Error Capturing HTTPS Traffic

6 posts, 0 answers
  1. Ankit
    Ankit avatar
    5 posts
    Member since:
    Oct 2015

    Posted 08 Oct 2015 Link to this post

    Hi Telerik Team,

    Thanks for creating Fiddler. It is an awesome and useful product.

    I am using Fiddler 4.6.0.2 on Windows 8.1. I am trying to monitor some traffic from my android mobile. I am able to fetch the HTTP traffic flawlessly but i have issues with HTTPS traffic. My requests says HTTPS handshake failed.

    I have tried changing the port and removing/installing the certificate again. But it hasn't helped me.

    Here's the log:

    22:13:15:2555 [Fiddler] No HTTPS request was received from () new client socket, port 60376.
    22:13:15:2711 [Fiddler] No HTTPS request was received from () new client socket, port 60374.
    22:13:15:3022 [Fiddler] No HTTPS request was received from () new client socket, port 60373.
    22:13:15:3178 [Fiddler] No HTTPS request was received from () new client socket, port 60375.
    22:13:15:4268 [Fiddler] No HTTPS request was received from () new client socket, port 60377.
    22:13:18:9190 fiddler.network.https> HTTPS handshake to www.olacabs.com (for #461) failed. System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < The Local Security Authority cannot be contacted

    Win32 (SChannel) Native Error Code: 0x80090304
    22:13:48:4931 fiddler.network.https> HTTPS handshake to www.olacabs.com (for #465) failed. System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < The Local Security Authority cannot be contacted

    Win32 (SChannel) Native Error Code: 0x80090304
    22:13:48:5243 fiddler.network.https> HTTPS handshake to www.olacabs.com (for #466) failed. System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < The Local Security Authority cannot be contacted

    Win32 (SChannel) Native Error Code: 0x80090304

    Please help me to resolve the issue.

    I have also attached the screenshots in case it helps.

  2. Ankit
    Ankit avatar
    5 posts
    Member since:
    Oct 2015

    Posted 08 Oct 2015 Link to this post

    Just for an update. I tried using Fiddler2 for this. The error message is little different:

     

    22:41:11:1470 fiddler.network.https> HTTPS handshake to www.olacabs.com (for #113) failed. System.IO.IOException Received an unexpected EOF or 0 bytes from the transport stream.


    22:41:11:1626 fiddler.network.https> HTTPS handshake to www.olacabs.com (for #114) failed. System.IO.IOException Received an unexpected EOF or 0 bytes from the transport stream.


  3. Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 08 Oct 2015 Link to this post

    Hi, Ankit--

    Just to be clear here, what steps exactly did you perform on the Android device to trust Fiddler's certificate?

    What apps on the Android device are you trying to capture?

    The message: "The Local Security Authority cannot be contacted" represents a problem in your Windows configuration, whereby one of your critical processes isn't properly accepting messages from client applications. It sounds like that problem was resolved at some point based on your update.

    The message "Received an unexpected EOF or 0 bytes from the transport stream." could occur for a number of reasons, but the most likely reason is that the server wasn't happy with the HTTPS ciphers offered by the client. That might happen if you use Fiddler2 configured to offer only SSL3/TLS1.0 and the server (like this one, for instance) requires TLS1.2.

    You can enable TLS/1.2 inside Fiddler4; click Tools > Fiddler Options > HTTPS and use the Enabled Protocols link on the right.

    Regards,
    Eric Lawrence
    Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  4. Ankit
    Ankit avatar
    5 posts
    Member since:
    Oct 2015

    Posted 09 Oct 2015 in reply to Eric Lawrence Link to this post

    Hi Eric,

    Thanks for your answer. Enabling TLS1.2 somewhat helped me. Another issue:

    After setting Fiddler proxy in my android, some application just can't connect to their servers. What could be a possible reason? Servers in concern: uber.com and olacabs.com

    My log:

    00:12:14:4669 [Fiddler] No HTTPS request was received from () new client socket, port 34084.
    00:12:14:4982 [Fiddler] No HTTPS request was received from () new client socket, port 34085.
    00:12:14:7635 [Fiddler] No HTTPS request was received from () new client socket, port 34086.
    00:12:14:9199 [Fiddler] No HTTPS request was received from () new client socket, port 34087.
    00:12:19:6274 [Fiddler] No HTTPS request was received from () new client socket, port 34088.
    00:12:19:6895 [Fiddler] No HTTPS request was received from () new client socket, port 34089.
    00:12:19:8766 [Fiddler] No HTTPS request was received from () new client socket, port 34090.
    00:12:19:9389 [Fiddler] No HTTPS request was received from () new client socket, port 34091.
    00:12:20:2049 [Fiddler] No HTTPS request was received from () new client socket, port 34092.
    00:12:20:3608 [Fiddler] No HTTPS request was received from () new client socket, port 34093.
    00:12:20:9522 [Fiddler] No HTTPS request was received from () new client socket, port 34095.
    00:12:20:9835 [Fiddler] No HTTPS request was received from () new client socket, port 34094.
    00:12:21:6849 [Fiddler] No HTTPS request was received from () new client socket, port 34096.
    00:12:21:8252 [Fiddler] No HTTPS request was received from () new client socket, port 34097.
    00:12:22:0747 [Fiddler] No HTTPS request was received from () new client socket, port 34098.
    00:12:22:2461 [Fiddler] No HTTPS request was received from () new client socket, port 34099.
    00:12:22:7294 [Fiddler] No HTTPS request was received from () new client socket, port 34100.
    00:12:22:7454 [Fiddler] No HTTPS request was received from () new client socket, port 34101.
    00:12:22:9165 [Fiddler] No HTTPS request was received from () new client socket, port 34102.
    00:12:23:0880 [Fiddler] No HTTPS request was received from () new client socket, port 34103.
    00:12:23:3858 [Fiddler] No HTTPS request was received from () new client socket, port 34104.
    00:12:23:4309 [Fiddler] No HTTPS request was received from () new client socket, port 34105.

    00:12:51:3051 !Cannot decode HTTP response using Encoding: identity
    00:12:52:3340 [Fiddler] No HTTPS request was received from () new client socket, port 34120.
    00:12:52:3340 [Fiddler] No HTTPS request was received from () new client socket, port 34119.
    00:12:53:7994 [Fiddler] No HTTPS request was received from () new client socket, port 34124.
    00:12:54:4854 [Fiddler] No HTTPS request was received from () new client socket, port 34128.
    00:12:59:6622 [Fiddler] No HTTPS request was received from () new client socket, port 34132.
    00:13:04:7904 [Fiddler] No HTTPS request was received from () new client socket, port 34133.
    00:13:09:4515 [Fiddler] No HTTPS request was received from () new client socket, port 34134.

     

  5. Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 09 Oct 2015 Link to this post

    Hello, Ankit--

    If HTTPS decryption works on most sites (and in the browser), the client application may be performing a certificate pinning. See https://groups.google.com/forum/#!msg/httpfiddler/1A8Aks8ymPY/ZalTbWW0DV4J for some discussion of that security feature some apps use.

    Regards,
    Eric Lawrence
    Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  6. Ankit
    Ankit avatar
    5 posts
    Member since:
    Oct 2015

    Posted 12 Oct 2015 in reply to Eric Lawrence Link to this post

    Oh. I see. This is extra level of security. Interesting! Thanks for support.
Back to Top