I have just discovered that Fiddler can decrypt HTTPS traffic.
For instance, I deployed a website on localhost using HTTPS. When inspecting the data packets in Fiddler, I was able to view all the information since it has an option to decrypt it.
My question is, why make use of HTTPS when Fiddler can easily decrypt it?
解决方案
Fiddler performs a MITM technique.
To make it work, you need to trust its Certificate:
If you don't, it won't decrypt anything...
how can Fiddler2 debug HTTPS traffic?
A: Fiddler2 relies on a "man-in-the-middle" approach to HTTPS
interception. To your web browser, Fiddler2 claims to be the secure
web server, and to the web server, Fiddler2 mimics the web browser.
In order to pretend to be the web server, Fiddler2 dynamically
generates a HTTPS certificate.
Fiddler's certificate is not trusted by your web browser (since
Fiddler is not a Trusted Root Certification authority), and hence
while Fiddler2 is intercepting your traffic, you'll see a HTTPS error
message in your browser [...]