Some Androids Apps Won't Connect Through Fiddler

Sniffing Android app's HTTPS traffic from Fiddler fails with only 'Tunnel To' entries in Fiddler

It appears to be specific to that app. I was successfully able to sniff all the other apps. That particular app probably uses SSL pinning: it checks for certificate within itself and doesn't allow fake certificates even if it's trusted by the device.

Why would some HTTPS requests fail to decrypt on Fiddler, while some works ?

There are plenty of tutorials on how you can intercept HTTP(s) traffic from Android using Fiddler.
Try this one: http://docs.telerik.com/fiddler/configure-fiddler/tasks/configureforandroid

However, it will fail when you try to intercept and decrypt Android SSL traffic coming from an application, and not from a browser.

It might be that the application uses a certificate pinning – and you are probably cannot decipher this connection. Lost cause!
But more probably, the reason is a bug in the HttpsUrlConnection pipeline implementation.

To solve the issue, please proceed with the following steps:

  1. In Fiddler click "Rules->Customize Rules";
  2. Find function OnBeforeResponse in the script

  3. Add following code to the function body: 

    if (oSession.oRequest["User-Agent"].indexOf("Dalvik") > -1 &&
        oSession.HTTPMethodIs("CONNECT")) {
        oSession.oResponse.headers["Connection"] = "Keep-Alive";
    }

  4. Save the file and restart Fiddler.

Windows Phone 8.1 Emulator not proxying through Fiddler

I can successfully use Windows Phone 8.1 Virtual Machines (on Windows 8.1 Update 1) with Fiddler.

Try this:

  1. Run Fiddler.
  2. Click Tools > Fiddler Options > Connections. Change the Fiddler Listen Port from 8888 to something else, e.g. 8889. (The Windows Phone team decided to steal port 8888 for their debugger).
  3. Tick the Allow remote computers to connect box.
  4. Click Ok button
  5. In the QuickExec box below Fiddler's session list, type prefs set fiddler.network.proxy.RegistrationHostName 169.254.80.80 where the IP address is found at the top of the tooltip you see when hovering over the Online indicator at the top-right of Fiddler's toolbar.
  6. Restart Fiddler.
  7. Start VS 2013 and load your project. Click Run for the Windows Phone 8.1 emulator.
  8. Open IE. When the Settings dialog box appears, choose Custom Settings. In the Data Sense savings drop down, choose Off.
  9. Click Done.

Step #2 technically shouldn't be required (because their debugger is listening on loopback instead of the public IP), but it can't hurt. I'm not positive that Step #8 is required, but given that Data Sense's browser-optimization service is based on a proxy in the cloud, it certainly seems like it could interfere.

Sample Image


Related Topics

Extending Application to Share Variables Globally

Recyclerview - How to Smooth Scroll to Top of Item on a Certain Position

How to Display Custom View in Actionbar

Firebase (Fcm): Open Activity and Pass Data on Notification Click. Android

Android - Set Text to Textview

Java.Lang.Noclassdeffounderror: Javax.Activation.Datahandler in Android

What Is the Maximum Amount of Ram an App Can Use

Connecting Mongodb from Mobile or Browser Based Application

How to Scale a Website for Mobile Devices

Android Canvas: Draw Transparent Circle on Image

What Is the Real Android Studio Gradle Version

Can an Android App Connect Directly to an Online MySQL Database

Android Sleep/Standby Mode

How to Save State During Orientation Change in Android If the State Is Made of My Classes

Android - Nullpointerexception on Searchview in Action Bar

How to Avoid "Illegalstateexception: Scrollview Can Host Only One Direct Child"

System.Loadlibrary(...) Couldn't Find Native Library in My Case

How to Force Share Intent to Open a Specific App


Leave a reply



Submit