Pending Review
Last Updated: 27 May 2019 05:49 by Vasilev
Created on: 30 Apr 2019 19:57
Type: Feature Request
Responding to requests requiring a client smartcard certificate which must not be offloaded into a simple cer file

Running into more and more issues where the end user are authenticating via a smartcard. If the issue is after the initial handshake then we may be able to turn on Fiddler after the authentication and everything is okay. If the issue is specifically to do with the authentication or authentication screens then we are stuck and have no tool to use to debug the issue, especially when it may involve multiple processes. 

 With appropriate new settings in the Fiddler Options, could the socket connection on a TLS send certificate challenge call the appropriate API to use the SmartCard reader as well as challenge for a pin/biometric instead of reading from a certificate.cer file?  

Posted on: 27 May 2019 05:49
Eric, nice plugin, but unfortunately it doesn't work... it had been asking for a certificate in a 302 redirection loop, and has failed with a missing PKI card error message in the end, although it works if I disable "Capture Traffic" menu option.
Posted on: 01 May 2019 01:01

Can you elaborate on why the certificate "must not be offloaded"? (It's important to recognize that when you export a certificate from the smartcard, the private key never leaves the Smartcard-- the CER file just retains a pointer to it.)

Fiddler's extensibility model allows extensions to intermediate upon the client certificate request, which may allow you to achieve your goals without any work from Telerik.

Here's an example extension which causes Fiddler to show Windows' built-in client certificate picker dialog: