This topic has been covered in the Fiddler documentation. You can use Fiddler to sniff messages from the parties you have physical access to. Given you don’t give physical access to malicious user you are protected with transport and message security.

Q: Does Fiddler2 demonstrate a flaw in HTTPS?

A: No. HTTPS relies on certificates in order to secure web traffic.
Web browsers prevent man-in-the-middle attacks by relying upon Trusted
Root Certification authorities to issue certificates that secure the
traffic. As designed, web browsers will show a warning when traffic
is not protected by a certificate issued by a trusted root.

Edit
This is from another relevant answer

Transport security provides only point-to-point channel security. It
means that HTTPS establish secure channel only between client and
server exposed to client. But if this server is just a load balancer
or proxy server it has direct access to content of the message.

Message security provides end-to-end channel security. It means that
security is part of transferred data and only intended destination can
decrypt the data (load balancer or proxy sees only encrypted message).
Message security in most cases also uses certificates to provide
encryption and signing but it is usually slower because transport
security can use HW acceleration.