I have a long time setup which is capturing and decrypting HTTPS using Fiddler Proxy, I use my jailbroken phone so I can go around certificate pinning also and run it thru this proxy to capture traffic and analyze request/responses for different apps. I love Fiddler because it allows me to modify content on the fly at will to find issues. Today I ran into an app that is not behaving nicely and after some hours of research it seems my issue is because the app is using HTTP/3 and I haven't been able to make it work. Am I just barking at the wrong tree here? Is it even possible to capture such traffic with Fiddler Proxy? any alternatives with same like features that I could use? I'm not expert on protocols and certificates, etc. so please bear with me on the question :-). Thanks to any gurus out there that can help!
Is it possible to capture HTTP/3 (QUIC) traffic with Fiddler Proxy? (Fiddler Classic)
897 views Asked by Carlos At
1
There are 1 answers
Related Questions in FIDDLER
- Fiddler doesn't work because Chrome and Edge don't trust fiddler certificate
- Fiddler: This certificate isn't from a trusted authority
- Modify fiddler request using OnBeforeRequest
- Where are my endpoints and what are the AJAX requests doing?
- frp connection reset by peer
- Network inspector not able to catch Network request - Android
- Solving Connectivity Issue with Fiddler Classic When Using p12 Certificates in Postman
- Postman request vs Local (server) request
- VSCode REST Client : how make my request being captured by fiddler Classic
- How to capture requests to localhost using Intellij and Fiddler?
- Fiddler cannot find revocation server
- Struggling with Fiddler and Security Challenges: Seeking Help in Java Replication
- Local Sitecore site SEC_ERROR_INADEQUATE_KEY_USAGE error unless Fiddler is running
- Capture Nextjs route handler traffic in Fiddler
- Geting Certificate exception on .Net when accept the Fiddler certificate
Related Questions in HTTP-PROXY
- Is it ok to proxy the Keycloak APIs
- How to structure address of call to external server using proxy
- Aiohttp not working with (free) http proxy?
- Cant read the whole response from the HttpURLConnection I want to achieve that for My Proxy Server?
- Angular 17 ng serve proxy returns 302 instead of forwarding
- How to run an iPadOS firebase app behind an http proxy?
- Multi-layer reverse proxy - Nginx
- Forward proxy as a solution. Need guidance
- Pact-JS Support for Corporate Proxies
- Pull PubSub Message through Proxy server - Python
- API gateway invoke URL dosen't load images in webpage
- HTTPConnectionPool(host='http_proxy=<ip>, port=<port>): Max retries exceeded with url: <url>
- How to prevent spam attacks from rotating proxies
- How to pass proxy server's username and password in boost::asio::resolver::query
- TTL not working with custom auth on Squid
Related Questions in HTTP3
- HTTP 3 - How to resolve this error
- Http3 with Laravel and Forge
- Error Occurs with QUIC_TLS_CERTIFICATE_UNKNOWN When Attempting WebTransport Connection
- What changes should be made in Java code in order to migrate to HTTP/3
- No QUIC-HTTP/3 protocol used in HTTP request and response (OkHttp + Cronet / Cronet)
- Error Building NGINX with HTTP/3 Support on Windows: NMAKE Fatal Error U1077 with OpenSSL 3.0.13
- spring boot http3: Secure Connection Failed
- Connect client and server via .net quic, http3 and certificates
- Apache Bench: Benchmarking tool HTTP/3 support
- Browsers shows "h3" but HTTP3Check shows an error [nginx v.1.25.3]
- How http3 is reducing response time on slow connection?
- Why WebTransport cannot connect this QUIC server in Rust
- Nginx configuration to support HTTP/3
- Why is content-length header not sent over HTTP/3?
- h3-quinn http3 server with tokio in rust
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
No, it's not possible.
As of right now, AFAIK there are no HTTP debugging proxies that support HTTP/3. For Fiddler specifically, they only shipped HTTP/2 support a few months ago (Jan 2022, 7 years after HTTP/2 was standardized) and only in Fiddler Everywhere. There's no mention of any timeline for shipping it in Fiddler Classic I can see, maybe never.
I can't speak for the Fiddler team's reasons, but I also maintain a debugging proxy and the general problem is that most languages don't yet have stable libraries available to easily handle HTTP/3, which makes it very difficult to support. There's some background on the causes of this here: https://daniel.haxx.se/blog/2021/10/25/the-quic-api-openssl-will-not-provide/. There are some experimental implementations available now, but in most cases nothing that's easy to integrate and reliable, unlike HTTP and HTTP/2 (normally provided as part of programming languages' core libraries, often with many battle-tested userspace implementations available too).
From the HTTP/2 approach, I would guess that HTTP/3 support in Fiddler is a couple of years away at least and will only be coming to Fiddler Everywhere, not to Fiddler Classic (but I don't know for sure - you'd have to ask them).
In the meantime, the best workaround available is to block HTTP/3 traffic entirely. Well-behaved clients should fallback to HTTP/1 or 2 automatically. Blocking all UDP packets on port 443 using a firewall will generally be sufficient (it can be used on other ports, but I've never seen it in practice).