Fiddler Everywhere failing to show HTTPS traffic for a mobile Application

Hello Bhagyasree,

 

For Fiddler (or Fiddler Everywhere) to capture traffic from a mobile application, the root certificate needs to be installed and enabled in the iOS as described in this documentation article. However, that doesn't mean that you will capture all secure traffic as some servers are using the so-called certificate pinning. Basically, this is a security technique where the server will allow a secured connection only if he recognizes the root certificate that the browser or application (that is making the request) is using. When Fiddler is a MITM proxy, it is installing a different certificate, and all connections will be actively refused with an error similar to the one you are receiving.


That said, I am not entirely sure what security techniques are used by the mobile app Blink for Home but based on this article, it looks like that the security is tight. If you are the developer behind the Blink for Home mobile application, the only solution would be to temporarily disable the certificate pinning and allow the app to use 3rd-party certificates (specifically the Fiddler certificate) so that you could use Fiddler for debugging. If you don't own the app and don't have access to the codebase, then there is no out-of-the-box solution, and you won't be able to capture the secure traffic from that application.

 

 

Regards,
Nick Iliev
Progress Telerik