Capturing SSL Requests with the Url Capture Form - RickStrahl/WestWindWebSurge GitHub Wiki

WebSurge can decrypt SSL requests for the URL Capture form by installing a temporary man in the middle certificate to intercept SSL requests and capture the SSL requests. To do this you need to:

  • Click the SSL dropdown button on the Url Capture Form
  • Select Install Certificate
  • Accept the dialog prompts

This creates a temporary certificate that is used by the URL Capture mechanism (thanks to Telerik's excellent FiddlerCore). Once the certificate has been created and registered with the application, you should be able to capture any HTTPS/SSL requests.

Some SSL Requests won't work this way

Some sites implement strict SSL protocols like HST and those protocols explicitly check the SSL signatures on both ends of the connection. Since the interceptor certificate is not the same as the originating request you may see failures in the SSL requests.

In some cases you can mitigate these issues by using the IgnoreCertificateErrors option in the Session settings, but in others that may not be sufficient. If this is the case most likely you won't be able to access the SSL URL in the browser or your application - you'll get a failure. If it goes through (see next section) then it's possible there's a problem with the certificate installation.

FireFox may not allow proxied SSL Requests

Also note that FireFox may not allow man in the middle certificates and blocks requests that are using the SSL proxy certificate. If you can't bypass the option, you may not be able to use FireFox for capturing the content - use another browser like Chrome or Internet Explorer instead.

SSL Requests are bypassed

If you are using the URL capture form and SSL request work in the browser or your application, but they are not being captured it means that the temporary certificate is not working properly.

Clear cached RSA Certificates

There can be many reasons for this but one frequent problem are the cached CAPI2 keys stored keys. To fix this problem:

  • Uninstall the WebSurge SSL certificate from the Url Capture Form
  • Delete the RSA folder from Windows temporary cached key store 
    C:\Users\<username>\AppData\Roaming\Microsoft\Crypto\RSA
  • Reboot the machine
  • Reinstall the WebSurge SSL certificate on the URL Capture Form
  • Try capturing requests again
Add a custom footer
⚠️ **GitHub.com Fallback** ⚠️