CONNECT amp.azure.net:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 Connection: keep-alive Connection: keep-alive Host: amp.azure.net:443 A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) Random: 62 29 BA D1 4D C3 6E 94 58 AC CF 2E 23 C8 86 53 42 38 FE 07 E6 92 D3 D6 AA CF 54 26 73 97 60 5F "Time": 7/2/2081 5:03:54 AM SessionID: 2C 03 43 32 39 E8 25 CF 15 EE F2 26 6F 42 8F 1A 4D 77 16 FB 67 59 48 34 8C 5C CE 48 15 7B 0A 57 Extensions: server_name amp.azure.net extended_master_secret empty renegotiation_info 00 elliptic_curves unknown [0x1D), secp256r1 [0x17], secp384r1 [0x18], secp521r1 [0x19] ec_point_formats uncompressed [0x0] SessionTicket empty ALPN h2, http/1.1 status_request OCSP - Implicit Responder SignedCertTimestamp (RFC6962) empty 0xff03 empty signature_algs sha256_ecdsa, sha384_ecdsa, sha512_ecdsa, Unknown[0x8]_Unknown[0x4], Unknown[0x8]_Unknown[0x5], Unknown[0x8]_Unknown[0x6], sha256_rsa, sha384_rsa, sha512_rsa, sha1_ecdsa, sha1_rsa Ciphers: [C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [CCA9] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 [CCA8] TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 [C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA [C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA [C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [0033] TLS_DHE_RSA_WITH_AES_128_SHA [0039] TLS_DHE_RSA_WITH_AES_256_SHA [002F] TLS_RSA_AES_128_SHA [0035] TLS_RSA_AES_256_SHA [000A] SSL_RSA_WITH_3DES_EDE_SHA Compression: [00] NO_COMPRESSION HTTP/1.1 200 Connection Established FiddlerGateway: Direct StartTime: 15:53:31.737 Connection: close This is a CONNECT tunnel, through which encrypted HTTPS traffic flows. To view the encrypted sessions inside this tunnel, enable the Tools > Fiddler Options > HTTPS > Decrypt HTTPS traffic option. A SSLv3-compatible ServerHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) SessionID: empty Random: 8F EC DC 0B 0E 5C 56 EE 58 73 C5 14 BF 3D 89 A6 22 7E 54 2A 84 4E BC 77 9F 2D 2D E0 07 78 E4 AA Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [0xC030] CompressionSuite: NO_COMPRESSION [0x00] Extensions: renegotiation_info 00 ec_point_formats uncompressed [0x0], ansiX962_compressed_prime [0x1], ansiX962_compressed_char2 [0x2] SessionTicket empty status_request (OCSP-stapling) empty ALPN h2 ------------------------------------------------------------------ CONNECT powerbicdn.azureedge.net:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 Connection: keep-alive Connection: keep-alive Host: powerbicdn.azureedge.net:443 A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) Random: A1 03 34 C4 48 61 52 51 3B E3 2F 9D 31 FA 81 65 E5 AD E6 64 76 14 AE 06 3D F4 C7 99 EE E9 9D 20 "Time": 4/24/2074 2:35:37 AM SessionID: BB 8C 13 FC 1F E1 6A F4 CE 82 F4 0C DE E3 41 98 1D FA 22 B5 86 85 03 9E EC 23 52 AB 1A 81 DB 84 Extensions: server_name powerbicdn.azureedge.net extended_master_secret empty renegotiation_info 00 elliptic_curves unknown [0x1D), secp256r1 [0x17], secp384r1 [0x18], secp521r1 [0x19] ec_point_formats uncompressed [0x0] SessionTicket empty ALPN h2, http/1.1 status_request OCSP - Implicit Responder SignedCertTimestamp (RFC6962) empty 0xff03 empty signature_algs sha256_ecdsa, sha384_ecdsa, sha512_ecdsa, Unknown[0x8]_Unknown[0x4], Unknown[0x8]_Unknown[0x5], Unknown[0x8]_Unknown[0x6], sha256_rsa, sha384_rsa, sha512_rsa, sha1_ecdsa, sha1_rsa Ciphers: [C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [CCA9] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 [CCA8] TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 [C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA [C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA [C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [0033] TLS_DHE_RSA_WITH_AES_128_SHA [0039] TLS_DHE_RSA_WITH_AES_256_SHA [002F] TLS_RSA_AES_128_SHA [0035] TLS_RSA_AES_256_SHA [000A] SSL_RSA_WITH_3DES_EDE_SHA Compression: [00] NO_COMPRESSION HTTP/1.1 200 Connection Established FiddlerGateway: Direct StartTime: 15:53:31.744 Connection: close EndTime: 15:53:32.040 ClientToServerBytes: 900 ServerToClientBytes: 9293 This is a CONNECT tunnel, through which encrypted HTTPS traffic flows. To view the encrypted sessions inside this tunnel, enable the Tools > Fiddler Options > HTTPS > Decrypt HTTPS traffic option. A SSLv3-compatible ServerHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) SessionID: empty Random: 83 D9 87 65 77 F0 5E A9 80 53 5C 54 1E 60 AE 9C BF AC 5E B4 C8 0D C2 01 72 FC 4E C8 BE 07 46 E1 Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [0xC030] CompressionSuite: NO_COMPRESSION [0x00] Extensions: renegotiation_info 00 ec_point_formats uncompressed [0x0], ansiX962_compressed_prime [0x1], ansiX962_compressed_char2 [0x2] SessionTicket empty status_request (OCSP-stapling) empty ALPN http/1.1 ------------------------------------------------------------------ CONNECT powerbicdn.azureedge.net:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 Connection: keep-alive Connection: keep-alive Host: powerbicdn.azureedge.net:443 A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) Random: 23 AB 6D 3A 24 27 A5 0A 47 D6 7C FD 91 A8 07 72 E2 F5 58 93 6A 30 5E E5 E1 E2 6A 10 5E AA AC 06 "Time": 1/23/2001 9:32:43 PM SessionID: BB 8C 13 FC 1F E1 6A F4 CE 82 F4 0C DE E3 41 98 1D FA 22 B5 86 85 03 9E EC 23 52 AB 1A 81 DB 84 Extensions: server_name powerbicdn.azureedge.net extended_master_secret empty renegotiation_info 00 elliptic_curves unknown [0x1D), secp256r1 [0x17], secp384r1 [0x18], secp521r1 [0x19] ec_point_formats uncompressed [0x0] SessionTicket empty ALPN h2, http/1.1 status_request OCSP - Implicit Responder SignedCertTimestamp (RFC6962) empty 0xff03 empty signature_algs sha256_ecdsa, sha384_ecdsa, sha512_ecdsa, Unknown[0x8]_Unknown[0x4], Unknown[0x8]_Unknown[0x5], Unknown[0x8]_Unknown[0x6], sha256_rsa, sha384_rsa, sha512_rsa, sha1_ecdsa, sha1_rsa Ciphers: [C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [CCA9] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 [CCA8] TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 [C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA [C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA [C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [0033] TLS_DHE_RSA_WITH_AES_128_SHA [0039] TLS_DHE_RSA_WITH_AES_256_SHA [002F] TLS_RSA_AES_128_SHA [0035] TLS_RSA_AES_256_SHA [000A] SSL_RSA_WITH_3DES_EDE_SHA Compression: [00] NO_COMPRESSION HTTP/1.1 200 Connection Established FiddlerGateway: Direct StartTime: 15:53:31.745 Connection: close EndTime: 15:53:32.056 ClientToServerBytes: 884 ServerToClientBytes: 9293 This is a CONNECT tunnel, through which encrypted HTTPS traffic flows. To view the encrypted sessions inside this tunnel, enable the Tools > Fiddler Options > HTTPS > Decrypt HTTPS traffic option. A SSLv3-compatible ServerHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) SessionID: empty Random: 0E 89 D5 D9 C7 A4 AE 5A F0 55 62 A3 4F 5D E2 1D 1E 98 98 C0 5F E2 E5 16 B5 13 5C 5B 19 47 9F 0A Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [0xC030] CompressionSuite: NO_COMPRESSION [0x00] Extensions: renegotiation_info 00 ec_point_formats uncompressed [0x0], ansiX962_compressed_prime [0x1], ansiX962_compressed_char2 [0x2] SessionTicket empty status_request (OCSP-stapling) empty ALPN http/1.1 ------------------------------------------------------------------ CONNECT powerbicdn.azureedge.net:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 Connection: keep-alive Connection: keep-alive Host: powerbicdn.azureedge.net:443 A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) Random: 66 14 20 CC F6 82 28 04 43 F2 09 DB 55 27 2A DF 20 2B 4A 58 38 78 01 71 68 2F 58 56 2A 87 B7 9A "Time": 7/10/2078 10:23:58 AM SessionID: BB 8C 13 FC 1F E1 6A F4 CE 82 F4 0C DE E3 41 98 1D FA 22 B5 86 85 03 9E EC 23 52 AB 1A 81 DB 84 Extensions: server_name powerbicdn.azureedge.net extended_master_secret empty renegotiation_info 00 elliptic_curves unknown [0x1D), secp256r1 [0x17], secp384r1 [0x18], secp521r1 [0x19] ec_point_formats uncompressed [0x0] SessionTicket empty ALPN h2, http/1.1 status_request OCSP - Implicit Responder SignedCertTimestamp (RFC6962) empty 0xff03 empty signature_algs sha256_ecdsa, sha384_ecdsa, sha512_ecdsa, Unknown[0x8]_Unknown[0x4], Unknown[0x8]_Unknown[0x5], Unknown[0x8]_Unknown[0x6], sha256_rsa, sha384_rsa, sha512_rsa, sha1_ecdsa, sha1_rsa Ciphers: [C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [CCA9] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 [CCA8] TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 [C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA [C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA [C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [0033] TLS_DHE_RSA_WITH_AES_128_SHA [0039] TLS_DHE_RSA_WITH_AES_256_SHA [002F] TLS_RSA_AES_128_SHA [0035] TLS_RSA_AES_256_SHA [000A] SSL_RSA_WITH_3DES_EDE_SHA Compression: [00] NO_COMPRESSION HTTP/1.1 200 Connection Established FiddlerGateway: Direct StartTime: 15:53:31.749 Connection: close This is a CONNECT tunnel, through which encrypted HTTPS traffic flows. To view the encrypted sessions inside this tunnel, enable the Tools > Fiddler Options > HTTPS > Decrypt HTTPS traffic option. A SSLv3-compatible ServerHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) SessionID: empty Random: 88 9A E0 81 0D BC 24 6E 28 A3 6D E2 2B F4 4D 8A DA 65 A3 C3 2F BC 88 54 F8 78 AD EC 6E 67 D9 D6 Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [0xC030] CompressionSuite: NO_COMPRESSION [0x00] Extensions: renegotiation_info 00 ec_point_formats uncompressed [0x0], ansiX962_compressed_prime [0x1], ansiX962_compressed_char2 [0x2] SessionTicket empty status_request (OCSP-stapling) empty ALPN h2 ------------------------------------------------------------------ CONNECT cdn3.optimizely.