allows you to implement a man in the middle attack against yourself to see what is inside the SSL tunnel.

Fiddler generates a unique root SSL certificate for your computer, and then creates a session certificate signed by the root. When you configure Fiddler to decrypt SSL for you it acts as a proxy between you and the destination, decrypting the traffic using the site's SSL certificate and then re-encrypting it using its own certificate.

Your browser/application will see an untrusted certificate error. You can get around this error by choosing to trust Fiddler's root certificate.

The folks over at .Net Rocks did a great podcast episode on using Fiddler to sniff your traffic.