Is there a way to inspect HTTPS traffic from Flex applications compiled to SWF files?
I'm trying to use Fiddler for this, have added DO_NOT_TRUST_FiddlerRoot to my Trusted Root Certification Authorities so my IE now can access other HTML sites that would normally complain about untrusted certificate. However, the HTTPS traffic from the SWF file still doesn't appear in Fiddler and, in fact, the Flex app wouldn't work (HTTPS with a self-signed certificate is not supported by Flex apps I believe). Is there a way around it?
Update: To be clear, I am interested in the traffic between the SWF file running under Flash Player and the server (typically, Flex components like HTTPService will be used for this). The SWF file itself can be served via HTTP or HTTPS, it doesn't really matter.
Clarification 2: Don't assume that the source code is available for the SWF file. If it was, Flash Builder 4's Network Monitor could be used.
(I am assessing possible security risks for my client just to be clear about my intentions.)
Best Answer
Try Charles Proxy it works with both HTTPS and AMF. There's a free version with some minor annoyances. To get it working with ssl you need to go to Proxy->Proxy Settings->SSL and add the domain which traffic you want to monitor.
---- From the comment ----
If you have the original certificate, you can set it up in Proxy->SSL Certificate, and it will be ued by Charles, which should lead to no more errors (as the proxy will have the proper certificate).