Nov 19, 2012

Web-debugging HTTPS PHP cURL requests with Fiddler

Recently I was faced with a task of implementing OAuth 1.0 authentication. The authentication must be done with JavaScript, and I had a working example implemented in PHP (as a console app).

I've done major part of the task, but on the last step - while trying to actually use OAuth token to receive data - I've got 'signature invalid' error. I've studied PHP script carefully and 'echo'-ed values of interest to console, but still no luck to figuring out what was wrong.

It would be very convenient to see all PHP traffic in Fiddler, I thought, and what you need for it is described below.

Assume that Fiddler is running as usual on localhost ( on port 8888. First of all you need to tell cURL to use proxy.

$proxy = "";
$ch = curl_init();
curl_setopt($ch, CURLOPT_PROXY, $proxy);

for your convenience you can also tell cURL to print debug info:

curl_setopt($ch, CURLOPT_VERBOSE, 1);

This will run cURL thru Fiddler, but you will not see (by default) decoded HTTPS traffic, because Fiddler decode HTTPS only from browsers (again, by default), so you need to change it to '...from all processes' if you run from command line PHP script (or just cURL):

again, this will, most probably result in HTTPS certificate errors since cURL knows nothing about Fiddler certificate (and Windows certificates), so easiest way is to just tell cURL to ignore SSL certificate errors:


That's all, now you should see PHP cURL traffic, both HTTP and HTTPS.

No comments:

Post a Comment