Question
The titular trio of SSL traffic decryption, iOS app, and FiddlerCore is the holy grail I am trying to reach.
The caveats that are so far my undoing:
1) The certificate must be trusted by the iOS device; if it isn't, Safari for example will prompt you to continue, but a third party app won't do this.
2) The certificate must be generated using the CertMaker for iOS and Android plugin - that is to say that the bundled makecert.exe produces certificates which iOS does not trust.
I have achieved the SSL decryption part, and the iOS app part, but only from Fiddler itself (not programmatically with FiddlerCore) because it allows you to use a plugin for certificate duty; you cannot use plugins from FiddlerCore.
My attempted solution to this was to manually specify the certificate used by fiddlercore, and point it towards a .cer previously generated by Fiddler and the ios Certificate Maker plugin. In code it would look like this:
https://stackoverflow.com/questions/17999306
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianFiddlerApplication.oDefaultClientCertificate = X509Certificate.CreateFromCertFile(@"FiddlerRoot.cer");
FiddlerApplication.Startup(8877, FiddlerCoreStartupFlags.DecryptSSL | FiddlerCoreStartupFlags.AllowRemoteClients | ~FiddlerCoreStartupFlags.RegisterAsSystemProxy);
Nevertheless I can't make this fly - it still tries to use makecert.exe and as far as I can tell is just disregarding my manually specified certificate; my understanding of SSL certs is woeful so I am hopeful that at the very least someone can tell me I'm barking up the wrong tree. If someone knows what I can do to get to where I want to be it would be very much appreciated. Thank you all!
Solution
The oDefaultClientCertificate object refers to the certificate that FiddlerCore will attempt to send to the server if it demands such a certificate for client-certificate-based Authentication. That object has nothing to do with the server-certificate that Fiddler sends to the iOS client.
In order for this scenario to work, you need to use the CertMaker plugin for FiddlerCore. Fortunately, the next build of FiddlerCore will ship with a compatible build of that plugin.
