I have a long time setup which is capturing and decrypting HTTPS using Fiddler Proxy, I use my jailbroken phone so I can go around certificate pinning also and run it thru this proxy to capture traffic and analyze request/responses for different apps. I love Fiddler because it allows me to modify content on the fly at will to find issues. Today I ran into an app that is not behaving nicely and after some hours of research it seems my issue is because the app is using HTTP/3 and I haven't been able to make it work. Am I just barking at the wrong tree here? Is it even possible to capture such traffic with Fiddler Proxy? any alternatives with same like features that I could use? I'm not expert on protocols and certificates, etc. so please bear with me on the question :-). Thanks to any gurus out there that can help!
Is it possible to capture HTTP/3 (QUIC) traffic with Fiddler Proxy? (Fiddler Classic)
896 Views Asked by Carlos At
1
There are 1 best solutions below
Related Questions in FIDDLER
- Elasticsearch Fiddler No DNS
- 401 error when using a web service in sapui5
- Post JPEG file using fiddler with other body data
- Downloaded octet-stream then encoding as pdf; can't get line endings worked out
- How to capture http GET and POST calls from windows application through Java
- See data that an app is secretly sending to web server in the background
- how to check the dynamic behavior of a web service (WCF) from process monitor?
- Error trying to modify JSON object in Fiddler
- Fiddler output has unknown prefix and postfix
- SAML logout request is not sending cookies to IdP
- Wireshark / Fiddler not displaying traffic through C# Webclient when using proxy
- Proxy settings with fiddler
- Can I use FiddlerCore parsing and http request management functionality without enabling it as a proxy?
- Watch HTTP traffic with Katana
- Web API parameter is always null
Related Questions in HTTP-PROXY
- working with IdHTTPProxyServer1
- Java FTPS client through HTTP proxy
- Dynamically create SSL certs/keys with common CA
- How do I set up a proxy server behind a proxy server?
- Error while trying to re-direct application to new server port
- java.net.ConnectException: Connection refused: connect for HTTPS connections
- node.js, trying to route sub-domain to specific directory
- Routing HTTP (API) Calls via PHP
- How to dump a response of an HTTP GET request and write it in http.ResponseWriter
- AWS path based http proxy
- Nginx reverse proxy. 1 external ip, 2 local servers
- How to use the sails framework websocket proxy server
- How to delete Kafka topic using Kafka REST Proxy?
- Python 2.7.13 does not respect NO_PROXY and makes urllib2.urlopen() error with "Tunnel connection failed: 403 Forbidden"
- Qt 5.7 QNetworkProxy does not take into account cookies
Related Questions in HTTP3
- XHR requests occasional timeout or network error on Safari iOS devices caused by HTTP/3
- CloudFront HTTP/3 Enabled but doesn't work
- java.lang.IllegalStateException: No PEM work directory configured
- How to configure an embedded Jetty with HTTP/3 via API?
- why is HTTP/3 traffic faster when wrapped to an SSH tunnel?
- Why my browser does not use HTTP/3 with my server?
- Error when building Nginx related to quiche module
- Got "Opening Handshake Failed" when trying to run webtransport samples locally
- h3-quinn http3 server with tokio in rust
- Nginx configuration to support HTTP/3
- Why is content-length header not sent over HTTP/3?
- Failed file upload file with Curl and http/3: got Error 55
- Why QUIC does not have a standard API?
- How does HTTP/3 handle packet loss?
- Is it possible to capture HTTP/3 (QUIC) traffic with Fiddler Proxy? (Fiddler Classic)
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
No, it's not possible.
As of right now, AFAIK there are no HTTP debugging proxies that support HTTP/3. For Fiddler specifically, they only shipped HTTP/2 support a few months ago (Jan 2022, 7 years after HTTP/2 was standardized) and only in Fiddler Everywhere. There's no mention of any timeline for shipping it in Fiddler Classic I can see, maybe never.
I can't speak for the Fiddler team's reasons, but I also maintain a debugging proxy and the general problem is that most languages don't yet have stable libraries available to easily handle HTTP/3, which makes it very difficult to support. There's some background on the causes of this here: https://daniel.haxx.se/blog/2021/10/25/the-quic-api-openssl-will-not-provide/. There are some experimental implementations available now, but in most cases nothing that's easy to integrate and reliable, unlike HTTP and HTTP/2 (normally provided as part of programming languages' core libraries, often with many battle-tested userspace implementations available too).
From the HTTP/2 approach, I would guess that HTTP/3 support in Fiddler is a couple of years away at least and will only be coming to Fiddler Everywhere, not to Fiddler Classic (but I don't know for sure - you'd have to ask them).
In the meantime, the best workaround available is to block HTTP/3 traffic entirely. Well-behaved clients should fallback to HTTP/1 or 2 automatically. Blocking all UDP packets on port 443 using a firewall will generally be sufficient (it can be used on other ports, but I've never seen it in practice).