Unable to capture only HTTPS traffic of android mobile application

5 posts, 0 answers
  1. lenin
    lenin avatar
    1 posts
    Member since:
    Mar 2015

    Posted 04 Mar 2015 Link to this post

    Hi Eric,

    I am trying to capture the traffic of a mobile banking application installed in an Android device using Fiddler

    Exactly followed the instructions on http://docs.telerik.com/fiddler/Configure-Fiddler/Tasks/ConfigureForAndroid , 
    but I do not to see any HTTPS  calls after capturing the traffic ; I can only see the HTTP calls captured.


    1) Even after installing "Fiddler Root Certificate" on device Trusted Credentials, why HTTPS calls did get captured ?

    2) Do I need to speak with Dev. for a work around ? If so , can you please guide me what exactly has to done by Dev. at server/application level ?


    Got stuck with these issues for long time.Appreciate your help please.

    Regards
    Lenin
  2. Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 05 Mar 2015 Link to this post

    Which HTTP calls do you see specifically? Do you see HTTP calls from the application, or only other apps?

    If you do see HTTP calls from the app, do any of those requests show "Tunnel to" in the HOST column in Fiddler's Session list?

    Which HTTPS calls *don't* you see, specifically? Do you see HTTPS traffic from other apps?

    Regards,
    Eric Lawrence
    Telerik
     

    Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

     
  3. cool
    cool avatar
    2 posts
    Member since:
    May 2015

    Posted 18 May 2015 Link to this post

    Hello,

     

    I am having the same as the OP.

     

    Basically, one of the apps on the Nexus 7 android device is not being properly monitored by Fiddler.

     

    Other apps on the tablet with HTTPS traffic are working fine.

     

    Fiddler is showing "Tunneling to" and no further communication from that app, while the app on the tablet fails to continue working.

     

    Please advise.

  4. Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 19 May 2015 Link to this post

    Hello, "cool"--

    You haven't provided enough information to go on; for instance, telling us what application you're talking about might allow us to help you.

    Without further information, my guess is that the application is something like DropBox which uses Certificate Pinning, and cannot be intercepted without first jailbreaking the device.

    Regards,
    Eric Lawrence
    Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  5. cool
    cool avatar
    2 posts
    Member since:
    May 2015

    Posted 19 May 2015 in reply to Eric Lawrence Link to this post

    Hello Eric,

     Thanks for the reply. I suspect certificate pinning but I have not looked at it yet.

     

    Meanwhile, to answer you, the application is "Basis Peak" mobile app.

    You should be able to check / repro the problem without the hardware. Just try to login (even w/o valid credentials) and the app won't be able to contact the server and authenticate.

     

    Thanks!

Back to Top