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 Connection: keep-alive Connection: keep-alive Host: cdn3.optimizely.com:443 A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) Random: 1C 53 CE F2 69 97 14 BD 08 8C E2 78 60 9C 4B 52 26 D7 4B 2E AD 0F 0C 03 4A 93 9B D6 78 AA 01 40 "Time": 2/1/2099 11:16:04 AM SessionID: 2E E1 91 6C 3A D0 E2 49 58 6F 40 82 58 22 52 58 EC 42 58 43 66 80 DA AA A9 9F 4C DC 0F B5 E8 EC Extensions: padding 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 server_name cdn3.optimizely.com extended_master_secret empty renegotiation_info 00 elliptic_curves unknown [0x1D), secp256r1 [0x17], secp384r1 [0x18], secp521r1 [0x19] ec_point_formats uncompressed [0x0] SessionTicket 00 00 19 F0 A7 22 8E B6 13 51 21 86 25 8C 3F 4F D3 EF D6 2E BA 87 6F 4C B6 2B D7 31 20 A2 05 E8 E8 28 E4 E6 90 F0 E9 FA FE 59 58 36 64 60 9A 1C 41 5D 18 7C 77 74 A5 B3 F8 F3 2B 4C D3 38 8D 30 60 17 40 2A 34 EE 79 AB 0B 85 60 93 E6 47 ED 98 2C F1 39 BC F2 27 CA 59 18 64 CC D9 ED 26 85 48 DC 5B 7F E5 2B F9 99 70 78 2B 3E 71 04 28 2C A2 A0 64 E3 2A 16 AD 0F E6 D9 54 6E CF 64 06 B2 0D 52 27 92 04 3F 88 15 FD 6B ED 55 14 AD 44 74 35 FD BC A3 EC 88 B2 01 C1 EC 73 C4 0F 14 4F BA 35 25 E7 B9 C5 EC BC 1A A9 04 BA C5 DC EE B1 FF 8F ALPN h2, http/1.1 status_request OCSP - Implicit Responder SignedCertTimestamp (RFC6962) empty 0xff03 empty signature_algs sha256_ecdsa, sha384_ecdsa, sha512_ecdsa, Unknown[0x8]_Unknown[0x4], Unknown[0x8]_Unknown[0x5], Unknown[0x8]_Unknown[0x6], sha256_rsa, sha384_rsa, sha512_rsa, sha1_ecdsa, sha1_rsa Ciphers: [C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [CCA9] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 [CCA8] TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 [C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA [C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA [C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [0033] TLS_DHE_RSA_WITH_AES_128_SHA [0039] TLS_DHE_RSA_WITH_AES_256_SHA [002F] TLS_RSA_AES_128_SHA [0035] TLS_RSA_AES_256_SHA [000A] SSL_RSA_WITH_3DES_EDE_SHA Compression: [00] NO_COMPRESSION HTTP/1.1 200 Connection Established FiddlerGateway: Direct StartTime: 15:53:32.712 Connection: close This is a CONNECT tunnel, through which encrypted HTTPS traffic flows. To view the encrypted sessions inside this tunnel, enable the Tools > Fiddler Options > HTTPS > Decrypt HTTPS traffic option. A SSLv3-compatible ServerHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) SessionID: 2E E1 91 6C 3A D0 E2 49 58 6F 40 82 58 22 52 58 EC 42 58 43 66 80 DA AA A9 9F 4C DC 0F B5 E8 EC Random: E6 9E DC 7F 5A 94 18 46 09 3B 59 BB 73 4B 11 D9 06 3E A1 06 9C 61 FD 4F 2C 77 A0 2D 05 47 4A DB Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [0xC030] CompressionSuite: NO_COMPRESSION [0x00] Extensions: renegotiation_info 00 ALPN http/1.1 ------------------------------------------------------------------ CONNECT cdn.mxpnl.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 Connection: keep-alive Connection: keep-alive Host: cdn.mxpnl.com:443 A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) Random: 07 82 B2 C3 DC 37 4F E4 AC 1F D1 FD AE EE 91 73 14 B6 4D E3 C6 68 11 5F 33 47 FF A6 F2 2E BA 28 "Time": 1/15/2074 9:00:15 PM SessionID: 75 BB ED 01 8B 04 47 B9 18 0B 89 EF 5B D3 85 A4 3F 6C A3 AE BE F3 0E 84 58 3E D9 CE 58 DF A2 CA Extensions: padding 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 server_name cdn.mxpnl.com extended_master_secret empty renegotiation_info 00 elliptic_curves unknown [0x1D), secp256r1 [0x17], secp384r1 [0x18], secp521r1 [0x19] ec_point_formats uncompressed [0x0] SessionTicket 00 00 21 06 5B 25 39 FF AE 65 FD 0C 76 AC 86 EF 0D B1 11 CD F4 49 BC 4A 28 5B 44 CC 95 71 37 EC 43 91 6B 71 F5 B7 84 A2 FD 62 20 13 A5 07 01 0C F5 63 6F 1E CE A7 17 2E E0 25 04 2F C1 3B E8 08 B9 2A 07 6F FF A8 C7 D0 44 F0 13 4E 1B B5 45 5A 5A DB 57 AA B8 36 0B D9 58 F3 9B AE CC E7 C9 02 B0 1F EB 38 42 DC 27 26 18 6C 85 E7 59 D8 DB FD 33 F3 F3 44 D3 A4 E2 B8 DF B7 C3 81 89 F8 AE 0B 1C 6A B0 6F EF E7 46 CF CF 3C A0 CA 0E A7 BB 5E ED 5C D4 DF 63 C0 9E BB 95 81 FD 6F AB 3A 0D 8A 70 B0 47 79 C8 AF 47 8A A4 BE 4B EC 7A E2 61 2F ALPN h2, http/1.1 status_request OCSP - Implicit Responder SignedCertTimestamp (RFC6962) empty 0xff03 empty signature_algs sha256_ecdsa, sha384_ecdsa, sha512_ecdsa, Unknown[0x8]_Unknown[0x4], Unknown[0x8]_Unknown[0x5], Unknown[0x8]_Unknown[0x6], sha256_rsa, sha384_rsa, sha512_rsa, sha1_ecdsa, sha1_rsa Ciphers: [C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [CCA9] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 [CCA8] TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 [C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA [C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA [C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [0033] TLS_DHE_RSA_WITH_AES_128_SHA [0039] TLS_DHE_RSA_WITH_AES_256_SHA [002F] TLS_RSA_AES_128_SHA [0035] TLS_RSA_AES_256_SHA [000A] SSL_RSA_WITH_3DES_EDE_SHA Compression: [00] NO_COMPRESSION HTTP/1.1 200 Connection Established FiddlerGateway: Direct StartTime: 15:53:32.845 Connection: close This is a CONNECT tunnel, through which encrypted HTTPS traffic flows. To view the encrypted sessions inside this tunnel, enable the Tools > Fiddler Options > HTTPS > Decrypt HTTPS traffic option. A SSLv3-compatible ServerHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) SessionID: 75 BB ED 01 8B 04 47 B9 18 0B 89 EF 5B D3 85 A4 3F 6C A3 AE BE F3 0E 84 58 3E D9 CE 58 DF A2 CA Random: 94 6F F2 56 21 47 D1 B1 85 35 84 B3 B4 91 3B 60 7A E1 FC 76 10 8E A1 8A 77 58 EF 4D D3 6A E4 40 Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [0xC030] CompressionSuite: NO_COMPRESSION [0x00] Extensions: renegotiation_info 00 ALPN http/1.1 ------------------------------------------------------------------ CONNECT log.olark.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 Connection: keep-alive Connection: keep-alive Host: log.olark.com:443 A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) Random: 63 DE 4E 64 F2 3A C6 91 FA 8F 29 E5 F4 57 FF 64 A1 7E D9 04 1A E2 34 FE BE 41 FE 8E 44 1D 40 8E "Time": 5/1/2023 3:02:19 AM SessionID: empty Extensions: server_name log.olark.com extended_master_secret empty renegotiation_info 00 elliptic_curves unknown [0x1D), secp256r1 [0x17], secp384r1 [0x18], secp521r1 [0x19] ec_point_formats uncompressed [0x0] SessionTicket empty ALPN h2, http/1.1 status_request OCSP - Implicit Responder SignedCertTimestamp (RFC6962) empty 0xff03 empty signature_algs sha256_ecdsa, sha384_ecdsa, sha512_ecdsa, Unknown[0x8]_Unknown[0x4], Unknown[0x8]_Unknown[0x5], Unknown[0x8]_Unknown[0x6], sha256_rsa, sha384_rsa, sha512_rsa, sha1_ecdsa, sha1_rsa Ciphers: [C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [CCA9] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 [CCA8] TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 [C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA [C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA [C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [0033] TLS_DHE_RSA_WITH_AES_128_SHA [0039] TLS_DHE_RSA_WITH_AES_256_SHA [002F] TLS_RSA_AES_128_SHA [0035] TLS_RSA_AES_256_SHA [000A] SSL_RSA_WITH_3DES_EDE_SHA Compression: [00] NO_COMPRESSION HTTP/1.1 200 Connection Established FiddlerGateway: Direct StartTime: 15:53:34.344 Connection: close This is a CONNECT tunnel, through which encrypted HTTPS traffic flows. To view the encrypted sessions inside this tunnel, enable the Tools > Fiddler Options > HTTPS > Decrypt HTTPS traffic option. A SSLv3-compatible ServerHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) SessionID: empty Random: 58 D4 F3 A5 71 AF 6B 43 12 37 FC 2D D9 50 5F FB 9A 96 AD B8 45 3F 9D DA 1B 7E 77 C8 7F EC DC 75 Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [0xC02F] CompressionSuite: NO_COMPRESSION [0x00] Extensions: renegotiation_info 00 extended_master_secret empty SessionTicket empty ALPN h2 ec_point_formats uncompressed [0x0] ------------------------------------------------------------------ CONNECT portal.office.