If you do any socket programming on Java or use any library that does, there will come a time that you need to monitor the traffic going through your application. You will need the following class in order to see the traffic in Fiddler
public final class XTrustProvider extends java.security.Provider
{
/**
*
*/
private static final long serialVersionUID = 1L;
private final static String NAME = "XTrustJSSE";
private final static String INFO = "XTrust JSSE Provider (implements trust factory with truststore validation disabled)";
private final static double VERSION = 1.0D;
@SuppressWarnings({ "unchecked", "rawtypes" })
public XTrustProvider()
{
super(NAME, VERSION, INFO);
AccessController.doPrivileged(new PrivilegedAction()
{
public Object run()
{
put("TrustManagerFactory." + TrustManagerFactoryImpl.getAlgorithm(), TrustManagerFactoryImpl.class.getName());
return null;
}
});
}
public static void install()
{
if (Security.getProvider(NAME) == null)
{
Security.insertProviderAt(new XTrustProvider(), 2);
Security.setProperty("ssl.TrustManagerFactory.algorithm", TrustManagerFactoryImpl.getAlgorithm());
}
}
public final static class TrustManagerFactoryImpl extends TrustManagerFactorySpi
{
public TrustManagerFactoryImpl()
{
}
public static String getAlgorithm()
{
return "XTrust509";
}
protected void engineInit(KeyStore keystore) throws KeyStoreException
{
}
protected void engineInit(ManagerFactoryParameters mgrparams) throws InvalidAlgorithmParameterException
{
throw new InvalidAlgorithmParameterException(XTrustProvider.NAME + " does not use ManagerFactoryParameters");
}
protected TrustManager[] engineGetTrustManagers()
{
return new TrustManager[]
{ new X509TrustManager()
{
public X509Certificate[] getAcceptedIssuers()
{
return null;
}
public void checkClientTrusted(X509Certificate[] certs, String authType)
{
}
public void checkServerTrusted(X509Certificate[] certs, String authType)
{
}
} };
}
}
}
You can initialize the above class by the following
XTrustProvider.install();