Monday, March 17, 2014

How to use Eclipse with Fiddler step by step (for JAVA)

Background:

Eclipse is a nice IDE that popular among JAVA programmers. Recently I have involve with few java base project and that mostly with notwork programming stuff such as HTTP request sending, POST submit, GET request. I used my favorite http/https traffic recording tool "Fiddelr" to use with Eclipse.

So here is the my simple JAVA program that send a http post request to the server. Here I uses Apache HTTPClient (JAVA http implementation) for easy coding.

import java.io.IOException;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.HttpResponse;

public class HTTPRequest{

String base_url = "https://destination-server.com";

public static void main(String[] args) { 
 HttpClient wf_client = HttpClients();
 HttpGet get_request = new HttpGet(base_url);
 try {
  HttpResponse login_responce = wf_client.execute(get_request);  
 }catch (IOException e) {
  System.out.println(e);
 } 
}
}


Previously when I work with C++ network programming Visual Studion IDE. I could use Fiddler to capture http and https traffic without any extra configuration. But this time when I compile and run this program in Eclipse, Fiddler does not show any http traffic. So i had to spend few hours to figure out, how to use Eclipse with Fiddler.

Let's try step by step:

Step - 1:  Go to http://www.telerik.com/fiddler and click on [Free Download] button to download Fiddler and install in to your PC.

Step - 2: If you installed Fiddler properly, when you load a web page in your web browser, you can see the http and https traffic in the Fiddler window as below


 Step - 3: Go to Filter tab in the right side of the windows and add filter to show only traffic to your destination host. and click [Action] button to save


 Step - 4: click [Remove all] to clear up all the previous recorded traffic.


Step - 5: Then go in to Eclipse and build and run your program that sending HTTP requests to the remote host. If the Fiddler showing the request, no issue you can continue works. But if the Fiddler doesn't record the requests here is the way to figure-out.

Step - 6: For record the http/http request you have to send the request trough the Fiddler. So go to 'Tools' -> Fiddler Option -> 'Connection' tab and check the port specify there.


Step - 7: So here is my case, it's automatically configured to port 8888. After identifying the port your have to add your localhost and above port as proxy to your connection. look at the example below.

public static void main(String[] args) { 
 HttpHost proxy = new HttpHost("localhost", 8888);
 HttpClients wf_client = HttpClients.custom().setProxy(proxy).build();
 HttpGet get_request = new HttpGet(base_url);
 try {
  HttpResponse login_responce = wf_client.execute(get_request);  
 }catch (IOException e) {
  System.out.println(e);
 } 
}

Step - 8:If you sending just http requests now your fiddler works fine and you can see the sending and receiving requests and the details of those. But if you are sending https requests now your program shows this run-time error.


Unexpected errorjavax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target


Step - 9: To get rid from this exception go to 'Tools' -> 'Fiddler Options' -> 'Https' tab and click Export 'Root Certificate ti Desktop'


Step - 10: Now we have to install the exported certificate to JAVA. for that open 'command prompt' as administrator and run below command


C:\Windows\system32>keytool.exe -import -file [path the exported file] -keyst
ore [name for keystre] -alias [alias name for certificate]

As a example, In my PC command is like this

C:\Windows\system32>keytool.exe -import -file C:\Users\nayanaa\Desktop\FiddlerRoot.cer -keyst
ore FiddlerKeystore -alias Fiddler

Step - 11: Then the system will ask you to enter a password to access certificate. Please enter a whatever a password and confirm the password. Please be careful to remember entered password.


Step - 12: Then the system will ask are you trusting this certificate. enter 'Y' and press enter. Then it will show "certificate added successfully" message.


Step - 13:  Then go yo your 'Java Home' -> Jre[x] ->bin. There you can see a file named FiddlerKeystore. move that file to 'Java Home' ->  Jre[x] -> lib ->security


Step - 14:  Now you installed the certificate to use Fiddler as a proxy server for https requests. Simply now you can send https requests trough fiddler. for this you have to add two lines to your program to speciify truestore and truestore password. Here you have to specify the path to FiddlerKeystore file in  'Java Home' ->  Jre[x] -> lib ->security and the password you enter while installing the certificate.


public static void main(String[] args) { 
 System.setProperty("javax.net.ssl.trustStore", "C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\FiddlerKeystore");
 System.setProperty("javax.net.ssl.trustStorePassword", "my#password");
 HttpHost proxy = new HttpHost("localhost", 8888);
 HttpClients wf_client = HttpClients.custom().setProxy(proxy).build();
 HttpGet get_request = new HttpGet(base_url);
 try {
  HttpResponse login_responce = wf_client.execute(get_request);  
 }catch (IOException e) {
  System.out.println(e);
 } 
}

Step - 15: Now everything completed. you can track and record all the http and https traffic sending by eclipse.

44 comments:

  1. I am still getting the same exception.

    Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.S
    unCertPathBuilderException: unable to find valid certification path to requested target

    ReplyDelete
  2. I am also getting the same error as Rajper even after following these instructions.

    ReplyDelete
  3. Everything works except I can't find FiddlerKeystore after it was added in JAVA_HOME

    ReplyDelete
    Replies
    1. In the above example -keystore FiddlerRoot is missing, add it. The FiddlerRoot file will be generated in the folder you run the command.

