After the initial startup, Fiddler Everywhere default captures only non-secure traffic (HTTP).
To enable the capturing and decrypting of HTTPS traffic, you need to install the Fiddler root CA (certificate authority) through the HTTPS sub-menu under Settings.
Trust Fiddler CA—Installs and trusts the Fiddler root Certificate authority (CA) in the user store of the operating system certificate manager. The option is available on macOS and Windows. On Linux, you have to export and trust the Fiddler CA manually. After you install the CA, you are ready to enable the capturing of HTTPS traffic.
Capture HTTPS traffic—Defines if Fiddler Everywhere will capture HTTPS traffic or skip it. By default, this option is disabled. Before you enable the capturing of HTTPS traffic, you must trust the Fiddler root certificate.
Ignore server certificate errors—Controls whether Fiddler Everywhere warns you if an HTTPS server presents a certificate that cannot be validated. Do not check this box when surfing the Internet because of a possible spoofing security threat.
The Ignore server certificate errors checkbox is active (with a tick), but the ignore list is left blank—Fiddler will automatically ignore all server certificate errors.
The Ignore server certificate errors checkbox is active (with a tick), and the ignore list is populated with specific endpoints—Fiddler will ignore only server certificate errors for the listed endpoints. Adding endpoints to the ignore list works only for new connections.
The Ignore server certificate errors checkbox is inactive (no tick)—Fiddler won't ignore server certificate errors, and upon hitting one, will present a special Fiddler's page that informs the user about the insecure connection. The custom Fiddler's page also provides a quick link to add the specific endpoint to the ignore list.
Advanced Settings—A drop-down menu that provides the following additional options related to the Fiddler root CA (certificate authority):
Trust Fiddler CA in the Machine Store—Installs and trusts the Fiddler CA in the machine store of the operating system certificate manager. The option is available only on Windows.
Export Fiddler CA—A drop-down menu to select a format and export the Fiddler root CA to the operating system Desktop folder. Some operating systems do not have a default folder named Desktop. In such cases, you must create this folder (
~/Desktopfor macOS and Linux distributions) to export the certificate successfully. Fiddler Everywhere provides options to export the following formats:
Export Fiddler CA(DER/Binary format)—Exports the Fiddler Everywhere CA in binary format as
Export Fiddler CA(PEM/ASCII format)—Exports the Fiddler Everywhere CA in ASCII format as
Export Fiddler CA(PKCS 12 format)—Exports the Fiddler Everywhere CA in PKCS 12 format as
- Export Fiddler CA(DER/Binary format)—Exports the Fiddler Everywhere CA in binary format as
Reset Fiddler CA—Click the button to remove the currently trusted CA, generate a new one, and trust it.
Remove Fiddler CA—Click the button to remove the currently trusted CA from the OS certificate store. As a result, the capturing of HTTPS traffic will be disabled.
The following figure displays the default settings of the HTTPS menu.
If the Fiddler root CA is not yet trusted, an inline notification will warn you that the system HTTPS capture is disabled. This notification will hide if you use the independent browser capturing option and will re-appear once you close the active independent browser instance.