c# – 在Safari,IE和iOS设备上使用Fiddler信任证书并捕获流量

码：

public class ProxyConfig
    {
        private readonly string _secureEndpointHostname = IPAddress.Any.ToString();
        private readonly int _secureEndpointPort = 4555;
        private readonly int _port = 18882;

        private static readonly ICollection<Session> AllSessions = new List<Session>();

        private static Fiddler.Proxy _secureEndpoint;

        private static readonly LoggerCnx Logger = new LoggerCnx();
        private Action<string> onRequest;

        public ProxyConfig()
        {
        }

        public ProxyConfig(Action<string> onRequest)
        {
            this.onRequest = onRequest;
        }

        public void SetupProxyListener()
        {
            FiddlerApplication.SetAppDisplayName("FiddlerCoreProxyApp");

            // This is a workaround for known issue in .NET Core - https://github.com/dotnet/coreclr/issues/12668
            CultureInfo.DefaultThreadCurrentUICulture = new CultureInfo("en-US");

            // Simply echo notifications to the console.  Because Fiddler.CONFIG.QuietMode=true 
            // by default,we must handle notifying the user ourselves.
            //Fiddler.FiddlerApplication.OnNotification += delegate (object sender,NotificationEventArgs oNEA) { System.Diagnostics.Debug.WriteLine("** NotifyUser: " + oNEA.NotifyString); };
            FiddlerApplication.Log.OnLogString += delegate (object sender,LogEventArgs oLEA) { Logger.Info("** LogString: " + oLEA.LogString); };

            FiddlerApplication.BeforeRequest += delegate (Session session)
            {

                if (!CertMaker.rootCertIsTrusted())
                {
                    CertMaker.trustRootCert();
                }

                if (onRequest != null)
                {
                    onRequest(session.fullUrl);
                }

                // In order to enable response tampering,buffering mode MUST
                // be enabled; this allows FiddlerCore to permit modification of
                // the response in the BeforeResponse handler rather than streaming
                // the response to the client as the response comes in.
                session.bBufferResponse = false;
                lock (AllSessions)
                {
                    AllSessions.Add(session);
                    Logger.Info("Session: " + session.fullUrl);
                }
                session["X-AutoAuth"] = "(default)";

                if ((session.oRequest.pipeClient.LocalPort == _secureEndpointPort) && (session.hostname == _secureEndpointHostname))
                {
                    session.utilCreateResponseAndBypassServer();
                    session.oResponse.headers.SetStatus(200,"OK");
                    session.oResponse["Content-Type"] = "text/html; charset=UTF-8";
                    session.oResponse["Cache-Control"] = "private,max-age=0";
                    session.utilSetResponseBody("<html><body>Request for httpS://" + _secureEndpointHostname + ":" + _secureEndpointPort.ToString() + " received. Your request was:<br /><plaintext>" + session.oRequest.headers.ToString());
                }
            };

            Logger.Info($"Starting {FiddlerApplication.GetVersionString()}...");
            CONFIG.IgnoreServerCertErrors = true;
            CONFIG.bCaptureCONNECT = true;

            FiddlerApplication.Prefs.SetBoolPref("fiddler.network.streaming.abortifclientaborts",true);

            FiddlerCoreStartupFlags startupFlags = FiddlerCoreStartupFlags.Default;

            startupFlags = (startupFlags | FiddlerCoreStartupFlags.DecryptSSL);
            startupFlags = (startupFlags | FiddlerCoreStartupFlags.AllowRemoteClients);
            startupFlags = (startupFlags & ~FiddlerCoreStartupFlags.MonitorAllConnections);
            startupFlags = (startupFlags & ~FiddlerCoreStartupFlags.CaptureLocalhostTraffic);

            FiddlerApplication.Startup(_port,startupFlags);

            Logger.Info("Created endpoint listening on port {0}",_port);

            Logger.Info("Starting with settings: [{0}]",startupFlags);
            Logger.Info("Gateway: {0}",CONFIG.UpstreamGateway.ToString());

            // Create a HTTPS listener,useful for when FiddlerCore is masquerading as a HTTPS server
            // instead of acting as a normal CERN-style proxy server.
            _secureEndpoint = FiddlerApplication.CreateProxyEndpoint(_secureEndpointPort,true,_secureEndpointHostname);
            if (null != _secureEndpoint)
            {
                Logger.Info("Created secure endpoint listening on port {0},using a HTTPS certificate for '{1}'",_secureEndpointPort,_secureEndpointHostname);
            }
        }
    }

其目的是捕获和分析来自Windows,Mac OS X,Android和iOS浏览器(主要是桌面和移动设备上的Chrome,Firefox和Safari)的流量.

到目前为止,它似乎正在努力：

> Windows浏览器：Chrome,Firefox.不适用于IE和Edge
> Android：Chrome
> Mac OS：Chrome,Firefox. Safari无法正常工作
> iOS：没有

在我的日志文件中,我看到Fiddler在浏览器无法正常工作时记录以下错误(适用于所有设备). HTTPS请求的示例：

2018-02-14 17:25:50.3860 | INFO | ** LogString:
!SecureClientPipeDirect failed: System.IO.IOException Authentication
failed because the remote party has closed the transport stream. for
pipe (CN=*.optimizely.com,O=DO_NOT_TRUST_BC,OU=Created by
07001)

从我在过去几天读到的试图为此找到解决方案的内容来看,原因是设备上不信任的证书.

这些测试使用他们提供的名为BrowserStack Local的功能在BrowserStack上运行.有关它的详细信息是here和here.

现在我的问题可以分为桌面和移动：

>为什么Chrome和Firefox能够发出HTTPS请求,而IE,Edge和Safari却无法做到这一点？
>对于iOS,特别是有一个Fiddler for iOS文档here,指定了配置设备所需的步骤.但是,正如我已经提到的,我不使用内部iOS设备,而是使用BrowserStack提供的物理设备.有没有办法以编程方式信任iOS设备(iOS 9.x,iOS 10.x,iOS 11.x)上的证书？

我可以使用任何变通方法吗？

编辑：
FiddlerCore and BrowserStack Local logs are here.