Sniffing Android app's HTTPS traffic from Fiddler fails with only 'Tunnel To' entries in Fiddler
It appears to be specific to that app. I was successfully able to sniff all the other apps. That particular app probably uses SSL pinning: it checks for certificate within itself and doesn't allow fake certificates even if it's trusted by the device.
Why would some HTTPS requests fail to decrypt on Fiddler, while some works ?
There are plenty of tutorials on how you can intercept HTTP(s) traffic from Android using Fiddler.
Try this one: http://docs.telerik.com/fiddler/configure-fiddler/tasks/configureforandroid
However, it will fail when you try to intercept and decrypt Android SSL traffic coming from an application, and not from a browser.
It might be that the application uses a certificate pinning – and you are probably cannot decipher this connection. Lost cause!
But more probably, the reason is a bug in the HttpsUrlConnection pipeline implementation.
To solve the issue, please proceed with the following steps:
- In Fiddler click "Rules->Customize Rules";
- Find function OnBeforeResponse in the script
Add following code to the function body:
if (oSession.oRequest["User-Agent"].indexOf("Dalvik") > -1 &&
oSession.HTTPMethodIs("CONNECT")) {
oSession.oResponse.headers["Connection"] = "Keep-Alive";
}Save the file and restart Fiddler.
Windows Phone 8.1 Emulator not proxying through Fiddler
I can successfully use Windows Phone 8.1 Virtual Machines (on Windows 8.1 Update 1) with Fiddler.
Try this:
- Run Fiddler.
- Click
Tools
>Fiddler Options
>Connections
. Change theFiddler Listen Port
from8888
to something else, e.g.8889
. (The Windows Phone team decided to steal port 8888 for their debugger). - Tick the
Allow remote computers to connect
box. - Click
Ok
button - In the QuickExec box below Fiddler's session list, type
prefs set fiddler.network.proxy.RegistrationHostName 169.254.80.80
where the IP address is found at the top of the tooltip you see when hovering over theOnline
indicator at the top-right of Fiddler's toolbar. - Restart Fiddler.
- Start VS 2013 and load your project. Click
Run
for theWindows Phone 8.1 emulator
. - Open IE. When the Settings dialog box appears, choose
Custom Settings
. In theData Sense savings
drop down, chooseOff
. - Click
Done
.
Step #2 technically shouldn't be required (because their debugger is listening on loopback instead of the public IP), but it can't hurt. I'm not positive that Step #8 is required, but given that Data Sense's browser-optimization service is based on a proxy in the cloud, it certainly seems like it could interfere.
Related Topics
Extending Application to Share Variables Globally
Recyclerview - How to Smooth Scroll to Top of Item on a Certain Position
How to Display Custom View in Actionbar
Firebase (Fcm): Open Activity and Pass Data on Notification Click. Android
Android - Set Text to Textview
Java.Lang.Noclassdeffounderror: Javax.Activation.Datahandler in Android
What Is the Maximum Amount of Ram an App Can Use
Connecting Mongodb from Mobile or Browser Based Application
How to Scale a Website for Mobile Devices
Android Canvas: Draw Transparent Circle on Image
What Is the Real Android Studio Gradle Version
Can an Android App Connect Directly to an Online MySQL Database
How to Save State During Orientation Change in Android If the State Is Made of My Classes
Android - Nullpointerexception on Searchview in Action Bar
How to Avoid "Illegalstateexception: Scrollview Can Host Only One Direct Child"
System.Loadlibrary(...) Couldn't Find Native Library in My Case