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 Connection: keep-alive Connection: keep-alive Host: portal.office.com:443 A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) Random: BE F0 2E E4 FD E8 51 61 F2 E1 03 65 38 7C A0 9D 93 5E A3 8C FF A8 31 93 FD C3 2B 81 8D C7 CA 83 "Time": 4/25/2091 1:02:14 AM SessionID: AA 04 00 00 6B 2A AC D5 E9 3B D0 D2 0E 1F EF 07 48 94 8D 40 78 5F AE 8E 96 CD FA B3 7D AC 9A A4 Extensions: server_name portal.office.com extended_master_secret empty renegotiation_info 00 elliptic_curves unknown [0x1D), secp256r1 [0x17], secp384r1 [0x18], secp521r1 [0x19] ec_point_formats uncompressed [0x0] SessionTicket empty ALPN h2, http/1.1 status_request OCSP - Implicit Responder SignedCertTimestamp (RFC6962) empty 0xff03 empty signature_algs sha256_ecdsa, sha384_ecdsa, sha512_ecdsa, Unknown[0x8]_Unknown[0x4], Unknown[0x8]_Unknown[0x5], Unknown[0x8]_Unknown[0x6], sha256_rsa, sha384_rsa, sha512_rsa, sha1_ecdsa, sha1_rsa Ciphers: [C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [CCA9] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 [CCA8] TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 [C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA [C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA [C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [0033] TLS_DHE_RSA_WITH_AES_128_SHA [0039] TLS_DHE_RSA_WITH_AES_256_SHA [002F] TLS_RSA_AES_128_SHA [0035] TLS_RSA_AES_256_SHA [000A] SSL_RSA_WITH_3DES_EDE_SHA Compression: [00] NO_COMPRESSION HTTP/1.1 200 Connection Established FiddlerGateway: Direct StartTime: 15:53:43.687 Connection: close This is a CONNECT tunnel, through which encrypted HTTPS traffic flows. To view the encrypted sessions inside this tunnel, enable the Tools > Fiddler Options > HTTPS > Decrypt HTTPS traffic option. A SSLv3-compatible ServerHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) SessionID: 4F 36 00 00 CF D6 24 C3 06 79 80 B8 94 AF 4D 0C 5F 53 DB 30 B7 35 15 B7 9F AA 87 5B C0 98 33 67 Random: 58 D4 F3 AE 40 80 80 53 27 09 A3 87 C6 B6 2F 0B 79 66 17 75 18 21 66 6C 42 A7 FD CD 55 AB CF 4F Cipher: TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [0xC014] CompressionSuite: NO_COMPRESSION [0x00] Extensions: status_request (OCSP-stapling) empty extended_master_secret empty renegotiation_info 00 ------------------------------------------------------------------ GET http://detectportal.firefox.com/success.txt HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 Accept: */* Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive HTTP/1.1 200 OK Content-Type: text/plain Content-Length: 8 Connection: keep-alive Date: Wed, 21 Sep 2016 14:42:38 GMT Last-Modified: Thu, 28 Aug 2014 18:12:25 GMT ETag: "ae780585f49b94ce1444eb7d28906123" Cache-Control: no-store, no-cache, must-revalidate, max-age=0 Accept-Ranges: bytes Server: AmazonS3 Age: 11075 X-Cache: Hit from cloudfront Via: 1.1 ab125581acf8fb81cf04326a31a01b39.cloudfront.net (CloudFront) X-Amz-Cf-Id: 4t3IEWjlhj8sSwmKjab7oN12w-8LHlie4Tzo7Cb4LbzQXdPh96JKmg== success ------------------------------------------------------------------ CONNECT portal.office.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 Connection: keep-alive Connection: keep-alive Host: portal.office.com:443 A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) Random: A2 D3 F7 E1 E6 F2 17 7E 1C 07 CF A0 33 B1 80 34 B7 04 17 33 18 F9 85 C3 A7 1F 62 3A 40 79 AC F1 "Time": 2/18/2090 9:02:50 PM SessionID: 4F 36 00 00 CF D6 24 C3 06 79 80 B8 94 AF 4D 0C 5F 53 DB 30 B7 35 15 B7 9F AA 87 5B C0 98 33 67 Extensions: server_name portal.office.com extended_master_secret empty renegotiation_info 00 elliptic_curves unknown [0x1D), secp256r1 [0x17], secp384r1 [0x18], secp521r1 [0x19] ec_point_formats uncompressed [0x0] SessionTicket empty ALPN h2, http/1.1 status_request OCSP - Implicit Responder SignedCertTimestamp (RFC6962) empty 0xff03 empty signature_algs sha256_ecdsa, sha384_ecdsa, sha512_ecdsa, Unknown[0x8]_Unknown[0x4], Unknown[0x8]_Unknown[0x5], Unknown[0x8]_Unknown[0x6], sha256_rsa, sha384_rsa, sha512_rsa, sha1_ecdsa, sha1_rsa Ciphers: [C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [CCA9] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 [CCA8] TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 [C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA [C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA [C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [0033] TLS_DHE_RSA_WITH_AES_128_SHA [0039] TLS_DHE_RSA_WITH_AES_256_SHA [002F] TLS_RSA_AES_128_SHA [0035] TLS_RSA_AES_256_SHA [000A] SSL_RSA_WITH_3DES_EDE_SHA Compression: [00] NO_COMPRESSION HTTP/1.1 200 Connection Established FiddlerGateway: Direct StartTime: 15:53:46.013 Connection: close EndTime: 15:54:50.434 ClientToServerBytes: 3765 ServerToClientBytes: 8389 This is a CONNECT tunnel, through which encrypted HTTPS traffic flows. To view the encrypted sessions inside this tunnel, enable the Tools > Fiddler Options > HTTPS > Decrypt HTTPS traffic option. A SSLv3-compatible ServerHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) SessionID: B1 36 00 00 24 9B 2F 8A BB 83 67 58 3B A5 1C 05 11 4F 7C B9 34 24 63 04 73 3E CB 27 23 50 6E D5 Random: 58 D4 F3 B1 2F 52 BE EF 9C 7B DD 2B 20 9E 3A 37 2E A8 A3 73 E7 E1 A8 5F 1D C9 03 3E 10 D4 EC D8 Cipher: TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [0xC014] CompressionSuite: NO_COMPRESSION [0x00] Extensions: status_request (OCSP-stapling) empty extended_master_secret empty renegotiation_info 00 ------------------------------------------------------------------ CONNECT login.microsoftonline.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 Connection: keep-alive Connection: keep-alive Host: login.microsoftonline.com:443 A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) Random: 80 FE 19 DC 9E C7 8D 7F 31 94 4C D5 9F D9 7C 0E EE 20 33 7A 1F 3C BB 4B 7D EC CD 02 B7 A8 58 05 "Time": 1/6/2087 5:01:12 PM SessionID: 84 1F 00 00 7C 59 57 6F AB 02 85 51 08 EA 08 31 87 35 74 DA 5A C2 20 2F 64 CE 1D 35 9F F0 F9 A3 Extensions: server_name login.microsoftonline.com extended_master_secret empty renegotiation_info 00 elliptic_curves unknown [0x1D), secp256r1 [0x17], secp384r1 [0x18], secp521r1 [0x19] ec_point_formats uncompressed [0x0] SessionTicket empty ALPN h2, http/1.1 status_request OCSP - Implicit Responder SignedCertTimestamp (RFC6962) empty 0xff03 empty signature_algs sha256_ecdsa, sha384_ecdsa, sha512_ecdsa, Unknown[0x8]_Unknown[0x4], Unknown[0x8]_Unknown[0x5], Unknown[0x8]_Unknown[0x6], sha256_rsa, sha384_rsa, sha512_rsa, sha1_ecdsa, sha1_rsa Ciphers: [C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [CCA9] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 [CCA8] TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 [C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA [C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA [C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [0033] TLS_DHE_RSA_WITH_AES_128_SHA [0039] TLS_DHE_RSA_WITH_AES_256_SHA [002F] TLS_RSA_AES_128_SHA [0035] TLS_RSA_AES_256_SHA [000A] SSL_RSA_WITH_3DES_EDE_SHA Compression: [00] NO_COMPRESSION HTTP/1.1 200 Connection Established FiddlerGateway: Direct StartTime: 15:53:55.101 Connection: close This is a CONNECT tunnel, through which encrypted HTTPS traffic flows. To view the encrypted sessions inside this tunnel, enable the Tools > Fiddler Options > HTTPS > Decrypt HTTPS traffic option. A SSLv3-compatible ServerHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) SessionID: 10 3B 00 00 49 03 5E 70 D9 9D AF 51 1D 98 AF 11 9E 58 F6 22 F8 12 FF 6A 2F B3 4D 07 E8 98 FB 49 Random: 58 D4 F3 B8 9D F5 6F 85 6C BF 9F A5 37 D1 4D 71 4D 4E 26 F3 42 C8 94 DC 61 86 04 82 2D E5 68 62 Cipher: TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [0xC014] CompressionSuite: NO_COMPRESSION [0x00] Extensions: extended_master_secret empty renegotiation_info 00 server_name empty ------------------------------------------------------------------ CONNECT secure.aadcdn.microsoftonline-p.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 Connection: keep-alive Connection: keep-alive Host: secure.aadcdn.microsoftonline-p.com:443 A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) Random: 64 FF 99 CD CB 1C 24 CF CB 17 25 7D 21 F0 F1 CC 9A 00 1D D0 D6 8B 31 33 11 D7 7C 01 2D 16 7D 6E "Time": 4/23/2079 2:11:08 AM SessionID: 14 96 FE 47 0A 9F 7F 63 82 7F 70 BA A4 5E 57 B5 7A 46 6D 19 DA 33 4B CA 23 5C 65 22 E4 B6 D6 79 Extensions: padding 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 server_name secure.aadcdn.microsoftonline-p.com extended_master_secret empty renegotiation_info 00 elliptic_curves unknown [0x1D), secp256r1 [0x17], secp384r1 [0x18], secp521r1 [0x19] ec_point_formats uncompressed [0x0] SessionTicket 00 00 0F B1 AA 31 5E 7B 0E 0A CB 52 17 D8 5A 6E EE 04 E4 B2 64 19 BB 67 99 86 DE 68 F5 8E 29 CA 95 D1 2A CE E6 D4 4F 5C 74 31 1E 4E 20 6F D1 58 59 4D 1B 27 10 12 DA 72 F9 57 3E 8D 93 F5 DF 3D EA 55 92 B2 EA 82 96 28 85 AC 18 76 7E CC 84 2B 58 0A 62 32 A9 D7 99 2E 8E 41 A9 E1 F2 87 20 1C F5 78 F6 8F 16 83 DF D9 07 E2 58 4F B8 91 28 DC 27 17 E5 01 09 A3 B4 60 6B 22 16 C6 89 FD DB CA 52 D3 26 8B D9 2E AD EB A0 2B 66 99 F9 2D 37 43 14 84 14 3D 92 AA 02 18 EF A1 62 75 BF D8 EC 37 5D CF 31 C1 01 6F 31 D3 68 57 42 99 5E 93 D2 69 D9 57 5B 64 74 3C 4A 6F A7 32 B6 46 1C 8B 9D D2 ALPN h2, http/1.1 status_request OCSP - Implicit Responder SignedCertTimestamp (RFC6962) empty 0xff03 empty signature_algs sha256_ecdsa, sha384_ecdsa, sha512_ecdsa, Unknown[0x8]_Unknown[0x4], Unknown[0x8]_Unknown[0x5], Unknown[0x8]_Unknown[0x6], sha256_rsa, sha384_rsa, sha512_rsa, sha1_ecdsa, sha1_rsa Ciphers: [C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [CCA9] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 [CCA8] TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 [C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA [C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA [C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [0033] TLS_DHE_RSA_WITH_AES_128_SHA [0039] TLS_DHE_RSA_WITH_AES_256_SHA [002F] TLS_RSA_AES_128_SHA [0035] TLS_RSA_AES_256_SHA [000A] SSL_RSA_WITH_3DES_EDE_SHA Compression: [00] NO_COMPRESSION HTTP/1.1 200 Connection Established FiddlerGateway: Direct StartTime: 15:53:57.817 Connection: close EndTime: 15:53:58.147 ClientToServerBytes: 1178 ServerToClientBytes: 152 This is a CONNECT tunnel, through which encrypted HTTPS traffic flows. To view the encrypted sessions inside this tunnel, enable the Tools > Fiddler Options > HTTPS > Decrypt HTTPS traffic option. A SSLv3-compatible ServerHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) SessionID: 14 96 FE 47 0A 9F 7F 63 82 7F 70 BA A4 5E 57 B5 7A 46 6D 19 DA 33 4B CA 23 5C 65 22 E4 B6 D6 79 Random: 40 A5 FA C0 EE 53 67 FD 23 BE A7 9F A9 BF 1B 58 D8 A1 22 46 68 B6 D1 8F 26 E2 F6 36 1E 00 5D 15 Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [0xC030] CompressionSuite: NO_COMPRESSION [0x00] Extensions: renegotiation_info 00 ALPN http/1.1 ------------------------------------------------------------------ CONNECT c.microsoft.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 Connection: keep-alive Connection: keep-alive Host: c.microsoft.com:443 A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) Random: 91 0B B5 72 DD 97 7C 0C 9E BE 38 73 35 ED F4 33 48 87 A8 10 6B 80 A4 89 7B BD D6 4D A5 47 78 75 "Time": 12/26/2030 3:50:01 AM SessionID: 43 26 47 B3 7A F6 20 9F 1A 39 79 28 3D AE EE C2 1B 5F 7C D6 EA 95 22 47 E6 A3 1E 02 19 9F 6C A9 Extensions: padding 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 server_name c.microsoft.com extended_master_secret empty renegotiation_info 00 elliptic_curves unknown [0x1D), secp256r1 [0x17], secp384r1 [0x18], secp521r1 [0x19] ec_point_formats uncompressed [0x0] SessionTicket 00 00 03 A3 DD 06 CE 9A 76 5B 37 B0 B5 4F CD C6 D5 DA 27 1F 83 40 0F 3C 0A 6E 61 4D 2D 23 90 10 97 87 7D A9 F0 4A 47 22 6A D7 E0 2A 14 A7 77 CA 08 00 6C 55 66 3F DE 90 9D 70 7D 57 81 95 5D 29 1A 94 A7 BE 77 31 98 B6 B4 BF CA 17 42 4C 8A 1D 9D 3B C7 39 A2 CC 27 90 89 14 3B 55 8A 81 20 C9 C9 36 BE D7 B9 7E 7F CC CE 2B 7B 7A 04 C1 0E 57 53 FE A1 D1 F2 09 57 D3 4C 52 71 00 A8 25 4D AF D0 C2 4F 9D C5 61 BD CA F5 A8 57 65 4A 2F AB 60 6F 52 2F 86 B1 0F D4 69 44 63 78 05 73 04 5A 90 74 6B 1A 81 9A D8 26 D6 6C 51 F8 FB 60 0F 2A E4 ALPN h2, http/1.1 status_request OCSP - Implicit Responder SignedCertTimestamp (RFC6962) empty 0xff03 empty signature_algs sha256_ecdsa, sha384_ecdsa, sha512_ecdsa, Unknown[0x8]_Unknown[0x4], Unknown[0x8]_Unknown[0x5], Unknown[0x8]_Unknown[0x6], sha256_rsa, sha384_rsa, sha512_rsa, sha1_ecdsa, sha1_rsa Ciphers: [C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [CCA9] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 [CCA8] TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 [C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA [C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA [C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [0033] TLS_DHE_RSA_WITH_AES_128_SHA [0039] TLS_DHE_RSA_WITH_AES_256_SHA [002F] TLS_RSA_AES_128_SHA [0035] TLS_RSA_AES_256_SHA [000A] SSL_RSA_WITH_3DES_EDE_SHA Compression: [00] NO_COMPRESSION HTTP/1.1 200 Connection Established FiddlerGateway: Direct StartTime: 15:53:59.964 Connection: close EndTime: 15:54:11.381 ClientToServerBytes: 5644 ServerToClientBytes: 757 This is a CONNECT tunnel, through which encrypted HTTPS traffic flows. To view the encrypted sessions inside this tunnel, enable the Tools > Fiddler Options > HTTPS > Decrypt HTTPS traffic option. A SSLv3-compatible ServerHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) SessionID: 43 26 47 B3 7A F6 20 9F 1A 39 79 28 3D AE EE C2 1B 5F 7C D6 EA 95 22 47 E6 A3 1E 02 19 9F 6C A9 Random: 30 B9 12 3A 3D DC FC 24 D4 FE 22 8C BB 23 D2 CC 15 B3 74 50 C7 39 72 0B F4 A9 AD 00 D8 5E C0 F4 Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [0xC030] CompressionSuite: NO_COMPRESSION [0x00] Extensions: renegotiation_info 00 ALPN http/1.1 ------------------------------------------------------------------ CONNECT c1.microsoft.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 Connection: keep-alive Connection: keep-alive Host: c1.microsoft.com:443 A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) Random: 14 DB 5F D2 17 2C 4F C6 D7 E9 31 3F AF B1 CD 86 6A 27 C3 F6 D0 CB A8 7A BD 51 99 95 F7 A0 A8 FB "Time": 11/4/2081 9:26:04 PM SessionID: 7F 04 00 00 65 76 DC D0 DE 22 83 D4 F8 95 14 D4 53 A7 28 A9 12 B3 4D D5 EE 59 86 34 C6 E7 E5 2E Extensions: server_name c1.microsoft.com extended_master_secret empty renegotiation_info 00 elliptic_curves unknown [0x1D), secp256r1 [0x17], secp384r1 [0x18], secp521r1 [0x19] ec_point_formats uncompressed [0x0] SessionTicket empty ALPN h2, http/1.1 status_request OCSP - Implicit Responder SignedCertTimestamp (RFC6962) empty 0xff03 empty signature_algs sha256_ecdsa, sha384_ecdsa, sha512_ecdsa, Unknown[0x8]_Unknown[0x4], Unknown[0x8]_Unknown[0x5], Unknown[0x8]_Unknown[0x6], sha256_rsa, sha384_rsa, sha512_rsa, sha1_ecdsa, sha1_rsa Ciphers: [C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [CCA9] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 [CCA8] TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 [C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA [C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA [C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [0033] TLS_DHE_RSA_WITH_AES_128_SHA [0039] TLS_DHE_RSA_WITH_AES_256_SHA [002F] TLS_RSA_AES_128_SHA [0035] TLS_RSA_AES_256_SHA [000A] SSL_RSA_WITH_3DES_EDE_SHA Compression: [00] NO_COMPRESSION HTTP/1.1 200 Connection Established FiddlerGateway: Direct StartTime: 15:53:59.421 Connection: close EndTime: 15:54:59.124 ClientToServerBytes: 2068 ServerToClientBytes: 4493 This is a CONNECT tunnel, through which encrypted HTTPS traffic flows. To view the encrypted sessions inside this tunnel, enable the Tools > Fiddler Options > HTTPS > Decrypt HTTPS traffic option. A SSLv3-compatible ServerHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) SessionID: CD 2A 00 00 5E 1E 6E 1F 30 2A 49 29 D6 99 D4 01 7C BD 85 77 BE CB AB 47 38 46 BE 8E 17 46 10 A3 Random: 58 D4 F3 BE FB F9 5B 56 BF 2F 26 BA 13 C0 DF 47 6E 1D B7 3E 36 5C 51 4C BE 9D 94 B9 0C 05 32 9F Cipher: TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [0xC014] CompressionSuite: NO_COMPRESSION [0x00] Extensions: extended_master_secret empty renegotiation_info 00 ------------------------------------------------------------------ CONNECT fpt.live-partner.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 Connection: keep-alive Connection: keep-alive Host: fpt.live-partner.com:443 A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) Random: 03 E7 9F A4 BD DC 4F B4 26 15 A1 A3 25 4A 35 A0 F7 E6 86 DF 39 46 6D 22 61 5E 33 BE 17 1E 4E C1 "Time": 7/10/2057 3:49:47 AM SessionID: 43 EF D1 AA 9B 96 67 3F AB 2B 38 40 E0 AA BE 93 5E B4 0B 68 E0 62 F0 DF 44 23 A2 24 1C A1 0B B7 Extensions: padding 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 server_name fpt.live-partner.com extended_master_secret empty renegotiation_info 00 elliptic_curves unknown [0x1D), secp256r1 [0x17], secp384r1 [0x18], secp521r1 [0x19] ec_point_formats uncompressed [0x0] SessionTicket 26 DC 56 2B 05 55 47 DB 18 BC C1 00 E0 28 84 A5 EB 20 E4 2D 53 39 2C 6F 19 00 43 14 5C CB 27 A0 63 03 F5 E2 33 E9 55 73 DB 1F F4 1B D7 AA 58 A3 6B B5 58 9E 70 A2 23 AA B5 9E 1C A3 3B 13 1F 29 62 90 48 59 74 86 6B 82 AA 57 F2 C9 7E 3C 5E F0 E4 01 8D 8A A7 BD F8 7D 20 0A E9 AB 45 D2 B6 96 64 D2 EC 93 8E B2 97 CB EF 3D 2F 65 E4 55 AE 57 84 DE C3 61 44 3F 0B 38 1C 34 DE 9B 33 07 19 C6 7B E7 BC A5 5F 9B E8 43 35 09 55 19 30 2F 1C 7F 83 B9 73 1D B1 48 E9 D3 8E B8 F8 65 3C 0E 35 02 ED AD E3 5B 38 9E 88 94 09 46 90 FC 72 B2 F7 E3 3E 3C 71 19 BD 63 F8 2F AF B2 70 2D CC 8C 71 49 24 67 A4 A8 65 7C 18 36 67 69 7E 8A 1E 08 FC 2E ALPN h2, http/1.1 status_request OCSP - Implicit Responder SignedCertTimestamp (RFC6962) empty 0xff03 empty signature_algs sha256_ecdsa, sha384_ecdsa, sha512_ecdsa, Unknown[0x8]_Unknown[0x4], Unknown[0x8]_Unknown[0x5], Unknown[0x8]_Unknown[0x6], sha256_rsa, sha384_rsa, sha512_rsa, sha1_ecdsa, sha1_rsa Ciphers: [C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [CCA9] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 [CCA8] TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 [C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA [C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA [C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [0033] TLS_DHE_RSA_WITH_AES_128_SHA [0039] TLS_DHE_RSA_WITH_AES_256_SHA [002F] TLS_RSA_AES_128_SHA [0035] TLS_RSA_AES_256_SHA [000A] SSL_RSA_WITH_3DES_EDE_SHA Compression: [00] NO_COMPRESSION HTTP/1.1 200 Connection Established FiddlerGateway: Direct StartTime: 15:54:01.814 Connection: close EndTime: 15:54:04.904 ClientToServerBytes: 1741 ServerToClientBytes: 6734 This is a CONNECT tunnel, through which encrypted HTTPS traffic flows. To view the encrypted sessions inside this tunnel, enable the Tools > Fiddler Options > HTTPS > Decrypt HTTPS traffic option. A SSLv3-compatible ServerHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) SessionID: empty Random: 58 D4 F3 C0 B4 30 ED 62 E1 FD 13 EF 23 20 4F 04 5D 94 50 B4 BC 38 7E BA 08 6A 5C F3 3F 35 F3 72 Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [0xC02F] CompressionSuite: NO_COMPRESSION [0x00] Extensions: server_name empty renegotiation_info 00 ec_point_formats uncompressed [0x0], ansiX962_compressed_prime [0x1], ansiX962_compressed_char2 [0x2] SessionTicket empty ------------------------------------------------------------------ CONNECT fpt.live-partner.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 Connection: keep-alive Connection: keep-alive Host: fpt.live-partner.com:443 A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) Random: 6A 6A F2 42 67 E2 5F 86 5B C5 F5 AA 83 EF 81 1F CC AA 18 5F 90 81 C4 56 DF 07 A0 22 E2 7B 95 DF "Time": 8/5/2005 12:50:10 AM SessionID: EE FE C3 64 A9 74 2B 1E 8E A1 24 B3 A3 A6 33 1A FB 2F 40 AD 41 B0 52 F2 6E A6 47 BE 2C 89 1C D8 Extensions: padding 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 server_name fpt.live-partner.com extended_master_secret empty renegotiation_info 00 elliptic_curves unknown [0x1D), secp256r1 [0x17], secp384r1 [0x18], secp521r1 [0x19] ec_point_formats uncompressed [0x0] SessionTicket 1A 1F CD 48 4A 26 5D D2 DF AD B3 90 84 DE FF 10 4B B5 DD 4D CF 87 6E A3 46 40 90 03 48 A6 41 E8 6C 92 18 65 AA 96 C2 F7 BB E5 9D 9B AB 26 EB 14 9D 9E F3 E1 B0 18 0E 79 B3 45 1F 80 B1 A6 D4 B0 AE 18 A5 E5 42 50 D5 F1 E0 75 BE 9B CD BC 29 DF 99 86 70 AD 46 75 B9 3B 1C 72 23 FE 91 91 E9 BA 21 3C D5 B0 89 66 28 E4 2D 48 88 38 59 F1 AE 5F 83 B9 A6 5E 52 12 15 42 80 12 C0 E8 FC 99 2B 30 81 D5 42 83 0E C9 35 8A 0C E7 AC 67 D1 67 73 BA 04 C8 D9 3C A3 D1 7B A6 61 B7 5F B4 6C D9 2F 75 7E E5 7B F5 51 1B D9 2D 38 3C E4 54 FF D9 D1 BB 98 82 D0 3C A5 03 0A D5 EF 5D C0 DD 0E 31 39 F4 2B 5B EA AD 0E 14 97 E2 68 08 08 7F 29 FF 34 70 ALPN h2, http/1.1 status_request OCSP - Implicit Responder SignedCertTimestamp (RFC6962) empty 0xff03 empty signature_algs sha256_ecdsa, sha384_ecdsa, sha512_ecdsa, Unknown[0x8]_Unknown[0x4], Unknown[0x8]_Unknown[0x5], Unknown[0x8]_Unknown[0x6], sha256_rsa, sha384_rsa, sha512_rsa, sha1_ecdsa, sha1_rsa Ciphers: [C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [CCA9] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 [CCA8] TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 [C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA [C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA [C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [0033] TLS_DHE_RSA_WITH_AES_128_SHA [0039] TLS_DHE_RSA_WITH_AES_256_SHA [002F] TLS_RSA_AES_128_SHA [0035] TLS_RSA_AES_256_SHA [000A] SSL_RSA_WITH_3DES_EDE_SHA Compression: [00] NO_COMPRESSION HTTP/1.1 200 Connection Established FiddlerGateway: Direct StartTime: 15:54:02.886 Connection: close EndTime: 15:54:07.003 ClientToServerBytes: 1712 ServerToClientBytes: 24177 This is a CONNECT tunnel, through which encrypted HTTPS traffic flows. To view the encrypted sessions inside this tunnel, enable the Tools > Fiddler Options > HTTPS > Decrypt HTTPS traffic option. A SSLv3-compatible ServerHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) SessionID: empty Random: 58 D4 F3 C2 6F 94 D6 FD F5 E6 83 8D 6B 45 01 A6 BB 21 16 A0 9D 7A 0D BA 71 1A 73 4F 72 8E E7 9E Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [0xC02F] CompressionSuite: NO_COMPRESSION [0x00] Extensions: server_name empty renegotiation_info 00 ec_point_formats uncompressed [0x0], ansiX962_compressed_prime [0x1], ansiX962_compressed_char2 [0x2] SessionTicket empty ------------------------------------------------------------------ CONNECT fpt.live-partner.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 Connection: keep-alive Connection: keep-alive Host: fpt.live-partner.com:443 A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) Random: 30 99 8E 0C 28 ED BE 7C 00 CA B2 C0 21 05 E4 BF 19 B4 DF B1 37 5E 79 F6 47 25 F2 3B AD 90 09 C7 "Time": 9/4/1976 1:28:40 PM SessionID: EE FE C3 64 A9 74 2B 1E 8E A1 24 B3 A3 A6 33 1A FB 2F 40 AD 41 B0 52 F2 6E A6 47 BE 2C 89 1C D8 Extensions: padding 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 server_name fpt.live-partner.com extended_master_secret empty renegotiation_info 00 elliptic_curves unknown [0x1D), secp256r1 [0x17], secp384r1 [0x18], secp521r1 [0x19] ec_point_formats uncompressed [0x0] SessionTicket 1A 1F CD 48 4A 26 5D D2 DF AD B3 90 84 DE FF 10 4B B5 DD 4D CF 87 6E A3 46 40 90 03 48 A6 41 E8 6C 92 18 65 AA 96 C2 F7 BB E5 9D 9B AB 26 EB 14 9D 9E F3 E1 B0 18 0E 79 B3 45 1F 80 B1 A6 D4 B0 AE 18 A5 E5 42 50 D5 F1 E0 75 BE 9B CD BC 29 DF 99 86 70 AD 46 75 B9 3B 1C 72 23 FE 91 91 E9 BA 21 3C D5 B0 89 66 28 E4 2D 48 88 38 59 F1 AE 5F 83 B9 A6 5E 52 12 15 42 80 12 C0 E8 FC 99 2B 30 81 D5 42 83 0E C9 35 8A 0C E7 AC 67 D1 67 73 BA 04 C8 D9 3C A3 D1 7B A6 61 B7 5F B4 6C D9 2F 75 7E E5 7B F5 51 1B D9 2D 38 3C E4 54 FF D9 D1 BB 98 82 D0 3C A5 03 0A D5 EF 5D C0 DD 0E 31 39 F4 2B 5B EA AD 0E 14 97 E2 68 08 08 7F 29 FF 34 70 ALPN h2, http/1.1 status_request OCSP - Implicit Responder SignedCertTimestamp (RFC6962) empty 0xff03 empty signature_algs sha256_ecdsa, sha384_ecdsa, sha512_ecdsa, Unknown[0x8]_Unknown[0x4], Unknown[0x8]_Unknown[0x5], Unknown[0x8]_Unknown[0x6], sha256_rsa, sha384_rsa, sha512_rsa, sha1_ecdsa, sha1_rsa Ciphers: [C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [CCA9] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 [CCA8] TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 [C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA [C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA [C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [0033] TLS_DHE_RSA_WITH_AES_128_SHA [0039] TLS_DHE_RSA_WITH_AES_256_SHA [002F] TLS_RSA_AES_128_SHA [0035] TLS_RSA_AES_256_SHA [000A] SSL_RSA_WITH_3DES_EDE_SHA Compression: [00] NO_COMPRESSION HTTP/1.1 200 Connection Established FiddlerGateway: Direct StartTime: 15:54:02.901 Connection: close EndTime: 15:54:05.598 ClientToServerBytes: 1093 ServerToClientBytes: 590 This is a CONNECT tunnel, through which encrypted HTTPS traffic flows. To view the encrypted sessions inside this tunnel, enable the Tools > Fiddler Options > HTTPS > Decrypt HTTPS traffic option. A SSLv3-compatible ServerHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) SessionID: EE FE C3 64 A9 74 2B 1E 8E A1 24 B3 A3 A6 33 1A FB 2F 40 AD 41 B0 52 F2 6E A6 47 BE 2C 89 1C D8 Random: 58 D4 F3 C2 11 A4 D9 99 85 3D 45 CA 1C 8C 15 2F 73 14 9B 3C E5 0F 5B 90 FB 85 B1 D0 71 AB 9A 30 Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [0xC02F] CompressionSuite: NO_COMPRESSION [0x00] Extensions: renegotiation_info 00 ------------------------------------------------------------------ CONNECT fpt.live-partner.