chromium 85 以后,2020-09-01 以后签发的HTTPS TLS 证书的有效期最多不超过398天,这导致fiddler默认的根证书无效,无法抓包。
Beginning with Chrome 85, TLS server certificates issued on or after 2020-09-01 00:00:00 UTC will be required to have a validity period of 398 days or less. This will only apply to TLS server certificates from CAs that are trusted in a default installation of Google Chrome, commonly known as “publicly trusted CAs”, and will not apply to locally-operated CAs that have been manually configured.
Certificates that do not comply with this requirement will not work, and may cause webpages to fail to load or to render incorrectly.
If a certificate that does not comply with this requirement is issued by a CA trusted in a default installation of Google Chrome, this will be treated as a failure to comply with the security policies necessary to being a trusted CA, and may result in the removal of trust of that CA’s certificates.
需要重新配置Fiddler的证书有效期。
打开Fiddler的选项-HTTPS页面,提示证书由CertMaker.dll
签发。
把这个CertMaker.dll
扔进dnspy
里面看一下。
有两个字段控制了证书的生成时间。
在QuickExec
执行 about:config
(Fiddler抓包界面下面的命令行)fiddler.certmaker.bc.ee.yearsvalid
是 有效年份fiddler.certmaker.bc.ee.CreatedDaysAgo
是 起始日期
这里年份填1,起始日期填-7就行了