How to debugg the client using Fiddler or sth else

[nICEnnnnnnnLee]

Describe what you would like to know or do
I'd like to debug my websocket client using Fiddler

Describe the solution you'd considered
I've tried proxy like this, but it reports cert error.

ExampleClient c = new ExampleClient(new URI("wss://a-site-to-test.com:12345"));
c.setProxy(new Proxy(Proxy.Type.HTTP, new InetSocketAddress("127.0.0.1", 8888)));
c.connect();

I googled that and copied a factory to trust all certs. The client works, but the https stream didn't goto Fiddler

ExampleClient c = new ExampleClient(new URI("wss://a-site-to-test.com:12345"));
c.setProxy(new Proxy(Proxy.Type.HTTP, new InetSocketAddress("127.0.0.1", 8888)));
c.setSocketFactory(TrustAllCertSSLUtil.getFactory());
c.connect();

Additional context
TrustAllCertSSLUtil.java

public class TrustAllCertSSLUtil implements TrustManager, X509TrustManager {

	private TrustAllCertSSLUtil() {
	}

	private static SSLSocketFactory sslFactory = null;

	public static SSLSocketFactory getFactory() throws Exception {
		if (sslFactory == null) {
			TrustManager[] trustAllCerts = new TrustManager[1];
			TrustManager tm = new TrustAllCertSSLUtil();
			trustAllCerts[0] = tm;
			SSLContext sc = SSLContext.getInstance("SSL");
			sc.init(null, trustAllCerts, null);
			sslFactory = sc.getSocketFactory();
		}
		return sslFactory;
	}

	public java.security.cert.X509Certificate[] getAcceptedIssuers() {
		return null;
	}

	public boolean isServerTrusted(java.security.cert.X509Certificate[] certs) {
		return true;
	}

	public boolean isClientTrusted(java.security.cert.X509Certificate[] certs) {
		return true;
	}

	public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType)
			throws java.security.cert.CertificateException {
		return;
	}

	public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType)
			throws java.security.cert.CertificateException {
		return;
	}
}

[dota17]

Can you change SSL to TLS ?
SSLContext sc = SSLContext.getInstance("**SSL**");

Follow the example:
https://github.com/TooTallNate/Java-WebSocket/wiki/Using-the-WebSocket-through-a-http-proxy

The same issue as follow:
https://blog.csdn.net/qq_21090257/article/details/54910677

[nICEnnnnnnnLee]

There's nothing to do with that.
If socketFactory exists, the config proxy will not work.

Java-WebSocket/src/main/java/org/java_websocket/client/WebSocketClient.java

Lines 447 to 471 in 0c163f6

	boolean isNewSocket = false;
	if (socketFactory != null) {
	socket = socketFactory.createSocket();
	} else if( socket == null ) {
	socket = new Socket( proxy );
	isNewSocket = true;
	} else if( socket.isClosed() ) {
	throw new IOException();
	}
	socket.setTcpNoDelay( isTcpNoDelay() );
	socket.setReuseAddress( isReuseAddr() );
	if (!socket.isConnected()) {
	InetSocketAddress addr = new InetSocketAddress(dnsResolver.resolve(uri), this.getPort());
	socket.connect(addr, connectTimeout);
	}
	// if the socket is set by others we don't apply any TLS wrapper
	if (isNewSocket && "wss".equals( uri.getScheme())) {
	SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
	sslContext.init(null, null, null);
	SSLSocketFactory factory = sslContext.getSocketFactory();
	socket = factory.createSocket(socket, uri.getHost(), getPort(), true);
	}

[nICEnnnnnnnLee]

BTW, the method given in the wiki is Deprecated.
https://github.com/TooTallNate/Java-WebSocket/wiki/Using-the-WebSocket-through-a-http-proxy

Java-WebSocket/src/main/java/org/java_websocket/client/WebSocketClient.java

Lines 812 to 813 in 0c163f6

	@Deprecated
	public void setSocket( Socket socket ) {

[marci4]

BTW, the method given in the wiki is Deprecated.
TooTallNate/Java-WebSocket/wiki/Using-the-WebSocket-through-a-http-proxy

Java-WebSocket/src/main/java/org/java_websocket/client/WebSocketClient.java

Lines 812 to 813 in 0c163f6

	@Deprecated
	public void setSocket( Socket socket ) {

https://github.com/TooTallNate/Java-WebSocket/blob/master/src/main/example/ProxyClientExample.java is up to date

[marci4]

My fiddle behaves unexpected. I do not need the socketfactory, but the connection will be reset by fiddle (since it cannot validate the certificate of the other side?)

[nICEnnnnnnnLee]

My fiddle behaves unexpected. I do not need the socketfactory, but the connection will be reset by fiddle (since it cannot validate the certificate of the other side?)

@marci4 , it seems you're talking about debugging sever using specific cert. But in my case, the server's cert is qualified.
My concern is how to let the client accept the cert signed by Fiddler itself.

mitm proxy

           cert singed by Fiddler                    cert given by server
client  <--------------------------->  Fiddler  <----------------------------->  Server

[dota17]

There's nothing to do with that.
If socketFactory exists, the config proxy will not work.

Java-WebSocket/src/main/java/org/java_websocket/client/WebSocketClient.java

Lines 447 to 471 in 0c163f6

	boolean isNewSocket = false;
	if (socketFactory != null) {
	socket = socketFactory.createSocket();
	} else if( socket == null ) {
	socket = new Socket( proxy );
	isNewSocket = true;
	} else if( socket.isClosed() ) {
	throw new IOException();
	}
	socket.setTcpNoDelay( isTcpNoDelay() );
	socket.setReuseAddress( isReuseAddr() );
	if (!socket.isConnected()) {
	InetSocketAddress addr = new InetSocketAddress(dnsResolver.resolve(uri), this.getPort());
	socket.connect(addr, connectTimeout);
	}
	// if the socket is set by others we don't apply any TLS wrapper
	if (isNewSocket && "wss".equals( uri.getScheme())) {
	SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
	sslContext.init(null, null, null);
	SSLSocketFactory factory = sslContext.getSocketFactory();
	socket = factory.createSocket(socket, uri.getHost(), getPort(), true);
	}

Can you check your Internet Settings as follow ?

[nICEnnnnnnnLee]

Can you check your Internet Settings as follow ?

The same with you.

Well, I agree with your opinion to change "SSL" to “TLS” or "TLSv1.2".
The fiddler still receives nothing from the client, what should I do next?

[nICEnnnnnnnLee]

ExampleClient c = new ExampleClient(new URI("wss://a-site-to-test.com:12345"));
c.setProxy(new Proxy(Proxy.Type.HTTP, new InetSocketAddress("127.0.0.1", 8888)));
c.connect();

It works if I change null to trustAllCerts and delete the judment if (socket instanceof SSLSocket) follows in WebSocketClient.java.

Java-WebSocket/src/main/java/org/java_websocket/client/WebSocketClient.java

Lines 465 to 478 in 0c163f6

	// if the socket is set by others we don't apply any TLS wrapper
	if (isNewSocket && "wss".equals( uri.getScheme())) {
	SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
	sslContext.init(null, null, null);
	SSLSocketFactory factory = sslContext.getSocketFactory();
	socket = factory.createSocket(socket, uri.getHost(), getPort(), true);
	}
	if (socket instanceof SSLSocket) {
	SSLSocket sslSocket = (SSLSocket)socket;
	SSLParameters sslParameters = sslSocket.getSSLParameters();
	onSetSSLParameters(sslParameters);
	sslSocket.setSSLParameters(sslParameters);
	}

// if the socket is set by others we don't apply any TLS wrapper
if (isNewSocket && "wss".equals(uri.getScheme())) {
	SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
	// sslContext.init(null, null, null);
	TrustManager[] trustAllCerts = new TrustManager[] { 
			new X509TrustManager() {
				@Override
				public void checkClientTrusted(X509Certificate[] arg0, String arg1)
						throws CertificateException {
					