      Then add the following to eclipse / run / run configuration / vm



      -DproxySet=true
      -DproxyHost=127.0.0.1
      -DproxyPort=8888
      -Djavax.net.ssl.trustStore="C:\docs\certificates\FiddlerKeystore"
      -Djavax.net.ssl.trustStorePassword=****

      Delete
  4. Excellent post!!!. The strategy you have posted on this technology helped me to get into the next level and had lot of information in it.
    cloud computing training in chennai | cloud computing courses in chennai

    ReplyDelete
  5. This comment has been removed by the author.

    ReplyDelete
  6. I have been able to capture HTTPS traffic in Fiddler from Java when using URLConnection and Apache httpclient. But what ever I have tried I am not successful at capturing HTTPS traffic when using Jetty HttpClient. Anyone know how I can capture HTTPS traffic from Java while using Jetty HttpClient?

    ReplyDelete
  7. I have been able to capture HTTPS traffic in Fiddler from Java when using URLConnection and Apache httpclient. But what ever I have tried I am not successful at capturing HTTPS traffic when using Jetty HttpClient from Java. Anyone know how I can capture HTTPS traffic from Java while using Jetty HttpClient?

    ReplyDelete
  8. I have read your blog its very attractive and impressive. I like it your blog.

    Java Training in Chennai Core Java Training in Chennai Core Java Training in Chennai

    Java Online Training Java Online Training Core Java 8 Training in Chennai Core java 8 online training JavaEE Training in Chennai Java EE Training in Chennai

    ReplyDelete

  9. Thank you sharing the excellent post about JAVA programming. you helped me to gain more information on the JAVA language.

    Java Training in Chennai |
    Java Course in Chennai

    ReplyDelete
  10. works like charm ! thanx !

    ReplyDelete
  11. Thanks for splitting your comprehension with us. It’s really useful to me & I hope it helps the people who in need of this vital information.
    Hadoop Training in Chennai
    Big Data Training in Chennai
    Big Data Training
    CCNA Training in Chennai
    CCNA course in Chennai
    CCNA Training institute in Chennai

    ReplyDelete
  12. Thanks for splitting your comprehension with us. It’s really useful to me & I hope it helps the people who in need of this vital information. 
    Best Devops online Training
    Online DevOps Certification Course - Gangboard
    Best Devops Training institute in Chennai

    ReplyDelete
  13. I appreciate that you produced this wonderful article to help us get more knowledge about this topic.
    I know, it is not an easy task to write such a big article in one day, I've tried that and I've failed. But, here you are, trying the big task and finishing it off and getting good comments and ratings. That is one hell of a job done!



    Selenium training in bangalore
    Selenium training in Chennai
    Selenium training in Bangalore
    Selenium training in Pune
    Selenium Online training

    ReplyDelete
  14. I appreciate that you produced this wonderful article to help us get more knowledge about this topic.
    I know, it is not an easy task to write such a big article in one day, I've tried that and I've failed. But, here you are, trying the big task and finishing it off and getting good comments and ratings. That is one hell of a job done!



    Selenium training in bangalore
    Selenium training in Chennai
    Selenium training in Bangalore
    Selenium training in Pune
    Selenium Online training

    ReplyDelete
  15. Really very nice blog information for this one and more technical skills are improve,i like that kind of post.
    python Course in Pune
    python Course institute in Chennai
    python Training institute in Bangalore

    ReplyDelete
  16. Great post. I was once checking constantly this weblog and I'm impressed! Extremely useful information specially the closing part. I maintain such information much. I was once seeking this specific information for a very long time. Many thanks and best of luck.
    lg mobile service center in chennai
    lg mobile service center
    lg mobile service chennai

    ReplyDelete
  17. Attend The Python training in bangalore From ExcelR. Practical Python training in bangalore Sessions With Assured Placement Support From Experienced Faculty. ExcelR Offers The Python training in bangalore.
    python training in bangalore

    ReplyDelete
  18. 祝你與家人和親人一起度過愉快快樂的新一周。感謝您分享這篇文章

    Giảo cổ lam hòa bình

    hat methi

    hạt methi

    hạt methi ấn độ

    ReplyDelete
  19. This is a nice Site to watch out for and we provided information on
    vidmate make sure you can check it out and keep on visiting our Site.

    ReplyDelete
  20. Download and install Vidmate App which is the best HD video downloader software available for Android. Get free latest HD movies, songs, and your favorite TV shows

    ReplyDelete
  21. Download and install Vidmate App which is the best HD video downloader software available for Android. Get free latest HD movies, songs, and your favorite TV shows.

    ReplyDelete
  22. cool stuff you have and you keep Python training in pune overhaul every one of us

    ReplyDelete
  23. Дээд чанар бол зүгээр л( đá ruby thiên nhiên ) санаатай биш юм. Энэ нь өндөр( đá ruby nam phi ) түвшний төвлөрөл, тусгай хүчин( Đá Sapphire ) чармайлт, ухаалаг ( đá sapphire hợp mệnh gì )чиг баримжаа, чадварлаг туршлага, ( đá ruby đỏ )саад тотгорыг даван туулах( lịch sử hình thành của đá emerald ) боломжийг хардаг.

    ReplyDelete
  24. Although very bitter, the truth is ( sửa chữa đồ gỗ tại nhà ), the bigger and bigger the house is, the temporary residence. The new gourd is the eternal home of all of us( thợ sửa đồ gỗ ). So, the house is not as big as the wide mind, the heart is open, and the outside( sửa chữa đồ gỗ ) is not as peaceful as the peaceful mind.

    ReplyDelete