Telerik Forums / Fiddler
This is a migrated thread and some comments may be shown as answers.

Can't see the contents of HTTP Tunnel to port 443 (II)

3 Answers 1699 Views
Fiddler Classic
This is a migrated thread and some comments may be shown as answers.
lars
Top achievements
Rank 1
lars asked on 16 Aug 2019, 11:10 AM

Hi,

I have nearly the same issue as in the topic "Can’t see the contents of HTTP Tunnel to port 443" discussed. But the difference is: while tunneling through fiddler, the app is not working properly. I inspected the packets with wireshark and when I am using fiddler, then the connection will be closed from client-side (fiddler) right after the "server hello" message. The last packet before the clientside FIN is the "change cipher spec, encrypted handshake message".

If I am not using fiddler as man in the middle, then everything works fine (hello, key exchange, change cipher spec, application data).

So it seems that fiddler closes the connection before all the data is exchanged. why?

With other connections (like google) fiddler works as expected, right after the connect message i can see the decrypted https traffic.

My setup is the following: I have MEmu (android emu) running on a windows machine and inside MEmu I configured my local machine on 8888 as proxy. This is working, if I google something from inside memu, everything is fine in fiddler. But if I use my app from inside memu, then the explained failure occures. 

Any help will be appreciated!

Thanks!

3 Answers, 1 is accepted

Sort by
0
Eric R | Senior Technical Support Engineer
Telerik team
answered on 21 Aug 2019, 12:53 PM
Hi Lars,

This appears to be the server closing the connection after denying the change cipher spec and encrypted handshake messages sent by the client (Fiddler). A step-by-step workflow is detailed in the Dissecting TLS Using Wireshark. Essentially, Step 4 is not completed because the Android OS is likely ignoring the user-installed Root Certificate which has been a change since Android 7 as outlined in the Using Fiddler with iOS and Android blog post. Note that since this is a platform specific blocker there isn't anything Fiddler can do to mitigate the issue.

I recommend seeing if the issue persists using a version of Android less than 7 in the emulator.

Please let me know if you need any additional information. Thank you for using the Fiddler Forums.

Regards,

Eric R | Technical Support Engineer
Progress Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
0
lars
Top achievements
Rank 1
answered on 27 Aug 2019, 08:56 PM

I checked the emulator version, it was 5.1, so it should not be the reason you mentioned. I also checked the logs in fiddler, it sais: "SecureClientPipeDirect failed: System.Security.Authentication.AuthenticationException Fehler bei SSPI-Aufruf"

I checked with wireshark, it is not the server who is closing the connection. It is fiddler who is the first one sending the FIN|ACK packet to the server.

Here is the packet order (not complete, just the important ones), maybe it is interesting:

1. client->server: Client Hello

2. server->client: Server Hello, Change Cipher Spec, Encrypted Handshake Message

3. client->server: Change Cipher Spec, Encrypted Handshake Message

4. client->server: FIN,ACK

 

Meanwhile I will read the documents you have linked. Thanks!

0
lars
Top achievements
Rank 1
answered on 28 Aug 2019, 10:10 AM
unbenannt.jpg

Stop, the list wasn't complete:

Tags
Fiddler Classic
Asked by
lars
Top achievements
Rank 1
Answers by
Eric R | Senior Technical Support Engineer
Telerik team
lars
Top achievements
Rank 1
Share this question
or