Scheduled task to automatically delete Fiddler HTTPS interception certificates

I really like Fiddler, the web debugger. I like TLS. I develop software. Therefore I find the interception and decryption of secure traffic very useful.

image

On the other hand I’m into security for a few years now and from that perspective it is a man in the middle attack. So you might want to allow this for the shortest period of time.

Fiddler installs a Trusted Root Certificate and dynamically issues certificates for the requested targets for the requested host names.

image

This messes up the certificate store and under certain circumstances leaves risk for potential abuse of these certificates – which are trusted on your machine.

image

So let’s do some automation to clean up. First a few lines of PowerShell:

And Finally a scheduled task to import that runs on log on:

HTH

Add comment

Loading