Hello,
I just wanted to let people know that the https decryption stopped working for me this morning after upgrading from 4.6.0.2 to 4.6.1.0
Fortunately I found an old installer on my pc (version 4.5.1.0) so I'm still able to work.
I'm using fiddler to monitor traffic from apps to google-analytics to verify that correct events and screenviews are being sent.
Thanks for reading.
5 Answers, 1 is accepted
More detail would be great. I'm watching traffic from Chrome on my Nexus 7 on Android 5.1.1 as we speak.
It would be helpful to understand the following things:
1> Which certificate maker are you using? (Tools > Fiddler Options > HTTPS > click "Certificates Generated By")
2> What app(s) traffic are you trying to capture? Have you tried Chrome?
3> Does decryption work everywhere *except* your Android device (e.g. your desktop browser?)
Regards,
Eric Lawrence
Telerik
Rank 1
Hi, I have the same problem.
Some sceenshots and Wireshark caps are here https://drive.google.com/folderview?id=0B0MVoY-6L-KeXzJfVnRTbXBKMUU&usp=sharing
I use Android 4.4.2 device, Fiddler runs on Win 7 x64.
Decryption work fine for most sites, but not Google Play.
Rank 1
Hello Eric,
1) Certificates generated using Fiddler.DefaultCertificateProvider
Engine: MakeCert
HashAlg-Root: SHA256
HashAlg-EE: SHA256
2) I'm capturing traffic from my company's apps, which are only available on french store. I'v tried with two of them (allociné, jeuxvideo.com), both failing with fiddler 4.6.10 and both succeeding on earlier builds.
I use fiddler to read the google analytics batch messages. I guess that you could replicate my issue with any app that is using GA SDK. I'v tried with several different Android devices and they all failed with fiddler 4.6.1.0
3) It still works on our iOS apps. I haven't tried my desktop browser because I don't need this feature, let me know if you think it could make a difference (I've setup fiddler to only work with remote clients so I'd rather not change this setup unless it's really necessary).
To be more precise, I do see the "tunnel to" line, but I'm missing the second line which actually contains the whole thing.
I hope those information can help you work this out ! If not, let me know and I'll do my best to assist you.
My guess is that the apps in question have the same certificate limitation discovered in Firefox 36 (see http://www.telerik.com/forums/firefox-36-0-breaks-fiddler-https-decryption) whereby they reject wildcard certificates that lack SubjectAltNames. The workarounds mentioned in that post should resolve the problem for your apps too. Please let me know if not.
Regards,
Eric Lawrence
Telerik
Rank 1
Hello Eric,
Sorry for the delay, I finally got a chance to try this out today and it indeed works.
Thanks for the tips.