1 Answer, 1 is accepted
Hello Tian,
The CONNECT Tunnels in Fiddler Classic indicate that Fiddler is capturing traffic from the targeted application/endpoints, but the captured traffic is only HTTP and not HTTPS. That usually can suggest that you have a problem with the Fiddler certificate authority file. For example, the FIddler CA is not installed (on the emulator), or it is installed, but you are trying to capture traffic from an Android application that does not respect user-installed CAs.
In the first scenario, you must download, install, and trust the Fiddler CA on the emulator. Once the FIddler CA is installed successfully, you can test by opening a mobile browser and a secure endpoint like https://example.com.
In the second case, your only option is to reconfigure the Android application by explicitly setting its security configuration to respect user-installed CAs. Note that this is only possible if you can rebuild the application, as it will require modification of the Android configuration. Details on configuring an Android application can be found in this documentation section for Fiddler Everywhere (the concept is the same for Fiddler Classic).
Regards,
Nick Iliev
Progress Telerik
Love the Telerik and Kendo UI products and believe more people should try them? Invite a fellow developer to become a Progress customer and each of you can get a $50 Amazon gift voucher.
Rank 1
Are you talking about this certificate?(picture "zs1.png" and "zs2.png")
I think I installed it correctly.
I found on the Internet, there are people said: in the user is not good. I put it in the system trust the way he did it. But still not.
(zs3.png)
Is there another way?
Now it's not possible to crawl apps and packages
thank you
Rank 1
The screenshots suggest that the proxy captures only HTTP and that the TLS handshake fails. This is why you only see the proxy CONNECT tunnels but not the corresponding HTTPS sessions that should follow after a successful TLS handshake.
By design, the FIddler certificate is meant to be used as user-installed certificate authority files, and it will work for applications that respect and trust the user-installed CAs. Newer versions of Android do not allow the installation of third-party certificates as system certificates, which you are trying to achieve on your end. The latest Android versions further restrict the options to install a CA as a system certificate, so you might be dealing with a limitation coming from newer versions of the Android OS.
I suspect you are either using a rooted device or an emulator that mocks a rooted device. In that case, you should consult the owner/creator of the emulator for specifics on how to properly install and trust a third-party certificate as a system certificate (if that is possible at all).