понедельник, 19 декабря 2011 г.

Debug HTTPS : Fiddler + Java

For development purposes it is very useful see traffic sent via https. Imagine you are developing client for a social network. It uses REST API and works over HTTPS. And you need to see what was sent to server.

Good tool for all of us who uses Windows is Fiddler. It is web debugging proxy. It works straightforward for http traffic. To catch https configure your environment as described below:

1.Export Fiddler certificate as cer file: @Tools->Fiddler Options->HTTPS->Export Fiddler Root Certificate to Desktop" saves cert as FiddlerRoot.cer

2.Add JVM parameters: use Fiddler as local proxy (change port value according to your configuration)
-DproxyHost=127.0.0.1 -DproxyPort=8888 -Djavax.net.debug=all

-Djavax.net.debug=all is optinal. It helps debug https connection handshake. Remove it late.

Now java try use proxy but cannot establish https connection due to "untrusted" certificate.
Use keytool to import

"keytool.exe" -import -keystore "C:\Program Files\Java\jre6\lib\security\cacerts" -file “FiddlerRoot.cer”
check for jssecacerts file in jre6\lib\security\cacerts folder. If you have a jssecacerts file in your security folder, java will always look at the jssecacerts file first and Ignore your cacerts file, so you must get rid of the jssecacerts file before java will look at cacerts. Remove jssecacerts (or use it as target keystore for import)

Комментариев нет: