I really like Fiddler, the web debugger. I like TLS. I develop software. Therefore I find the interception and decryption of secure traffic very useful.
On the other hand I’m into security for a few years now and from that perspective it is a man in the middle attack. So you might want to allow this for the shortest period of time.
Fiddler installs a Trusted Root Certificate and dynamically issues certificates for the requested targets for the requested host names.
This messes up the certificate store and under certain circumstances leaves risk for potential abuse of these certificates – which are trusted on your machine.
So let’s do some automation to clean up. First a few lines of PowerShell:
And Finally a scheduled task to import that runs on log on: