This is a migrated thread and some comments may be shown as answers.

Error Capturing HTTPS Traffic

5 Answers 1617 Views
Windows
This is a migrated thread and some comments may be shown as answers.
Ankit
Top achievements
Rank 1
Ankit asked on 08 Oct 2015, 04:57 PM

Hi Telerik Team,

Thanks for creating Fiddler. It is an awesome and useful product.

I am using Fiddler 4.6.0.2 on Windows 8.1. I am trying to monitor some traffic from my android mobile. I am able to fetch the HTTP traffic flawlessly but i have issues with HTTPS traffic. My requests says HTTPS handshake failed.

I have tried changing the port and removing/installing the certificate again. But it hasn't helped me.

Here's the log:

22:13:15:2555 [Fiddler] No HTTPS request was received from () new client socket, port 60376.
22:13:15:2711 [Fiddler] No HTTPS request was received from () new client socket, port 60374.
22:13:15:3022 [Fiddler] No HTTPS request was received from () new client socket, port 60373.
22:13:15:3178 [Fiddler] No HTTPS request was received from () new client socket, port 60375.
22:13:15:4268 [Fiddler] No HTTPS request was received from () new client socket, port 60377.
22:13:18:9190 fiddler.network.https> HTTPS handshake to www.olacabs.com (for #461) failed. System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < The Local Security Authority cannot be contacted

Win32 (SChannel) Native Error Code: 0x80090304
22:13:48:4931 fiddler.network.https> HTTPS handshake to www.olacabs.com (for #465) failed. System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < The Local Security Authority cannot be contacted

Win32 (SChannel) Native Error Code: 0x80090304
22:13:48:5243 fiddler.network.https> HTTPS handshake to www.olacabs.com (for #466) failed. System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < The Local Security Authority cannot be contacted

Win32 (SChannel) Native Error Code: 0x80090304

Please help me to resolve the issue.

I have also attached the screenshots in case it helps.

5 Answers, 1 is accepted

Sort by
0
Ankit
Top achievements
Rank 1
answered on 08 Oct 2015, 05:12 PM

Just for an update. I tried using Fiddler2 for this. The error message is little different:

 

22:41:11:1470 fiddler.network.https> HTTPS handshake to www.olacabs.com (for #113) failed. System.IO.IOException Received an unexpected EOF or 0 bytes from the transport stream.


22:41:11:1626 fiddler.network.https> HTTPS handshake to www.olacabs.com (for #114) failed. System.IO.IOException Received an unexpected EOF or 0 bytes from the transport stream.


0
Eric Lawrence
Telerik team
answered on 08 Oct 2015, 06:39 PM
Hi, Ankit--

Just to be clear here, what steps exactly did you perform on the Android device to trust Fiddler's certificate?

What apps on the Android device are you trying to capture?

The message: "The Local Security Authority cannot be contacted" represents a problem in your Windows configuration, whereby one of your critical processes isn't properly accepting messages from client applications. It sounds like that problem was resolved at some point based on your update.

The message "Received an unexpected EOF or 0 bytes from the transport stream." could occur for a number of reasons, but the most likely reason is that the server wasn't happy with the HTTPS ciphers offered by the client. That might happen if you use Fiddler2 configured to offer only SSL3/TLS1.0 and the server (like this one, for instance) requires TLS1.2.

You can enable TLS/1.2 inside Fiddler4; click Tools > Fiddler Options > HTTPS and use the Enabled Protocols link on the right.

Regards,
Eric Lawrence
Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
0
Ankit
Top achievements
Rank 1
answered on 09 Oct 2015, 06:44 PM

Hi Eric,

Thanks for your answer. Enabling TLS1.2 somewhat helped me. Another issue:

After setting Fiddler proxy in my android, some application just can't connect to their servers. What could be a possible reason? Servers in concern: uber.com and olacabs.com

My log:

00:12:14:4669 [Fiddler] No HTTPS request was received from () new client socket, port 34084.
00:12:14:4982 [Fiddler] No HTTPS request was received from () new client socket, port 34085.
00:12:14:7635 [Fiddler] No HTTPS request was received from () new client socket, port 34086.
00:12:14:9199 [Fiddler] No HTTPS request was received from () new client socket, port 34087.
00:12:19:6274 [Fiddler] No HTTPS request was received from () new client socket, port 34088.
00:12:19:6895 [Fiddler] No HTTPS request was received from () new client socket, port 34089.
00:12:19:8766 [Fiddler] No HTTPS request was received from () new client socket, port 34090.
00:12:19:9389 [Fiddler] No HTTPS request was received from () new client socket, port 34091.
00:12:20:2049 [Fiddler] No HTTPS request was received from () new client socket, port 34092.
00:12:20:3608 [Fiddler] No HTTPS request was received from () new client socket, port 34093.
00:12:20:9522 [Fiddler] No HTTPS request was received from () new client socket, port 34095.
00:12:20:9835 [Fiddler] No HTTPS request was received from () new client socket, port 34094.
00:12:21:6849 [Fiddler] No HTTPS request was received from () new client socket, port 34096.
00:12:21:8252 [Fiddler] No HTTPS request was received from () new client socket, port 34097.
00:12:22:0747 [Fiddler] No HTTPS request was received from () new client socket, port 34098.
00:12:22:2461 [Fiddler] No HTTPS request was received from () new client socket, port 34099.
00:12:22:7294 [Fiddler] No HTTPS request was received from () new client socket, port 34100.
00:12:22:7454 [Fiddler] No HTTPS request was received from () new client socket, port 34101.
00:12:22:9165 [Fiddler] No HTTPS request was received from () new client socket, port 34102.
00:12:23:0880 [Fiddler] No HTTPS request was received from () new client socket, port 34103.
00:12:23:3858 [Fiddler] No HTTPS request was received from () new client socket, port 34104.
00:12:23:4309 [Fiddler] No HTTPS request was received from () new client socket, port 34105.

00:12:51:3051 !Cannot decode HTTP response using Encoding: identity
00:12:52:3340 [Fiddler] No HTTPS request was received from () new client socket, port 34120.
00:12:52:3340 [Fiddler] No HTTPS request was received from () new client socket, port 34119.
00:12:53:7994 [Fiddler] No HTTPS request was received from () new client socket, port 34124.
00:12:54:4854 [Fiddler] No HTTPS request was received from () new client socket, port 34128.
00:12:59:6622 [Fiddler] No HTTPS request was received from () new client socket, port 34132.
00:13:04:7904 [Fiddler] No HTTPS request was received from () new client socket, port 34133.
00:13:09:4515 [Fiddler] No HTTPS request was received from () new client socket, port 34134.

 

0
Eric Lawrence
Telerik team
answered on 09 Oct 2015, 08:07 PM
Hello, Ankit--

If HTTPS decryption works on most sites (and in the browser), the client application may be performing a certificate pinning. See https://groups.google.com/forum/#!msg/httpfiddler/1A8Aks8ymPY/ZalTbWW0DV4J for some discussion of that security feature some apps use.

Regards,
Eric Lawrence
Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
0
Ankit
Top achievements
Rank 1
answered on 12 Oct 2015, 06:33 PM
Oh. I see. This is extra level of security. Interesting! Thanks for support.
Tags
Windows
Asked by
Ankit
Top achievements
Rank 1
Answers by
Ankit
Top achievements
Rank 1
Eric Lawrence
Telerik team
Share this question
or