Hi,
Fiddler runs on PC whits Windows 7x64:
I'm trying to capture HTTS traffic from Android. Trusted certificate was installed, and I can see traffic from some sites, such as Google.
But on few site, such as Twitter, I get error:
On another PC it's OK on the same device. Thanks for any ideas.
Fiddler runs on PC whits Windows 7x64:
Fiddler Web Debugger (v4.4.9.0)
Built: 8 июля 2014 г.
64-bit AMD64, VM: 43,00mb, WS: 72,00mb
.NET 4.0.30319.17929 WinNT 6.1.7601 SP1
I'm trying to capture HTTS traffic from Android. Trusted certificate was installed, and I can see traffic from some sites, such as Google.
But on few site, such as Twitter, I get error:
CONNECT twitter.com:443 HTTP/1.1
Host: twitter.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; Nexus 5 Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.99 Mobile Safari/537.36
A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.
Version: 3.3 (TLS/1.2)
Random: 54 D3 2B C1 BC 2C 00 09 2A 61 34 84 2A CD 1C CB 14 33 DD 7D 30 44 16 80 E4 94 FA AA CC 76 24 B6
SessionID: 79 46 00 00 36 D9 BA 70 AA 0E 97 A6 10 8B BA 99 95 BD E7 D2 08 4B 5D 93 80 09 14 55 F2 C2 4A 9F
Extensions:
server_name twitter.com
ec_point_formats uncompressed [0x0]
elliptic_curves secp521r1 [0x19], secp384r1 [0x18], secp256r1 [0x17]
SessionTicket empty
signature_algorithms 00 20 06 01 06 02 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03 02 03 03 02 01 02 02 02 03 01 01
NextProtocolNegotiation empty
channel_id(GoogleDraft) empty
Ciphers:
[C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
[C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
[0039] TLS_DHE_RSA_WITH_AES_256_SHA
[0038] TLS_DHE_DSS_WITH_AES_256_SHA
[0035] TLS_RSA_AES_256_SHA
[C012] TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
[C008] TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
[0016] SSL_DHE_RSA_WITH_3DES_EDE_SHA
[0013] SSL_DHE_DSS_WITH_3DES_EDE_SHA
[000A] SSL_RSA_WITH_3DES_EDE_SHA
[C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
[C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
[C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
[00A2] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
[009E] TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
[0033] TLS_DHE_RSA_WITH_AES_128_SHA
[0032] TLS_DHE_DSS_WITH_AES_128_SHA
[009C] TLS_RSA_WITH_AES_128_GCM_SHA256
[002F] TLS_RSA_AES_128_SHA
[C011] TLS_ECDHE_RSA_WITH_RC4_128_SHA
[C007] TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
[0005] SSL_RSA_WITH_RC4_128_SHA
[0004] SSL_RSA_WITH_RC4_128_MD5
[00FF] TLS_EMPTY_RENEGOTIATION_INFO_SCSV
Compression:
[00] NO_COMPRESSION
Host: twitter.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; Nexus 5 Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.99 Mobile Safari/537.36
A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.
Version: 3.3 (TLS/1.2)
Random: 54 D3 2B C1 BC 2C 00 09 2A 61 34 84 2A CD 1C CB 14 33 DD 7D 30 44 16 80 E4 94 FA AA CC 76 24 B6
SessionID: 79 46 00 00 36 D9 BA 70 AA 0E 97 A6 10 8B BA 99 95 BD E7 D2 08 4B 5D 93 80 09 14 55 F2 C2 4A 9F
Extensions:
server_name twitter.com
ec_point_formats uncompressed [0x0]
elliptic_curves secp521r1 [0x19], secp384r1 [0x18], secp256r1 [0x17]
SessionTicket empty
signature_algorithms 00 20 06 01 06 02 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03 02 03 03 02 01 02 02 02 03 01 01
NextProtocolNegotiation empty
channel_id(GoogleDraft) empty
Ciphers:
[C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
[C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
[0039] TLS_DHE_RSA_WITH_AES_256_SHA
[0038] TLS_DHE_DSS_WITH_AES_256_SHA
[0035] TLS_RSA_AES_256_SHA
[C012] TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
[C008] TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
[0016] SSL_DHE_RSA_WITH_3DES_EDE_SHA
[0013] SSL_DHE_DSS_WITH_3DES_EDE_SHA
[000A] SSL_RSA_WITH_3DES_EDE_SHA
[C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
[C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
[C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
[00A2] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
[009E] TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
[0033] TLS_DHE_RSA_WITH_AES_128_SHA
[0032] TLS_DHE_DSS_WITH_AES_128_SHA
[009C] TLS_RSA_WITH_AES_128_GCM_SHA256
[002F] TLS_RSA_AES_128_SHA
[C011] TLS_ECDHE_RSA_WITH_RC4_128_SHA
[C007] TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
[0005] SSL_RSA_WITH_RC4_128_SHA
[0004] SSL_RSA_WITH_RC4_128_MD5
[00FF] TLS_EMPTY_RENEGOTIATION_INFO_SCSV
Compression:
[00] NO_COMPRESSION
HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 11:37:22.290
Connection: close
fiddler.network.https> HTTPS handshake to twitter.com failed. System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < The message received was unexpected or badly formatted
On another PC it's OK on the same device. Thanks for any ideas.
Are you using the Android browser, or an app?
Can you explain what you mean when you say "On another PC it's OK on the same device."? Is the other PC running the same build of Fiddler? Is there any change if you update to the very latest Fiddler (v4.4.9.0)?
Is there any chance you could get a WireShark PCAP of the failing scenario? You could send it to me using Help > Send Feedback inside Fiddler.
Regards,
Eric Lawrence
Telerik
Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.
It's same on browser (Chrome) and app, I'm currently testing. Another PC and my PC running same and latest version of Fiddler. I sent you WireShark PCAP via email.