Been using Fiddler for awhile. It's an amazing program. I'm no longer able to capture https traffic from the Android Facebook app. I've read all the threads and searched all around for a solution. I've seen discussions on ssl pinning, killswitch, etc. I've used proxydroid in the past, as well. Does Facebook now have this certificate pinning issue or is there another workaroud available. It used to work great. I would rather test on a non-rooted device. Thanks.
17 Answers, 1 is accepted
0
Hello,
What changed between the moment you could capture traffic and the moment you could not? Did you update Fiddler? Did you change something else in your setup? Which version of Fiddler are you running now?
Regards,
Tsviatko Yovtchev
Telerik
What changed between the moment you could capture traffic and the moment you could not? Did you update Fiddler? Did you change something else in your setup? Which version of Fiddler are you running now?
Regards,
Tsviatko Yovtchev
Telerik
Do you want to have your say when we set our development plans?
Do you want to know when a feature you care about is added or when a bug fixed?
Explore the
Telerik Feedback Portal
and vote to affect the priority of the items
0
Иван
Top achievements
Rank 1
Rank 1
answered on 07 Dec 2016, 06:50 PM
Same here. Used Fiddler for a while with other applications and everything worked great. The only app that I can't decrypt is Facebook with it's tls1.2. Any ideas how can I do it?
0
Hi,
TLS 1.2 is off by default in Fiddler (there were many buggy implementations so Fiddler negotiated for lower protocol version by default). You can switch it on by adding it to the Protocols list in the HTTPS tab of Options.
Regards,
Tsviatko Yovtchev
Telerik by Progress
TLS 1.2 is off by default in Fiddler (there were many buggy implementations so Fiddler negotiated for lower protocol version by default). You can switch it on by adding it to the Protocols list in the HTTPS tab of Options.
Regards,
Tsviatko Yovtchev
Telerik by Progress
Do you want to have your say when we set our development plans?
Do you want to know when a feature you care about is added or when a bug fixed?
Explore the
Telerik Feedback Portal
and vote to affect the priority of the items
0
Иван
Top achievements
Rank 1
Rank 1
answered on 07 Dec 2016, 07:06 PM
Thanks for your fast reply.
It's enabled: "ssl3;tls1.0;tls1.1;tls1.2"
And I recreated certs with BCCertMaker.BCCertMaker and updated them both at PC and Emulator.
Btw, same with my iOS. Can't connect if using Fiddler.
It's enabled: "ssl3;tls1.0;tls1.1;tls1.2"
And I recreated certs with BCCertMaker.BCCertMaker and updated them both at PC and Emulator.
Btw, same with my iOS. Can't connect if using Fiddler.
0
Иван
Top achievements
Rank 1
Rank 1
answered on 12 Dec 2016, 06:45 PM
Any ideas? :(
0
mike
Top achievements
Rank 1
Rank 1
answered on 16 Apr 2017, 08:42 AM
Same error here. Can't browse to Facebook using iOS 10, on iPad Pro 9.7", Telerik Fiddler Web Debugger v4.6.20171.9220
.NET 4.6.2 WinNT 6.1.7601 SP1,
Enabled TLS 1.2 as per the advice above.
Still "Safari cannot ..." error on the iOS screen.
0
mike
Top achievements
Rank 1
Rank 1
answered on 16 Apr 2017, 09:09 AM
Ah, forgot to mention, I did not upload a cert to iOS.
When I connect to it with ipv4.telerik:8888, it suggests to trust *.google.com. Not sure if it is ok or not.
0
Hi,
You should have Fiddler Root Certificate installed on your IOS device. If it is IOS 10.3 could you also check out whether in Settings > General > About > Certificate Trust Testings that certificate has full trust enabled?
Regards,
Tsviatko Yovtchev
Telerik by Progress
You should have Fiddler Root Certificate installed on your IOS device. If it is IOS 10.3 could you also check out whether in Settings > General > About > Certificate Trust Testings that certificate has full trust enabled?
Regards,
Tsviatko Yovtchev
Telerik by Progress
Do you want to have your say when we set our development plans?
Do you want to know when a feature you care about is added or when a bug fixed?
