Capture HTTPS Traffic in Java with Eclipse, and Fiddler


I’ve been struggling with a JSON parsing error where my application is using the Spring to send and receive messages from a RESTful Web Service. It’s pretty straight forward: I’ve annotated my object properties to match up with the appropriate JSON keys, Spring takes my POJO and turns it into a JSON string sends the request along with the JSON as the body to the HTTPS endpoint, et voilà!

I’ve been struggling with a JSON parsing error where my application is using the Spring to send and receive messages from a RESTful Web Service. It’s pretty straight forward: I’ve annotated my object properties to match up with the appropriate JSON keys, Spring takes my POJO and turns it into a JSON string sends the request along with the JSON as the body to the HTTPS endpoint, et voilà!

The Problem

The problem comes in when something goes wrong with the request/response. Because the Spring obfuscates the actual request/response content, debugging it means you need to take a look at the traffic being sent over the wire. Since we’re using a good RESTful service, the connection is done through HTTPS, meaning it’s encrypted with a certificate that we don’t have.

On top of that, it appears that Fiddler doesn’t automatically capture Java HTTP traffic automatically, so that’s a thing too.

After some internet sleuthing, I put together a solution that I wanted to share with you all, and so that I don’t forget how to do it myself.

Setup

  1. Downlaod and Install Fiddler. I used Fiddler4, because I’m awesome.
  2. Run it and make sure it’s capturing HTTP traffic
  3. Open Tools –> Fiddler Options –> Connections Tab and take note of the “Fiddler listens on port” value. It’s likely 8888, but best to be sure.
  4. In the same window select HTTPS Tab and make sure sure that the following options are checked:
    • Capture HTTPS CONNECTS
    • Decrypt HTTPS traffic (…from all processes)
  1. Read, and if you’re alright with it, install the certificate.
  2. On the HTTPS tab, click the Export Root Certificate to Desktop and click OK.

Generating a Keystore

  1. Open a command line terminal as an administrator
  2. Run the keytool for the JDK your application is using:
<JDK_Home>\bin\keytool.exe -import -file C:\Users\<Username>\Desktop\FiddlerRoot.cer^n -keystore FiddlerKeystore -alias Fiddlern
  1. Enter a password and remember it
  2. Your keystore is created as a file named “FiddlerKeystore*. Take note of where it is located on your machine.

Configuring Eclipse

NOTE: You are not required to use Eclipse for this, but it seems to be the popular way of writing Java code.

  1. Open your project and go to Run –> Run Configurations
  2. Select the Run Configuration you want to use where you’ll capture the HTTPS traffic.
  3. Select the Arguments tab
  4. Add the following to the VMargs textbox:
-DproxySet=truen-DproxyHost=127.0.0.1
-DproxyPort=8888
-Djavax.net.ssl.trustStore="path\to\keystore\FiddlerKeystore"
-Djavax.net.ssl.trustStorePassword=yourpassword
  1. Click the Apply button
  2. Click the Run button to try it out

Tada! You’re done, and you should now be able to run your code and see the HTTP request and response, completely.

Alternative Solution — Configuring Your Code

Add the following lines to the application that you want to capture the HTTPS traffic.

// for capturing HTTP traffic
System.setProperty("http.proxyHost", "127.0.0.1");
System.setProperty("http.proxyPort", "8888");
// for capturing HTTPS traffic
System.setProperty("https.proxyHost", "127.0.0.1");
System.setProperty("https.proxyPort", "8888");

Thanks for playing. ~ DW

References
  1. Stack Overflow – How to Capture HTTPS with Fiddler in Java
  2. How to Use Eclipse with Fiddler

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.