All geek questions in one place

How can I set the FiddlerCore software certification installation to stick?

I am using FiddlerCore to capture HTTP requests. Everything works, including SSL Captures, if the Fiddler certificate is installed manually. I used manual installation through the Fiddler options menu, and this works fine.

However, if I use the FiddlerCore provided static methods of the CertMaker class to add a Fiddler certificate, I find that I can only use the certificate added to the root of cert in the current session. As soon as I shut down the application and start the backup, CertMaker.rootCertExists() will return false.

I use the following code to install the certificate for the current user (from the explicit menu option at this point):

 public static bool InstallCertificate() { if (!CertMaker.rootCertExists()) { if (!CertMaker.createRootCert()) return false; if (!CertMaker.trustRootCert()) return false; } return true; }

The certificate is installed, and I see it in the root certificate store for the current user. If I take SSL requests in the current application, it works fine.

However, if I close the exe executable, reboot and call CertMaker.certRootExists() , it will return false, and if I try to capture SSL requests, the SSL connection will not be made in the browser. If I recreate the certificate and then re-run the requests in the browser while the application is running, it will work again. Now I end up with two certificates in the root store.

After exiting and restarting CertMaker.certRootExists() , false is returned again. The only way to make it work is to register a certification session - exe.

What am I doing wrong so that the installation does not interfere between the execution of the same application?

+6
source share
2 answers

I was able to solve this problem and create persistent certificates that can be used in EXE sessions by removing the default CertMaker.dll and BcMakeCert.dll , which FiddlerCore installs and uses and distributes makecert.exe executable makecert.exe .

makecert.exe appears to create certificates in such a way that they can be used for several application launches, where the included assemblies are valid only for the current application session.

Update:

If you want to use CertMaker.dll and BcMakeCert.dll , which FiddlerCore installs by default, you need to efficiently cache and install the certificate and private key using the Fiddlers internal settings object. There are several keys that contain the certificate after its creation, and you need to fix these values ​​and write them to some configuration store.

In the following example, I have a static configuration object that contains a certificate and a key (stored in the configuration file when the application shuts down):

 public static bool InstallCertificate() { if (!CertMaker.rootCertExists()) { if (!CertMaker.createRootCert()) return false; if (!CertMaker.trustRootCert()) return false; // persist Fiddlers certificate into app specific config App.Configuration.UrlCapture.Cert = FiddlerApplication.Prefs.GetStringPref("fiddler.certmaker.bc.cert", null); App.Configuration.UrlCapture.Key = FiddlerApplication.Prefs.GetStringPref("fiddler.certmaker.bc.key", null); } return true; } public static bool UninstallCertificate() { if (CertMaker.rootCertExists()) { if (!CertMaker.removeFiddlerGeneratedCerts(true)) return false; } // persist Fiddlers certificate into app specific config App.Configuration.UrlCapture.Cert = null; App.Configuration.UrlCapture.Key = null; return true; }

After installing the certificate, this code captures the certificate and private key in the configuration object, which is saved in the future. To delete, the values ​​are cleared.

At the beginning of the application or at the beginning of the capture process before calling CertMaker.rootCertExists() keys are set from the configuration values. I do this at the beginning of my capture form:

 public FiddlerCapture() { InitializeComponent(); // read previously saved Fiddler certificate from app specific config if (!string.IsNullOrEmpty(App.Configuration.UrlCapture.Cert)) { FiddlerApplication.Prefs.SetStringPref("fiddler.certmaker.bc.key", App.Configuration.UrlCapture.Key); FiddlerApplication.Prefs.SetStringPref("fiddler.certmaker.bc.cert", App.Configuration.UrlCapture.Cert); } }

Using this mechanism to save and configure capture parameters, certificates are stored in several EXE sessions when using CertMaker.dll.

More information is available in this detailed blog post on FiddlerCore .

+12
source

If anyone is still interested, I found a lighter demo- based solution that Fiddler provides. This demo just calls CertMaker.trustRootCert() , and, oddly enough, it sticks! The first time he asks if you want to install the certificate, but after that the function simply returns true and will not cause a pop-up window.

Unlike yours and my program, the certificate is held without the need to let it in, so I analyzed the differences with the demo. One of the differences that I noticed was that in the demo there was no link to CertMaker.dll and BCMakeCert.dll. After removing these links from my own solution, I got the same behavior as the demo.

Unfortunately, I have no explanation why this works, but I hope this still helps some people.

0
source

Source: https://habr.com/ru/post/972878/

More articles:


All Articles