The new Fiddler2.1.0.3 alpha can pull a client certificate off disk from a known location (shown in a prompt on the first visit to a site requiring client certificate).
I have a question. We use Fiddler as a tool during penetration testing. We frequently test banking applications. Those applications sometimes make use of client side SSL, but with certs issued on smartcards. Are there any plans to include support for PKCS#11 or simply use any client certificate that is registered in Windows?
If you export a .CER from the SmartCard certificate, Fiddler will use the matching certificate from the smartcard to authenticate.
See http://groups.msn.com/HTTPFiddler/featurerequests.msnw?action=get_message&mview=0&ID_Message=499&LastModified=4675630115210406507 for further discussion
2 Comments:
I have a question. We use Fiddler as a tool during penetration testing. We frequently test banking applications. Those applications sometimes make use of client side SSL, but with certs issued on smartcards. Are there any plans to include support for PKCS#11 or simply use any client certificate that is registered in Windows?
By Unknown, at 12:05 AM
If you export a .CER from the SmartCard certificate, Fiddler will use the matching certificate from the smartcard to authenticate.
See http://groups.msn.com/HTTPFiddler/featurerequests.msnw?action=get_message&mview=0&ID_Message=499&LastModified=4675630115210406507 for further discussion
By Ericlaw, at 12:09 AM
Post a Comment
<< Home