POST data is visible in Fiddler despite HTTPS? [duplicate]

Question

This question already has answers here:

What is point of SSL if fiddler 2 can decrypt all calls over HTTPS? (3 answers)

Closed 9 years ago.

When on looking at the HttpWebRequest and HttpWebResponse methods on C#, I just learnt about the HTTP POST and HTTP GET and the HTTPS

HTTPS means whatever data we send will be encrypted so that it is secure

Even when on submitting to some POST data to a HTTPS site while making a HttpWebRequest, Fiddler seems no problems to read the username and password. How?

POST https://someurl  HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: some-host
Content-Length: 84
Expect: 100-continue
Connection: Keep-Alive

j_username=admin&j_password=pass*&Submit=Login

The URL above is HTTPS probably means that all datas are encrypted.

How come then Fiddler know about the username and password ?

Answer 1

Fiddler is your proxy in certain sense, he sits in-between you and the outside world.