How to debug C# WebHttpRequest HTTPS through Fiddler

Hi,

I was working on this project where I needed to get some HTTP requests intercepted by Fiddler. Everything worked nice and dandy until some of the requests needed to be done over HTTPS. Fiddler knows to decrypt those by having a fake SSL cert.

Unfortunately my code didn't like that too much so it started etting me this nice error:

Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

Solution... you just need to disable the ServerCertificateValidationCallback

ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(
                delegate
                {
                   return true;
                } );

That's all. Now you're requests can go through  Fiddler and you can debug them.

[Update]
As Eric said in the comments, another approach is to just trust the Fiddler cert. http://www.fiddler2.com/fiddler/help/httpsdecryption.asp That is in fact a cleaner approach, I think if you have the possiblity to trust the cert you should do that and keep the ServerCertificateValidationCallback for the cases when you cannot import the cert as a trusted cert.

Thanks,
Ionutz

Comments

• Anonymous
  May 12, 2009
  PingBack from http://microsoft-sharepoint.simplynetdev.com/how-to-debug-c-webhttprequest-https-through-fiddler/

• Anonymous
  October 27, 2009
  Don't ship like that!  :-) Alternative fix is to trust the Fiddler root certificate on your test machine while testing: see http://www.fiddler2.com/fiddler/help/httpsdecryption.asp