				}
				@Override
				public void checkServerTrusted(X509Certificate[] arg0, String arg1)
						throws CertificateException {
					
				}

				@Override
				public X509Certificate[] getAcceptedIssuers() {
					return new java.security.cert.X509Certificate[] {};
				}
			} 
	};
	sslContext.init(null, trustAllCerts, null);
	SSLSocketFactory factory = sslContext.getSocketFactory();
	socket = factory.createSocket(socket, uri.getHost(), getPort(), true);
}

//if (socket instanceof SSLSocket) {
//	SSLSocket sslSocket = (SSLSocket) socket;
//	SSLParameters sslParameters = sslSocket.getSSLParameters();
//	onSetSSLParameters(sslParameters);
//	sslSocket.setSSLParameters(sslParameters);
//}

[dota17]

ExampleClient c = new ExampleClient(new URI("wss://a-site-to-test.com:12345"));
c.setProxy(new Proxy(Proxy.Type.HTTP, new InetSocketAddress("127.0.0.1", 8888)));
c.connect();

It works if I change null to trustAllCerts and delete the judment if (socket instanceof SSLSocket) follows in WebSocketClient.java.

Java-WebSocket/src/main/java/org/java_websocket/client/WebSocketClient.java

Lines 465 to 478 in 0c163f6

	// if the socket is set by others we don't apply any TLS wrapper
	if (isNewSocket && "wss".equals( uri.getScheme())) {
	SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
	sslContext.init(null, null, null);
	SSLSocketFactory factory = sslContext.getSocketFactory();
	socket = factory.createSocket(socket, uri.getHost(), getPort(), true);
	}
	if (socket instanceof SSLSocket) {
	SSLSocket sslSocket = (SSLSocket)socket;
	SSLParameters sslParameters = sslSocket.getSSLParameters();
	onSetSSLParameters(sslParameters);
	sslSocket.setSSLParameters(sslParameters);
	}

// if the socket is set by others we don't apply any TLS wrapper
if (isNewSocket && "wss".equals(uri.getScheme())) {
	SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
	// sslContext.init(null, null, null);
	TrustManager[] trustAllCerts = new TrustManager[] { 
			new X509TrustManager() {
				@Override
				public void checkClientTrusted(X509Certificate[] arg0, String arg1)
						throws CertificateException {
					
				}
				@Override
				public void checkServerTrusted(X509Certificate[] arg0, String arg1)
						throws CertificateException {
					
				}

				@Override
				public X509Certificate[] getAcceptedIssuers() {
					return new java.security.cert.X509Certificate[] {};
				}
			} 
	};
	sslContext.init(null, trustAllCerts, null);
	SSLSocketFactory factory = sslContext.getSocketFactory();
	socket = factory.createSocket(socket, uri.getHost(), getPort(), true);
}

//if (socket instanceof SSLSocket) {
//	SSLSocket sslSocket = (SSLSocket) socket;
//	SSLParameters sslParameters = sslSocket.getSSLParameters();
//	onSetSSLParameters(sslParameters);
//	sslSocket.setSSLParameters(sslParameters);
//}

So ? Welcome PR.

[marci4]

No we cannot do this. This breaks everything for normal users

[marci4]

Are we talking about Fiddler Everythere or Fiddler Classic?

[nICEnnnnnnnLee]

I'm using Fiddler Classic.
Will it differ if I use Fiddler Everythere, or Fiddler Classic, or Charles, or sth else?

[nICEnnnnnnnLee]

I've made a commit nICEnnnnnnnLee@8d355a7
But I'm not sure whether it will break something, especially
https://github.com/nICEnnnnnnnLee/Java-WebSocket/blob/8d355a70ed42c6a4296cbe3f9698f360af1cad9a/src/main/java/org/java_websocket/client/WebSocketClient.java#L485-L491