Explore the
Telerik Feedback Portal
and vote to affect the priority of the items
0
Иван
Top achievements
Rank 1
Rank 1
answered on 15 Aug 2017, 10:13 AM
Got some progress. Facebook is using so-called 'SSL pinning' and validate cets that is used by the system. I'v disabled it at my IOs device (jailbreak needed) and now Facebook app works, but Fiddler still can't capture it's traffic. No requests, empty window :(
0
Hi Ivan,
If there are no request at all this starts to sound like Fiddler is not set as proxy properly. Is it capturing HTTP? If yes, it should be capturing at least the CONNECTs, which travel on HTTP.
Regards,
Alexander
Progress Telerik
If there are no request at all this starts to sound like Fiddler is not set as proxy properly. Is it capturing HTTP? If yes, it should be capturing at least the CONNECTs, which travel on HTTP.
Regards,
Alexander
Progress Telerik
Do you want to have your say when we set our development plans?
Do you want to know when a feature you care about is added or when a bug fixed?
Explore the
Telerik Feedback Portal
and vote to affect the priority of the items
0
Gentian
Top achievements
Rank 1
Rank 1
answered on 06 Oct 2017, 07:34 PM
Hi Alexander, I would like to get Six Digit Code from Traffic Connection using Facebook.
0
澄
Top achievements
Rank 1
Rank 1
answered on 02 Jan 2018, 05:06 AM
v5.0
it works before, but now it do not work..
tried everything, reset certs, restart fiddler etc.. it just simply not working...do not know why
0
澄
Top achievements
Rank 1
Rank 1
answered on 02 Jan 2018, 05:08 AM
It does not work for my chrome in computer
and I tried to install certs in iOS and Andriod. it also do not work.
and I tried to install certs in iOS and Andriod. it also do not work.
0
shalini
Top achievements
Rank 1
Rank 1
answered on 02 Aug 2019, 09:15 AM
Hi
Can we capture number of likes,added comments browsed pages in facebook . If s how do we do it using fiddler
0
Hi Shalini,
Facebook traffic will be encrypted using HTTPS and Fiddler can Decrypt HTTPS traffic. Although, there are a couple of items that will not allow this to work and I have listed them below.
1. - As outlined in the original post, Certificate Pinning has become common practice for mobile applications. This will block the decryption using the Fiddler root Certificate.
2. - As described in the Using Fiddler with iOS and Android 7 blog post, Android 7+ will ignore installation of all user-installed root certificates. If the root certificate is ignored, the traffic won't be decrypted.
Additionally, since the above items are platform specific, there are no workarounds available.
Please let me know if you need any additional information. Thank you for using the Fiddler Forums.
Regards,
Eric R
Progress Telerik
Facebook traffic will be encrypted using HTTPS and Fiddler can Decrypt HTTPS traffic. Although, there are a couple of items that will not allow this to work and I have listed them below.
1. - As outlined in the original post, Certificate Pinning has become common practice for mobile applications. This will block the decryption using the Fiddler root Certificate.
2. - As described in the Using Fiddler with iOS and Android 7 blog post, Android 7+ will ignore installation of all user-installed root certificates. If the root certificate is ignored, the traffic won't be decrypted.
Additionally, since the above items are platform specific, there are no workarounds available.
Please let me know if you need any additional information. Thank you for using the Fiddler Forums.
Regards,
Eric R
Progress Telerik
Do you want to have your say when we set our development plans?
Do you want to know when a feature you care about is added or when a bug fixed?
Explore the
Telerik Feedback Portal
and vote to affect the priority of the items
0
Herb
Top achievements
Rank 1
Iron
Rank 1
Iron
answered on 06 Aug 2019, 06:47 PM
Thanks for the response Eric. Still monitoring this thread after three years! Would be nice to have a clean solution.
0
Herb
Top achievements
Rank 1
Iron
Rank 1
Iron
answered on 16 Jul 2021, 10:13 PM
5 years and still looking for an answer!
Lini
commented on 20 Jul 2021, 10:06 AM
Telerik team
Hi,
The answer Eric provided is still valid - Fiddler cannot capture traffic from mobile applications that use certificate pinning. Furthermore, the newer Android versions (7+) further limit the ability to use Fiddler with mobile apps - you will need to compile the app with an updated manifest in order to be able to use and trust the Fiddler provided user certificates. There is nothing further we can do in this case - unless you recompile the Facebook app for Android with an updated manifest or use it in a device with android 4,5 or 6, you will not be able to capture traffic from it.