Re: Fiddler - Capture and decrypt HTTPS traffic from iPad app

[EricLaw]

The most likely explanation is that you didn't install the proper certificate maker for iOS. You need to remove all of the certificates from the PC and the device, then install the certificate maker: http://www.fiddler2.com/fiddler/help/httpsdecryption.asp#ios

-Eric

On Monday, September 24, 2012 5:39:31 AM UTC-7, Jonathan2708 wrote:

I'm trying to monitor the HTTPS requests/responses for my iPad app using Fiddler. I have a Windows 7 PC running Fiddler and have configured the HTTP proxy on my iPad to point to the PC using port 8888. This works fine and the CONNECT tunnel messages and 'ClientHello' handshakes can be seen in the capture log. However as soon as I enable the 'Decrypt HTTPS traffic' option in Fiddler, the app is blocked from connecting to the server. I've tried installing the Fiddler root certificate on the PC, and I also installed the certificate on my iPad by exporting the certificate to a URL and pointing Safari to the URL on my iPad which then installed it. This hasn't made a difference. Do I need to do something with the SSL certificate installed at the server running my web service?

[EricLaw]

This is well covered in the Fiddler Book.

 

After you install the iOS Certificate Maker and start Fiddler and enable HTTPS decryption, visit http://ipv4.fiddler:8888/ from your ipad with the proxy configuration pointed at your Fiddler PC. On the Fiddler Echo Service page that loads, click the FiddlerRoot.cer link at the bottom of the page and install the interception certificate.

 

-Eric

On Friday, December 21, 2012 11:14:24 AM UTC-6, jiuchoimau wrote:

Hi, having the same issue here.  Installed the certificate maker on the PC.  But how to install on the ipad?  One safari doesnt want to download the file, even if downloaded, exe file doesnt work on ipad, does it?

[jiuchoimau]

Thanks for the reply Eric.  I started seeing some https traffic, Nice!!!  At the same time I am still seeing some with "Tunnel to" instead of the actual host.  All of these traffic(including the https that was successfully decrypted) is going to the same host.  Any idea why, maybe i missed some step?

[EricLaw]

It's not uncommon to see a "Tunnel to" that isn't followed by any other traffic. This can happen if the client abandons the connection for any reason (very common when using a browser). It can also happen if the client application is hardcoded to use a specific certificate and thus rejects the Fiddler root certificate even though it is otherwise "trusted"-- This is called "Certificate pinning" and is also covered in the Fiddler book as well as elsewhere on the internet.

[jiuchoimau]

Thanks for the explanation Eric.  The client is an ios application.  i dont believe there is code forcing a specific certificate just because if it is forcing for some pages then it will very well be forcing for all pages, just making assumptions here.  But if there is no other explanations then i guess this is as good as it gets.  Just wish i can capture everything.  Thanks again for the help!

[EricLaw]

Let's step back a little-- Why are you assuming that the Sessions marked "Tunnel to" are carrying any traffic at all? Clients often end up negotiating connections that they subsequently never use...

[jiuchoimau]

Good question!  The truth is i dont know.   All of these entries with "tunnel to" have their urls going to the website with a 443 port.  Seeing these entries was how i concluded that the https were not being captured before i installed the correct certificate.  Now that i have the correct certificate, I just assumed these remaining entries still are not being captured.  So are we saying these are just handshaking?  is there a way to confirm?

[EricLaw]

First things first: What do you see in the Log tab?  If you click on one of these tunnels, what do you see in the status bar?

[jiuchoimau]

Havent really used the Log tab.....Is there a way to see only those log entries for a particular session?

[jiuchoimau]

The status bar when clicked on one of the Tunnel to sessions says "This is a https decrypting tunnel to 'www.mywebsite.com:443'.  

On Monday, December 24, 2012 1:38:17 PM UTC-8, EricLaw wrote:

[EricLaw]

Thanks, Brian. You can find a similar article here: http://www.telerik.com/automated-testing-tools/blog/eric-lawrence/12-12-21/using-fiddler-with-apple-ios-devices.aspx. Note that users shouldn't need to download the "IPhone Configuration utility"-- it should be sufficient to simply open the .CER file on the device itself and reconfigure the device profile on the phone directly.

On Thursday, January 10, 2013 7:59:16 PM UTC-6, Brian wrote:

Check out http://blog.brianbeach.com/2013/01/using-fiddler-with-iphoneipad.html