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 Connection: keep-alive Connection: keep-alive Host: fpt.live-partner.com:443 A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) Random: 95 90 96 E8 E2 7A 7A FA A8 19 A1 CB 32 07 C1 B8 DF DA E8 4C 71 27 D4 F9 05 4F 2C EC D6 CB BA 1B "Time": 8/27/2093 8:48:45 AM SessionID: 3D C5 3B 94 C6 2D 91 8F 59 F0 C6 50 C3 2A C1 64 70 4B E0 5E 61 61 3C 78 A1 88 21 0B 05 91 AF 0A Extensions: padding 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 server_name fpt.live-partner.com extended_master_secret empty renegotiation_info 00 elliptic_curves unknown [0x1D), secp256r1 [0x17], secp384r1 [0x18], secp521r1 [0x19] ec_point_formats uncompressed [0x0] SessionTicket 45 02 42 32 5B 82 73 6A 96 8F 3D 30 90 E2 01 2F D0 35 02 4D B4 FC 58 45 8B 55 38 4D 6D BC D6 18 4E DC E7 B1 C1 1E 16 9D D5 FA 76 69 3F DF F7 74 BF 28 39 6F F8 F6 FF 74 38 26 F2 54 19 88 1A 32 E0 79 97 03 17 A4 A1 EA BD 31 BA 5E D9 82 F6 6B D6 C2 C6 A9 10 15 1A 0C C2 B2 F7 C5 60 66 3F A0 81 E6 50 A4 4D 7C 59 3A D6 15 D0 0C 7E BD D0 49 60 E7 E2 C5 28 EF E3 BE 96 F1 29 2C FF AB 08 19 09 C1 2A CB 0C F2 02 49 14 16 7A 9B CB A8 9E FD F1 4C 8E 22 61 42 BE E8 BF F0 7A 92 F4 CC EA 4F E9 FA D1 97 19 88 0E 49 EA F1 6B 55 D9 DB 57 82 96 F6 1D 42 2A 36 B1 20 E6 67 EA 6B 6F 7A EC 6F FB 89 B2 1A 51 C9 65 6D B9 27 4A 0F 0E 34 9A 08 ALPN h2, http/1.1 status_request OCSP - Implicit Responder SignedCertTimestamp (RFC6962) empty 0xff03 empty signature_algs sha256_ecdsa, sha384_ecdsa, sha512_ecdsa, Unknown[0x8]_Unknown[0x4], Unknown[0x8]_Unknown[0x5], Unknown[0x8]_Unknown[0x6], sha256_rsa, sha384_rsa, sha512_rsa, sha1_ecdsa, sha1_rsa Ciphers: [C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [CCA9] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 [CCA8] TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 [C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA [C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA [C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [0033] TLS_DHE_RSA_WITH_AES_128_SHA [0039] TLS_DHE_RSA_WITH_AES_256_SHA [002F] TLS_RSA_AES_128_SHA [0035] TLS_RSA_AES_256_SHA [000A] SSL_RSA_WITH_3DES_EDE_SHA Compression: [00] NO_COMPRESSION HTTP/1.1 200 Connection Established FiddlerGateway: Direct StartTime: 15:54:07.358 Connection: close EndTime: 15:54:11.697 ClientToServerBytes: 3986 ServerToClientBytes: 10743 This is a CONNECT tunnel, through which encrypted HTTPS traffic flows. To view the encrypted sessions inside this tunnel, enable the Tools > Fiddler Options > HTTPS > Decrypt HTTPS traffic option. A SSLv3-compatible ServerHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) SessionID: empty Random: 58 D4 F3 C6 BB 0A 18 EF 36 DB 85 73 D3 C8 11 5D 05 F7 F8 D2 9D 6E 5F E5 CB 2D 9F 1B C9 54 F0 FD Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [0xC02F] CompressionSuite: NO_COMPRESSION [0x00] Extensions: server_name empty renegotiation_info 00 ec_point_formats uncompressed [0x0], ansiX962_compressed_prime [0x1], ansiX962_compressed_char2 [0x2] SessionTicket empty ------------------------------------------------------------------ CONNECT aa.online-metrix.net:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 Connection: keep-alive Connection: keep-alive Host: aa.online-metrix.net:443 A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) Random: C9 62 30 94 D0 FF EC E2 35 EC 3D 2A E4 C7 AB BA BC E4 FC 02 26 41 45 E1 EA 46 FD B4 EB 45 16 B5 "Time": 10/13/2048 4:19:45 PM SessionID: C7 D0 00 3C 85 83 37 34 1B 78 85 15 9A DA 05 94 8B DF D0 78 37 DD EF 27 6B C1 8F 77 2A C7 76 EA Extensions: server_name aa.online-metrix.net extended_master_secret empty renegotiation_info 00 elliptic_curves unknown [0x1D), secp256r1 [0x17], secp384r1 [0x18], secp521r1 [0x19] ec_point_formats uncompressed [0x0] SessionTicket empty ALPN h2, http/1.1 status_request OCSP - Implicit Responder SignedCertTimestamp (RFC6962) empty 0xff03 empty signature_algs sha256_ecdsa, sha384_ecdsa, sha512_ecdsa, Unknown[0x8]_Unknown[0x4], Unknown[0x8]_Unknown[0x5], Unknown[0x8]_Unknown[0x6], sha256_rsa, sha384_rsa, sha512_rsa, sha1_ecdsa, sha1_rsa Ciphers: [C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [CCA9] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 [CCA8] TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 [C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA [C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA [C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [0033] TLS_DHE_RSA_WITH_AES_128_SHA [0039] TLS_DHE_RSA_WITH_AES_256_SHA [002F] TLS_RSA_AES_128_SHA [0035] TLS_RSA_AES_256_SHA [000A] SSL_RSA_WITH_3DES_EDE_SHA Compression: [00] NO_COMPRESSION HTTP/1.1 200 Connection Established FiddlerGateway: Direct StartTime: 15:54:10.289 Connection: close EndTime: 15:54:12.987 ClientToServerBytes: 1077 ServerToClientBytes: 7854 This is a CONNECT tunnel, through which encrypted HTTPS traffic flows. To view the encrypted sessions inside this tunnel, enable the Tools > Fiddler Options > HTTPS > Decrypt HTTPS traffic option. A SSLv3-compatible ServerHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) SessionID: empty Random: 58 D4 F3 C9 3D C4 0C 75 2D A3 54 81 C8 3D 4F 98 62 21 67 E6 72 5F 50 B1 E9 62 02 65 87 24 3F E1 Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [0xC02F] CompressionSuite: NO_COMPRESSION [0x00] Extensions: server_name empty renegotiation_info 00 ec_point_formats uncompressed [0x0], ansiX962_compressed_prime [0x1], ansiX962_compressed_char2 [0x2] SessionTicket empty ------------------------------------------------------------------ CONNECT fpt.live-partner.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 Connection: keep-alive Connection: keep-alive Host: fpt.live-partner.com:443 A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) Random: 7A 7E 7C F9 12 5F EA 5A 71 07 46 2A 00 BB 0A 7F 6E 6C 40 69 05 88 DE D6 B6 39 DA 75 0B 2A 1F 22 "Time": 8/22/2102 3:57:06 PM SessionID: D3 25 7A D7 CF F1 DC 65 66 83 26 08 D8 BC C3 63 F7 22 E8 E6 6E 47 C1 5E 57 B9 B4 EE 59 85 94 ED Extensions: padding 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 server_name fpt.live-partner.com extended_master_secret empty renegotiation_info 00 elliptic_curves unknown [0x1D), secp256r1 [0x17], secp384r1 [0x18], secp521r1 [0x19] ec_point_formats uncompressed [0x0] SessionTicket 1A 1F CD 48 4A 26 5D D2 DF AD B3 90 84 DE FF 10 BA D7 21 60 8B C9 99 FA 6E 44 E9 2C DE 50 4D 33 31 30 ED B6 AC 0B C5 B3 40 AD C6 5C AF 2F 9E DA 8C 44 3F 57 95 78 6F 8F B1 AB 71 EE A1 9D F0 79 44 B7 F0 D2 84 D4 5F CD C9 A6 A1 FC 9C F4 4D 12 38 FF 91 4C 74 9A 9B A8 89 AA 7B EA C3 A7 3C 16 D6 05 C5 60 6B D2 3E 3F 8A 17 25 55 15 99 5E 17 00 CB 9D DE 2A A1 F0 F4 F2 7E 9A 73 F5 B4 A3 F9 9B 52 E6 11 C4 9F AE C0 96 C3 F1 40 F7 25 F6 9B 1D 8C 47 B3 EC 1D 93 CB 0F 0C 3F E0 1A 7F 1C 19 69 EF FB 36 4D B4 F6 C3 70 1A 3B 7C 8C 53 A5 F9 9F C3 10 87 CF EC DC FC DE 8A AA F4 50 D8 68 8D 68 4F 1B BF F6 91 57 08 FD A8 91 86 6B 3F 25 45 ALPN h2, http/1.1 status_request OCSP - Implicit Responder SignedCertTimestamp (RFC6962) empty 0xff03 empty signature_algs sha256_ecdsa, sha384_ecdsa, sha512_ecdsa, Unknown[0x8]_Unknown[0x4], Unknown[0x8]_Unknown[0x5], Unknown[0x8]_Unknown[0x6], sha256_rsa, sha384_rsa, sha512_rsa, sha1_ecdsa, sha1_rsa Ciphers: [C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [CCA9] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 [CCA8] TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 [C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA [C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA [C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [0033] TLS_DHE_RSA_WITH_AES_128_SHA [0039] TLS_DHE_RSA_WITH_AES_256_SHA [002F] TLS_RSA_AES_128_SHA [0035] TLS_RSA_AES_256_SHA [000A] SSL_RSA_WITH_3DES_EDE_SHA Compression: [00] NO_COMPRESSION HTTP/1.1 200 Connection Established FiddlerGateway: Direct StartTime: 15:54:10.016 Connection: close EndTime: 15:54:12.704 ClientToServerBytes: 2738 ServerToClientBytes: 5192 This is a CONNECT tunnel, through which encrypted HTTPS traffic flows. To view the encrypted sessions inside this tunnel, enable the Tools > Fiddler Options > HTTPS > Decrypt HTTPS traffic option. A SSLv3-compatible ServerHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) SessionID: empty Random: 58 D4 F3 C9 03 B1 3B CF 41 DC FA 47 C4 6C 4E 9D 5F A7 CF A6 5D 79 2C 43 AC A6 34 58 16 17 79 B3 Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [0xC02F] CompressionSuite: NO_COMPRESSION [0x00] Extensions: server_name empty renegotiation_info 00 ec_point_formats uncompressed [0x0], ansiX962_compressed_prime [0x1], ansiX962_compressed_char2 [0x2] SessionTicket empty ------------------------------------------------------------------ CONNECT fpt.live-partner.