Capture HTTPS traffic from Java applications with Fiddler

1. Export Fiddler’s Root Certificate

Click on Tools -> Fiddler Options… to open the Fiddler Options dialog.

Switch to the HTTPS tab, and click on Export Root Certificate to Desktop.

This will generate the file: FiddlerRoot.cer on your Desktop.

2. Create a JVM Keystore using this certificate

This step will require Administrator privileges (since keytool doesn’t seem to work without elevating privileges). So, open command prompt as Administrator, by right clicking on the Command Prompt icon, and clicking on Run as administrator.

Run the following command (replacing <JAVA_HOME> with absolute path to the JDK/JRE that you’re interested in capturing traffic from):

<JDK_Home>\bin\keytool.exe -import -file C:\Users\<Username>\Desktop\FiddlerRoot.cer -keystore FiddlerKeystore -alias Fiddler

This will prompt you to enter a password. Remember the password, as it’s required for the next step.

Once a password is entered, this will create a file called FiddlerKeyStore. Remember the path to this file, as we’ll be using it in the next step. You can, of course, move it to a more convenient location and use that path.

3. Start the JVM with Fiddler as the proxy, and the Keystore you just created as a Trust Store

Essentially, we’re asking the JVM to use Fiddler as the proxy, and to trust the keys in the Keystore we just created. Here’re the VM args to configure your Keystore as the Trust Store:

-Djavax.net.ssl.trustStore=<path\to\FiddlerKeystore>
-Djavax.net.ssl.trustStorePassword=<Keystore Password>

So, in effect, these are the VM args you’ll need:

-DproxySet=true
-DproxyHost=127.0.0.1
-DproxyPort=8888
-Djavax.net.ssl.trustStore=<path\to\FiddlerKeystore>
-Djavax.net.ssl.trustStorePassword=<Keystore Password>

That’s about it. Now, launch Fiddler, and launch your JVM (your Java application). Fiddler will start showing all HTTPS (and HTTP) traffic from the JVM in plaintext.

Read more