问题描述

我刚刚发现，Fiddler可以解密HTTPS流量。

I have just discovered that Fiddler can decrypt HTTPS traffic.

例如，我使用HTTPS在localhost上部署了一个网站。当检查Fiddler中的数据包时，我可以查看所有的信息，因为它有一个解密的选项。

For instance, I deployed a website on localhost using HTTPS. When inspecting the data packets in Fiddler, I was able to view all the information since it has an option to decrypt it.

我的问题是，为什么使用HTTPS Fiddler可以轻松解密？

My question is, why make use of HTTPS when Fiddler can easily decrypt it?

推荐答案

Fiddler执行 MITM 技术。

Fiddler performs a MITM technique.

为了使其工作，您需要信任其证书：

To make it work, you need to trust its Certificate:

如果没有，它不会解密任何东西...

If you don't, it won't decrypt anything...

A：Fiddler2依赖于一个中间人的方式进行HTTPS
截取。对于您的网络浏览器，Fiddler2声称是安全的
Web服务器，而对于Web服务器，Fiddler2模仿Web浏览器。
为了假装成为Web服务器，Fiddler2动态
生成HTTPS证书。

A: Fiddler2 relies on a "man-in-the-middle" approach to HTTPS interception. To your web browser, Fiddler2 claims to be the secure web server, and to the web server, Fiddler2 mimics the web browser. In order to pretend to be the web server, Fiddler2 dynamically generates a HTTPS certificate.

Fiddler的证书不被您的Web浏览器信任（因为
Fiddler不是受信任的根证书颁发机构），因此Fiddler2拦截您的流量的
，您的浏览器中会显示HTTPS错误
消息[...] p>

Fiddler's certificate is not trusted by your web browser (since Fiddler is not a Trusted Root Certification authority), and hence while Fiddler2 is intercepting your traffic, you'll see a HTTPS error message in your browser [...]

这篇关于为什么使用HTTPS时，Fiddler可以解密它的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！