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 Connection: keep-alive Connection: keep-alive Host: fpt.live-partner.com:443 A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) Random: 8B 60 1F E0 0E 46 98 FE D4 BC B0 61 DD 55 02 3C D2 D7 D7 65 4A 03 83 E3 63 BC 9C B1 92 5A 34 D4 "Time": 2/25/2089 12:21:55 PM SessionID: D3 25 7A D7 CF F1 DC 65 66 83 26 08 D8 BC C3 63 F7 22 E8 E6 6E 47 C1 5E 57 B9 B4 EE 59 85 94 ED Extensions: padding 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 server_name fpt.live-partner.com extended_master_secret empty renegotiation_info 00 elliptic_curves unknown [0x1D), secp256r1 [0x17], secp384r1 [0x18], secp521r1 [0x19] ec_point_formats uncompressed [0x0] SessionTicket 1A 1F CD 48 4A 26 5D D2 DF AD B3 90 84 DE FF 10 BA D7 21 60 8B C9 99 FA 6E 44 E9 2C DE 50 4D 33 31 30 ED B6 AC 0B C5 B3 40 AD C6 5C AF 2F 9E DA 8C 44 3F 57 95 78 6F 8F B1 AB 71 EE A1 9D F0 79 44 B7 F0 D2 84 D4 5F CD C9 A6 A1 FC 9C F4 4D 12 38 FF 91 4C 74 9A 9B A8 89 AA 7B EA C3 A7 3C 16 D6 05 C5 60 6B D2 3E 3F 8A 17 25 55 15 99 5E 17 00 CB 9D DE 2A A1 F0 F4 F2 7E 9A 73 F5 B4 A3 F9 9B 52 E6 11 C4 9F AE C0 96 C3 F1 40 F7 25 F6 9B 1D 8C 47 B3 EC 1D 93 CB 0F 0C 3F E0 1A 7F 1C 19 69 EF FB 36 4D B4 F6 C3 70 1A 3B 7C 8C 53 A5 F9 9F C3 10 87 CF EC DC FC DE 8A AA F4 50 D8 68 8D 68 4F 1B BF F6 91 57 08 FD A8 91 86 6B 3F 25 45 ALPN h2, http/1.1 status_request OCSP - Implicit Responder SignedCertTimestamp (RFC6962) empty 0xff03 empty signature_algs sha256_ecdsa, sha384_ecdsa, sha512_ecdsa, Unknown[0x8]_Unknown[0x4], Unknown[0x8]_Unknown[0x5], Unknown[0x8]_Unknown[0x6], sha256_rsa, sha384_rsa, sha512_rsa, sha1_ecdsa, sha1_rsa Ciphers: [C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [CCA9] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 [CCA8] TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 [C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA [C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA [C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [0033] TLS_DHE_RSA_WITH_AES_128_SHA [0039] TLS_DHE_RSA_WITH_AES_256_SHA [002F] TLS_RSA_AES_128_SHA [0035] TLS_RSA_AES_256_SHA [000A] SSL_RSA_WITH_3DES_EDE_SHA Compression: [00] NO_COMPRESSION HTTP/1.1 200 Connection Established FiddlerGateway: Direct StartTime: 15:54:10.029 Connection: close EndTime: 15:54:12.712 ClientToServerBytes: 1161 ServerToClientBytes: 1691 This is a CONNECT tunnel, through which encrypted HTTPS traffic flows. To view the encrypted sessions inside this tunnel, enable the Tools > Fiddler Options > HTTPS > Decrypt HTTPS traffic option. A SSLv3-compatible ServerHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) SessionID: D3 25 7A D7 CF F1 DC 65 66 83 26 08 D8 BC C3 63 F7 22 E8 E6 6E 47 C1 5E 57 B9 B4 EE 59 85 94 ED Random: 58 D4 F3 C9 9D B7 EE EA F0 B7 82 02 BA B3 AD FA B9 81 14 1B 6D 82 36 A4 EB 3F 6C C4 A5 E2 C3 17 Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [0xC02F] CompressionSuite: NO_COMPRESSION [0x00] Extensions: renegotiation_info 00 ------------------------------------------------------------------ CONNECT jscj80qv-f5a3345b4e38b7f003d11cd6147d0a6042dec496-sac.d.aa.online-metrix.net:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 Connection: keep-alive Connection: keep-alive Host: jscj80qv-f5a3345b4e38b7f003d11cd6147d0a6042dec496-sac.d.aa.online-metrix.net:443 A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) Random: FE 6D 0A 62 AC 60 89 6D 46 EB CA AD 58 FB F5 10 10 83 94 3E E5 5E 34 0A 98 25 91 32 82 0C 68 C1 "Time": 2/14/2022 8:28:06 PM SessionID: empty Extensions: padding 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 server_name jscj80qv-f5a3345b4e38b7f003d11cd6147d0a6042dec496-sac.d.aa.online-metrix.net extended_master_secret empty renegotiation_info 00 elliptic_curves unknown [0x1D), secp256r1 [0x17], secp384r1 [0x18], secp521r1 [0x19] ec_point_formats uncompressed [0x0] SessionTicket empty ALPN h2, http/1.1 status_request OCSP - Implicit Responder SignedCertTimestamp (RFC6962) empty 0xff03 empty signature_algs sha256_ecdsa, sha384_ecdsa, sha512_ecdsa, Unknown[0x8]_Unknown[0x4], Unknown[0x8]_Unknown[0x5], Unknown[0x8]_Unknown[0x6], sha256_rsa, sha384_rsa, sha512_rsa, sha1_ecdsa, sha1_rsa Ciphers: [C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [CCA9] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 [CCA8] TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 [C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA [C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA [C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [0033] TLS_DHE_RSA_WITH_AES_128_SHA [0039] TLS_DHE_RSA_WITH_AES_256_SHA [002F] TLS_RSA_AES_128_SHA [0035] TLS_RSA_AES_256_SHA [000A] SSL_RSA_WITH_3DES_EDE_SHA Compression: [00] NO_COMPRESSION HTTP/1.1 200 Connection Established FiddlerGateway: Direct StartTime: 15:54:11.084 Connection: close EndTime: 15:54:11.380 ClientToServerBytes: 517 ServerToClientBytes: 0 ------------------------------------------------------------------ CONNECT fpt.live-partner.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 Connection: keep-alive Connection: keep-alive Host: fpt.live-partner.com:443 A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) Random: 0B AA 55 80 2B 8B 8D B2 3B 30 B6 16 67 5F A2 F4 90 29 C5 9E 6D A0 99 93 5D 3D 78 DA FE F7 90 E3 "Time": 3/25/2038 8:12:19 AM SessionID: empty Extensions: server_name fpt.live-partner.com extended_master_secret empty renegotiation_info 00 elliptic_curves unknown [0x1D), secp256r1 [0x17], secp384r1 [0x18], secp521r1 [0x19] ec_point_formats uncompressed [0x0] SessionTicket empty ALPN h2, http/1.1 status_request OCSP - Implicit Responder SignedCertTimestamp (RFC6962) empty 0xff03 empty signature_algs sha256_ecdsa, sha384_ecdsa, sha512_ecdsa, Unknown[0x8]_Unknown[0x4], Unknown[0x8]_Unknown[0x5], Unknown[0x8]_Unknown[0x6], sha256_rsa, sha384_rsa, sha512_rsa, sha1_ecdsa, sha1_rsa Ciphers: [C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [CCA9] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 [CCA8] TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 [C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA [C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA [C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [0033] TLS_DHE_RSA_WITH_AES_128_SHA [0039] TLS_DHE_RSA_WITH_AES_256_SHA [002F] TLS_RSA_AES_128_SHA [0035] TLS_RSA_AES_256_SHA [000A] SSL_RSA_WITH_3DES_EDE_SHA Compression: [00] NO_COMPRESSION HTTP/1.1 200 Connection Established FiddlerGateway: Direct StartTime: 15:54:10.595 Connection: close EndTime: 15:54:11.380 ClientToServerBytes: 205 ServerToClientBytes: 0 ------------------------------------------------------------------ CONNECT www.office.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 Connection: keep-alive Connection: keep-alive Host: www.office.com:443 A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) Random: 5E 87 CF FF A1 23 C3 97 E3 62 82 18 DC 94 20 18 8E 5E 2C 1C 7D C2 61 A3 E4 DF F5 66 82 C3 28 11 "Time": 1/1/2106 5:34:46 PM SessionID: C2 2B 00 00 EA 8A 69 60 86 1E 84 85 83 67 3F 3D 79 EF A5 2A DF 17 B3 97 04 61 BD 85 24 63 2D 06 Extensions: server_name www.office.com extended_master_secret empty renegotiation_info 00 elliptic_curves unknown [0x1D), secp256r1 [0x17], secp384r1 [0x18], secp521r1 [0x19] ec_point_formats uncompressed [0x0] SessionTicket empty ALPN h2, http/1.1 status_request OCSP - Implicit Responder SignedCertTimestamp (RFC6962) empty 0xff03 empty signature_algs sha256_ecdsa, sha384_ecdsa, sha512_ecdsa, Unknown[0x8]_Unknown[0x4], Unknown[0x8]_Unknown[0x5], Unknown[0x8]_Unknown[0x6], sha256_rsa, sha384_rsa, sha512_rsa, sha1_ecdsa, sha1_rsa Ciphers: [C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [CCA9] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 [CCA8] TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 [C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA [C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA [C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [0033] TLS_DHE_RSA_WITH_AES_128_SHA [0039] TLS_DHE_RSA_WITH_AES_256_SHA [002F] TLS_RSA_AES_128_SHA [0035] TLS_RSA_AES_256_SHA [000A] SSL_RSA_WITH_3DES_EDE_SHA Compression: [00] NO_COMPRESSION HTTP/1.1 200 Connection Established FiddlerGateway: Direct StartTime: 15:54:16.389 Connection: close EndTime: 15:54:16.992 ClientToServerBytes: 413 ServerToClientBytes: 7525 This is a CONNECT tunnel, through which encrypted HTTPS traffic flows. To view the encrypted sessions inside this tunnel, enable the Tools > Fiddler Options > HTTPS > Decrypt HTTPS traffic option. A SSLv3-compatible ServerHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) SessionID: 8D 15 00 00 8F 87 B0 3F D9 82 67 0E F2 62 01 3A 63 22 58 7D D1 C6 64 26 A3 DC 7A 5D 11 03 66 D4 Random: 58 D4 F3 CF E6 72 42 1A 50 73 5D 23 C9 4A 77 01 7E EB 39 74 CC 45 59 A7 D7 FE E5 6B 57 A5 FD 02 Cipher: TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [0xC014] CompressionSuite: NO_COMPRESSION [0x00] Extensions: status_request (OCSP-stapling) empty extended_master_secret empty renegotiation_info 00 ------------------------------------------------------------------ CONNECT clientlog.portal.office.