7 Answers, 1 is accepted
Hi Ivan,
When monitoring Mobile Traffic, I recommend that the Machine running Fiddler and the Mobile Device be on the same network. Additionally, the Wi-Fi Network should be visible to the Network that the Machine running Fiddler is on. See the Configure Fiddler for Android and Configure Fiddler for iOS documentation for more information.
There are additional considerations for mobile devices as well and I have listed them below.
1. Android 7+ doesn't allow User-Installed Certificates which means HTTPS decryption will not work. See the Using Fiddler with iOS 10 and Andoird 7 post for more information.
2. Certificate Pinning will also disallow any SSL to read some Mobile Application traffic.
If the issue still persists, can you provide more information about the current set up?
Please let me know if you need any additional information. Thank you for using the Fiddler Forums.
Regards,
Eric R | Technical Support Engineer
Progress Telerik
Hi Ivan,
Unfortunately, I am certain not the PEAP MSCHAPv2 mechanism is supported since Capture is working without it. Although, there are a few options to investigate and I have listed them below.
Option 1 - I have seen that PEAP uses CA Certificates. Do you know if the CA Certificate has been validated on the Android Client and is it from a Public or Private Authority? Note that if it is a Private Authority, Android may be seeing it as a user-installed certificate and ignore it. In this case, there isn't any Fiddler can do.
Option 2 - It could be possible that the WinHTTP Credential Release Policy is refusing to respond to authentication challenges. It may be possible to configure Fiddler to authenticate on the client's behalf. Do this by selecting Rules -> Automatically Authenticate from the menu option which will use the Windows User Credentials.
If other credentials are required, set the x-AutoAuth property to the desired credentials in the OnBeforeRequest function of the Custom Rules file. The format of the credentials is username:password and I have provided an example code snippet below.
static function OnBeforeRequest(sSession: Session)
{
if (oSession.HostnameIs("RADIUSServerHostName")) {
oSession["x-AutoAuth"] = "username:P@$$word"
}
}
Please let me know if either of the above options apply. Thank you and I look forward to your reply.
Regards,
Eric R | Technical Support Engineer
Progress Telerik
"Do you know if the CA Certificate has been validated on the Android Client and is it from a Public or Private Authority" - i don't know. I've just noticed that there is "do not validate" value for CA certificate parametr in Wi-Fi network settings;
Also I've tried both of variants from Option 2 - unfortunately it doesn't work. Just interested - in this string oSession.HostnameIs("RADIUSServerHostName") should be exactly "RADIUSServerHostName" this value? or it just means some Host name?
Hi Ivan,
The RADIUSServerHostName should be the actual Host Name for the PEAP MSCHAPv2 server.
With that said, in order to see if PEAP MSCHAPv2 is supported I am going to reach out to my colleagues. Once I have more information I will reply back to this thread.
In the meantime, please let me know if you need any additional information. Thank you for your patience and understanding.
Regards,
Eric R | Technical Support Engineer
Progress Telerik
Hi Ivan,
Apologies for the delayed response. After discussing with my colleagues, we are not aware of any lack of support for PEAP MSCHAPv2. With that said, we are not entirely familiar with the Authentication Protocol either.
After doing some research, it appears that a CA Root Certificate must be used at each client to authenticate the server to each client prior to the client submitting authentication credentials. This would mean that since Android 7+ doesn't allow user installed certificates it isn't supported at the platform level.
Our recommendation is to use the WPA protocol instead as mentioned in your earlier testing.
Please let me know if you any additional information. Thank you again for your patience and for using the Fiddler Forums.
Regards,
Eric R | Technical Support Engineer
Progress Telerik