Android https decryption broken on latest update 4.6.1.0

6 posts, 1 answers
  1. Kevin
    Kevin avatar
    3 posts
    Member since:
    Oct 2015

    Posted 27 Oct 2015 Link to this post

    Hello,

    I just wanted to let people know that the https decryption stopped working for me this morning after upgrading from 4.6.0.2 to 4.6.1.0

    Fortunately I found an old installer on my pc (version 4.5.1.0) so I'm still able to work.

    I'm using fiddler to monitor traffic from apps to google-analytics to verify that correct events and screenviews are being sent.

    Thanks for reading.

  2. Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 27 Oct 2015 Link to this post

    Hi, Kevin--

    More detail would be great. I'm watching traffic from Chrome on my Nexus 7 on Android 5.1.1 as we speak.

    It would be helpful to understand the following things:

    1> Which certificate maker are you using? (Tools > Fiddler Options > HTTPS > click "Certificates Generated By")

    2> What app(s) traffic are you trying to capture? Have you tried Chrome?

    3> Does decryption work everywhere *except* your Android device (e.g. your desktop browser?)

    Regards,
    Eric Lawrence
    Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  3. Андрей
    Андрей avatar
    1 posts
    Member since:
    Oct 2015

    Posted 28 Oct 2015 in reply to Eric Lawrence Link to this post

    Hi, I have the same problem.

    Some sceenshots and Wireshark caps are here https://drive.google.com/folderview?id=0B0MVoY-6L-KeXzJfVnRTbXBKMUU&usp=sharing

    I use Android 4.4.2 device, Fiddler runs on Win 7 x64.

    Decryption work fine for most sites, but not Google Play.

  4. Kevin
    Kevin avatar
    3 posts
    Member since:
    Oct 2015

    Posted 28 Oct 2015 Link to this post

    Hello Eric,

    1) Certificates generated using Fiddler.DefaultCertificateProvider

    Engine: MakeCert

    HashAlg-Root: SHA256

    HashAlg-EE: SHA256​

    2) I'm capturing traffic from my company's apps, which are only available on french store. I'v tried with two of them (allociné, jeuxvideo.com), both failing with fiddler 4.6.10 and both succeeding on earlier builds.

    I use fiddler to read the google analytics batch messages. I guess that you could replicate my issue with any app that is using GA SDK. I'v tried with several different Android devices and they all failed with fiddler 4.6.1.0

    3) It still works on our iOS apps. I haven't tried my desktop browser because I don't need this feature, let me know if you think it could make a difference (I've setup fiddler to only work with remote clients so I'd rather not change this setup unless it's really necessary).

    To be more precise, I do see the "tunnel to" line, but I'm missing the second line which actually contains the whole thing.

    I hope those information can help you work this out ! If not, let me know and I'll do my best to assist you.

  5. Answer
    Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 28 Oct 2015 Link to this post

    Hi, Kevin-- Thanks for the details. Did HTTPS traffic work in Chrome?

    My guess is that the apps in question have the same certificate limitation discovered in Firefox 36 (see http://www.telerik.com/forums/firefox-36-0-breaks-fiddler-https-decryption) whereby they reject wildcard certificates that lack SubjectAltNames. The workarounds mentioned in that post should resolve the problem for your apps too. Please let me know if not.

    Regards,
    Eric Lawrence
    Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  6. Kevin
    Kevin avatar
    3 posts
    Member since:
    Oct 2015

    Posted 06 Nov 2015 in reply to Eric Lawrence Link to this post

    Hello Eric,

     Sorry for the delay, I finally got a chance to try this out today and it indeed works.

     Thanks for the tips.

Back to Top