So, one of my biggest gripes with fiddler is not being able to see what the original ssl cert the server was spitting out was.
If you decrypt the ssl traffic, fiddler acts like a man-in-the middle and replaces the server certificate with it's own so it can decrypt it. If you don't understand that very well, google will help alot more than I can.
So. Long story short, I needed to know what ssl certificate the web servers were spitting up, even if Fiddler was running.
Fiddler doesn't have this ability out of the box. Nor was their a previously known plugin (until now). I've always wondered what it would be like to write my own plugin for fiddler. Turns out, it's not to difficult. As long as your OK with trial and error for a few hours. The documentation was lacking in pretty much every way possible when it comes to creating something for fiddler. There were some old tutorials, but they didn't cover the new features of the newer fiddler versions.
Anyways...I created my own plugin. It keeps track of the original ssl certificates that come across from the web server and which requests that certificate belongs to. I used the thumbprint from the cert as the "key" to determine which certificate belong to which request. Storing the certificates from the servers in a dictionary with the thumbprint as the key and storing a property in the
oFlags property on the sessions, allows me to very quickly and easily retrieve them, and check to see if it doesn't exist before adding it. I then created a little page with a data grid view on it and dumped out all of the certificate information on it. I also put a button on it that will open up the certificate in the standard windows ui for viewing certificates. Just so you all know, it's the
X509Certificate2UI class in the System.Security library and namespace.
I put the source code up on github. https://github.com/veccsolutions/Vecc.FiddlerCertInformation
To install, just put the
Vecc.FiddlerCertInformation.dll into the Inspectors folder within your fiddler install folder.