So I followed these steps:
Routed the phone traffic to fiddler
No fiddler root certificate installed on phone
Run target app on my phone
Observed the logs in the LOGS tab
This is the output:
14:50:09:1173 !SecureClientPipeDirect failed: System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < An unknown error occurred while processing the certificate for pipe (CN=*.
cvs.com, O=DO_NOT_TRUST, OU=Created by
http://www.fiddler2.com).
14:50:09:2267 !SecureClientPipeDirect failed: System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < An unknown error occurred while processing the certificate for pipe (CN=*.
cvs.com, O=DO_NOT_TRUST, OU=Created by
http://www.fiddler2.com).
14:50:10:2737 !SecureClientPipeDirect failed: System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < An unknown error occurred while processing the certificate for pipe (CN=*.
cvs.com, O=DO_NOT_TRUST, OU=Created by
http://www.fiddler2.com).
My obeservation is that the packets are being dropped, and connection is not being established with original server.
So, we can say that app is correctly checking if the certificate is signed by root CA or not because in this case, fiddler Ca is NOT trusted by the app and app drops the connection. Please Correct me if I am wrong.
So, now I want to check if the app is verifying Hostname properly. So, what I want is to generate a certificate signed by fiddler CA with random Common Name, and now I can add fiddler certificate to the trusted list of CAs in the phone.Then use that generated Certifcate to decrypt HTTPS messages. How can I go ahead with this.