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 Connection: keep-alive Connection: keep-alive Host: clientlog.portal.office.com:443 HTTP/1.1 200 Connection Established FiddlerGateway: Direct StartTime: 15:54:17.711 Connection: close ------------------------------------------------------------------ CONNECT m.webtrends.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 Connection: keep-alive Connection: keep-alive Host: m.webtrends.com:443 A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) Random: 69 70 8B CF F0 44 D3 D8 1C 1E F3 34 41 88 26 45 AB 19 3E BB BD F9 A1 15 95 49 00 AE 59 77 9E 1F "Time": 5/4/2080 9:49:53 AM SessionID: 04 05 C6 76 C6 A5 4A 64 74 BE 97 52 60 26 07 8B C0 D5 53 0F 64 05 3E 48 A4 AA 36 EF 66 E6 2B 1D Extensions: server_name m.webtrends.com extended_master_secret empty renegotiation_info 00 elliptic_curves unknown [0x1D), secp256r1 [0x17], secp384r1 [0x18], secp521r1 [0x19] ec_point_formats uncompressed [0x0] SessionTicket empty ALPN h2, http/1.1 status_request OCSP - Implicit Responder SignedCertTimestamp (RFC6962) empty 0xff03 empty signature_algs sha256_ecdsa, sha384_ecdsa, sha512_ecdsa, Unknown[0x8]_Unknown[0x4], Unknown[0x8]_Unknown[0x5], Unknown[0x8]_Unknown[0x6], sha256_rsa, sha384_rsa, sha512_rsa, sha1_ecdsa, sha1_rsa Ciphers: [C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [CCA9] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 [CCA8] TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 [C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA [C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA [C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [0033] TLS_DHE_RSA_WITH_AES_128_SHA [0039] TLS_DHE_RSA_WITH_AES_256_SHA [002F] TLS_RSA_AES_128_SHA [0035] TLS_RSA_AES_256_SHA [000A] SSL_RSA_WITH_3DES_EDE_SHA Compression: [00] NO_COMPRESSION HTTP/1.1 200 Connection Established FiddlerGateway: Direct StartTime: 15:54:22.737 Connection: close EndTime: 15:54:23.781 ClientToServerBytes: 1923 ServerToClientBytes: 4486 This is a CONNECT tunnel, through which encrypted HTTPS traffic flows. To view the encrypted sessions inside this tunnel, enable the Tools > Fiddler Options > HTTPS > Decrypt HTTPS traffic option. A SSLv3-compatible ServerHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) SessionID: 60 65 17 16 7C B5 2A 30 C2 5B AA D8 CE 28 8E 2E FD CE 44 26 67 FE F7 F2 19 E3 1B 2E 62 7B 2C 1D Random: 58 D4 F3 D5 14 6C CF BA 71 36 DF 5D 87 7E B7 E4 6D F7 42 7B 77 79 F3 2C 84 82 E3 3B E2 D5 12 EF Cipher: TLS_RSA_AES_256_SHA [0x0035] CompressionSuite: NO_COMPRESSION [0x00] Extensions: renegotiation_info 00 ------------------------------------------------------------------ CONNECT clientlog.portal.office.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 Connection: keep-alive Connection: keep-alive Host: clientlog.portal.office.com:443 A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) Random: D0 34 FB 7B 02 3C AF 33 91 1D 95 B2 A0 0F C6 66 AE 49 FC 7A 6B 9D 37 E3 F7 09 95 78 35 BA 50 FD "Time": 12/1/2035 12:07:04 AM SessionID: 51 16 00 00 86 19 69 65 54 B5 C6 40 C2 74 A0 D1 79 D2 8C 2D 86 52 0E 6B A4 1A 99 19 F3 D5 59 14 Extensions: server_name clientlog.portal.office.com extended_master_secret empty renegotiation_info 00 elliptic_curves unknown [0x1D), secp256r1 [0x17], secp384r1 [0x18], secp521r1 [0x19] ec_point_formats uncompressed [0x0] SessionTicket empty ALPN h2, http/1.1 status_request OCSP - Implicit Responder SignedCertTimestamp (RFC6962) empty 0xff03 empty signature_algs sha256_ecdsa, sha384_ecdsa, sha512_ecdsa, Unknown[0x8]_Unknown[0x4], Unknown[0x8]_Unknown[0x5], Unknown[0x8]_Unknown[0x6], sha256_rsa, sha384_rsa, sha512_rsa, sha1_ecdsa, sha1_rsa Ciphers: [C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [CCA9] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 [CCA8] TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 [C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA [C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA [C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [0033] TLS_DHE_RSA_WITH_AES_128_SHA [0039] TLS_DHE_RSA_WITH_AES_256_SHA [002F] TLS_RSA_AES_128_SHA [0035] TLS_RSA_AES_256_SHA [000A] SSL_RSA_WITH_3DES_EDE_SHA Compression: [00] NO_COMPRESSION HTTP/1.1 200 Connection Established FiddlerGateway: Direct StartTime: 15:54:22.501 Connection: close This is a CONNECT tunnel, through which encrypted HTTPS traffic flows. To view the encrypted sessions inside this tunnel, enable the Tools > Fiddler Options > HTTPS > Decrypt HTTPS traffic option. A SSLv3-compatible ServerHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) SessionID: 59 0C 00 00 FB CA EA C0 FD E6 5F F7 37 E3 2A 80 BD 0A A9 BE EE 59 2C 3F 85 F0 34 02 5E F9 8E F8 Random: 58 D4 F3 D5 73 5C FD 1B 05 7D E9 56 AF 3C F7 AC 4C C9 0B 15 75 85 5C 68 E8 E8 D8 D2 33 81 1F 68 Cipher: TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [0xC014] CompressionSuite: NO_COMPRESSION [0x00] Extensions: status_request (OCSP-stapling) empty extended_master_secret empty renegotiation_info 00 ------------------------------------------------------------------ CONNECT nexus.officeapps.live.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 Connection: keep-alive Connection: keep-alive Host: nexus.officeapps.live.com:443 A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) Random: 79 E0 B8 DC B4 A4 1F 2B 96 36 5F C3 41 CF AB 73 50 C5 AA C5 06 87 EA 29 31 CA 45 EA B0 4A C9 09 "Time": 5/7/2087 5:23:29 AM SessionID: 62 37 00 00 DC 20 12 CC 45 FD F4 36 36 43 40 30 35 F2 FD 82 BE 2B 5B 1D B5 86 E7 6A 5B 59 2F 3E Extensions: server_name nexus.officeapps.live.com extended_master_secret empty renegotiation_info 00 elliptic_curves unknown [0x1D), secp256r1 [0x17], secp384r1 [0x18], secp521r1 [0x19] ec_point_formats uncompressed [0x0] SessionTicket empty ALPN h2, http/1.1 status_request OCSP - Implicit Responder SignedCertTimestamp (RFC6962) empty 0xff03 empty signature_algs sha256_ecdsa, sha384_ecdsa, sha512_ecdsa, Unknown[0x8]_Unknown[0x4], Unknown[0x8]_Unknown[0x5], Unknown[0x8]_Unknown[0x6], sha256_rsa, sha384_rsa, sha512_rsa, sha1_ecdsa, sha1_rsa Ciphers: [C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [CCA9] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 [CCA8] TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 [C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA [C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA [C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [0033] TLS_DHE_RSA_WITH_AES_128_SHA [0039] TLS_DHE_RSA_WITH_AES_256_SHA [002F] TLS_RSA_AES_128_SHA [0035] TLS_RSA_AES_256_SHA [000A] SSL_RSA_WITH_3DES_EDE_SHA Compression: [00] NO_COMPRESSION HTTP/1.1 200 Connection Established FiddlerGateway: Direct StartTime: 15:54:24.467 Connection: close This is a CONNECT tunnel, through which encrypted HTTPS traffic flows. To view the encrypted sessions inside this tunnel, enable the Tools > Fiddler Options > HTTPS > Decrypt HTTPS traffic option. A SSLv3-compatible ServerHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) SessionID: 71 2F 00 00 88 34 85 48 06 2F 78 BA 0E 91 A3 43 86 78 89 0C 67 27 1F D8 A7 63 F0 57 CB 7D 1D 6B Random: 58 D4 F3 D7 7A 1B 74 60 61 34 E5 4C 1F 49 C3 05 9E 86 0A 2A 0E 0D A7 D2 6F 70 3B 09 B9 52 C0 5C Cipher: TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [0xC014] CompressionSuite: NO_COMPRESSION [0x00] Extensions: status_request (OCSP-stapling) empty extended_master_secret empty renegotiation_info 00 ------------------------------------------------------------------