I'm using Fiddler Classic and android Emulator - MEmu. I have installed some android application there.
Of course I have installed fiddler certificates on my host and on android also i moved them to the system folder, I set up fiddler proxy in the Wi-Fi settings and everything works fine, I can receive all https traffic but somehow in this application when I'm trying to log-in the application logs in but in the fiddler I don't have any activity, it is just empty at this moment. Same thing when I enter wrong password the application says me "Wrong password" which means it sends request to the server somehow but fiddler doesn't have any requests when I press the button "Log in".
How is this possible? Can application bypass proxy that set up in the wi-fi connection settings in the android somehow? Or how is it possible even it theory?
I also tried android firewall with block all connections option on, when I Log in in the application with this firewall that blocks everything - I have error in the application and in the blocked list I can see requests like IP address and some urls, so why I can't see this requests in the fiddler?
If those are HTTPS requests, are you seeing the TUNNEL requests (HTTP) and not seeing the actual HTTPS requests, or are you not seeing anything at all? Seeing only the TUNNELS will indicate that you are capturing only the non-secure requests for that application which probably means that the application doesn't like the Fiddler trust certificate. It is important to note that all Android applications are not working with certificates installed by the user (this is the default security configuration). Refer to this documentation article about Fiddler Everywhere (the same technique is applicable for Fiddler Classic), which explains how you could bypass that security configuration for applications in active development.