Step 1: fiddler sends a handshake request to the server, obtains the server's CA certificate, decrypts it with the root certificate public key, verifies the server data signature, and obtains the server's CA certificate public key.
In the second step, fiddler forged his own CA certificate and passed it to the client browser as a server certificate. The client browser did the same as fiddler.
In the third step, the client browser generates the symmetric key of https communication, encrypts it with the certificate public key forged by fiddler, transmits it to the server, and is intercepted by fiddler.
Step 4, fiddler decrypts the intercepted ciphertext with the private key of its forged certificate to obtain the symmetric key of https communication.
Step 5, fiddler encrypts the symmetric key with the public key of the server certificate and sends the symmetric key to the server. After the server unlocks with the private key, it establishes trust, completes the handshake, encrypts the message with the symmetric key, and starts communication.
Step 6, fiddler receives the ciphertext sent by the server and decrypts it with a symmetric key to obtain the plaintext sent by the server. Encrypt again and send it to the client browser.
Step 7, the client sends a message to the server, encrypts it with a symmetric key, and decrypts it after being intercepted by fidller to get plaintext.
Because fiddler always has a symmetric key for communication, the information is transparent to it during the whole https communication process.