There's a 3rd party ios app that i want to capture traffic from, and i'm not having any luck in doing so. It is specifically the Twinkly app. My web requests from the browser seem to be getting decoded and i did not expect the apple apps to be decoded, due to certificate pinning, but I really would like to get this working for a 3rd party app. I installed a bouncy castle certificate and tried that, and I also set up a trial of Fiddler Everywhere and started over, with no luck. Any ideas? I am willing to jump through any kind of hoop necessary to get this to work, including jailbreaking the phone.
Nick Iliev
commented on 25 Oct 2022, 06:43 AM
Telerik team
We are unaware of how the specific application is making its request and if it is using additional security techniques. Suppose traffic is not captured (including non-secure HTTP tunnels) when the application is making its request. In that case, that can indicate that the app is not using HTTP/HTTPS or is not respecting the proxy configuration. If the app is only capturing the HTTP Connect tunnels but returning errors when making HTTPS requests, that most likely indicates that the application is not trusting the Fiddler certificate (which can be caused by a cert pinning or other security limitations).
John
commented on 26 Oct 2022, 02:41 PM
| edited
Top achievements
Rank 2
Iron
Iron
Veteran
Rank 2
Iron
Iron
Veteran
As far as i can determine based on your clues, it's most likely certificate pinning. I was unaware of this existing with 3rd party apps when i asked this question, but it makes sense as the android version of their app uses okhttp which also refuses to trust the telerik certificate. I had to patch the app to capture traffic in that case.