Can't see the contents of HTTP Tunnel to port 443 (II)

4 posts, 0 answers
  1. lars
    lars avatar
    3 posts
    Member since:
    Aug 2019

    Posted 16 Aug 2019 Link to this post

    Hi,

    I have nearly the same issue as in the topic "Can’t see the contents of HTTP Tunnel to port 443" discussed. But the difference is: while tunneling through fiddler, the app is not working properly. I inspected the packets with wireshark and when I am using fiddler, then the connection will be closed from client-side (fiddler) right after the "server hello" message. The last packet before the clientside FIN is the "change cipher spec, encrypted handshake message".

    If I am not using fiddler as man in the middle, then everything works fine (hello, key exchange, change cipher spec, application data).

    So it seems that fiddler closes the connection before all the data is exchanged. why?

    With other connections (like google) fiddler works as expected, right after the connect message i can see the decrypted https traffic.

    My setup is the following: I have MEmu (android emu) running on a windows machine and inside MEmu I configured my local machine on 8888 as proxy. This is working, if I google something from inside memu, everything is fine in fiddler. But if I use my app from inside memu, then the explained failure occures. 

    Any help will be appreciated!

    Thanks!

  2.
  3. Eric R | Technical Support Engineer
    Admin
    Eric R | Technical Support Engineer avatar
    247 posts

    Posted 21 Aug 2019 Link to this post

    Hi Lars,

    This appears to be the server closing the connection after denying the change cipher spec and encrypted handshake messages sent by the client (Fiddler). A step-by-step workflow is detailed in the Dissecting TLS Using Wireshark. Essentially, Step 4 is not completed because the Android OS is likely ignoring the user-installed Root Certificate which has been a change since Android 7 as outlined in the Using Fiddler with iOS and Android blog post. Note that since this is a platform specific blocker there isn't anything Fiddler can do to mitigate the issue.

    I recommend seeing if the issue persists using a version of Android less than 7 in the emulator.

    Please let me know if you need any additional information. Thank you for using the Fiddler Forums.

    Regards,

    Eric R | Technical Support Engineer
    Progress Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  5. lars
    lars avatar
    3 posts
    Member since:
    Aug 2019

    Posted 27 Aug 2019 in reply to Eric R | Technical Support Engineer Link to this post

    I checked the emulator version, it was 5.1, so it should not be the reason you mentioned. I also checked the logs in fiddler, it sais: "SecureClientPipeDirect failed: System.Security.Authentication.AuthenticationException Fehler bei SSPI-Aufruf"

    I checked with wireshark, it is not the server who is closing the connection. It is fiddler who is the first one sending the FIN|ACK packet to the server.

    Here is the packet order (not complete, just the important ones), maybe it is interesting:

    1. client->server: Client Hello

    2. server->client: Server Hello, Change Cipher Spec, Encrypted Handshake Message

    3. client->server: Change Cipher Spec, Encrypted Handshake Message

    4. client->server: FIN,ACK

     

    Meanwhile I will read the documents you have linked. Thanks!

  7. lars
    lars avatar
    3 posts
    Member since:
    Aug 2019

    Posted 28 Aug 2019 in reply to lars Link to this post

    Stop, the list wasn't complete:

  8.
Back to Top