Hello,
I have successfully setup Fiddler Everywhere on my iMac as proxy, installed certificate and can watch traffic from my iPhone to HTTPS-sites using Chrome or Safari. Great!
But I would like to inspect traffic of other apps – like Find My – to Apple's servers. The app says "Find My not available, check network connection". It seems that the requests are blocked because the CRT is not valid for app traffic, just for browsers?!
Please advise, any help is greatly appeciated.
Regards
Döner
1 Answer, 1 is accepted
As you have found, many of the Apple applications use certificate pinning. This means that the applications reject Fiddler Everywhere's certificate, so they cannot be decrypted. There's no legal way to bypass certificate pinning of those applications.
When you use "Do not decrypt" rule in Fiddler Everywhere, the app just establishes the required tunnel and does not interfer with it. So, the client application (like "Find My") first sends a CONNECT request to Fiddler Everywhere. Due to security rules, the CONNECT request contains only the host for the request. At this point Fiddler Everywhere detects it should not decrypt the traffic to this host, so it established the required tunnels with the server and then just transfers the data without touching it. That is the reason why you cannot see the full URLs - this is by design the way CONNECT methods work - the client sends just information about the server for which it needs connection. You can find more information about CONNECT tunnels in the official RFC: https://datatracker.ietf.org/doc/html/rfc7231#section-4.3.6
So, in short - when using proxy, there's no way to get the full URLs called by applications using certificate pinning.
Regards,
Rosen Vladimirov
Progress Telerik
Love the Telerik and Kendo UI products and believe more people should try them? Invite a fellow developer to become a Progress customer and each of you can get a $50 Amazon gift voucher.
Rank 1
Understand. Is it possible to at least show the HOST server (e.g. gateway.icloud.com) of the app’s request?
That would be very helpful to see wether the app makes requests or not at all …
Interesting ... when I switch to FindMy app on phone I can see several requests going to https://p107-fmfmobile.icloud.com/fmipservice/friends/
Obviously the link for the people / friends part of FindMy, but when it tries to access other data (documented is that is making requests to https://gateway.icloud.com/acsnservice/) e.g. for AirTags or other Apple devices, it shows a message "FindMy not available" (blocked by Fiddler?) on phone and nothing is logged via Fiddler ...
I have already cleared the "Bypass" window in settings, but nothing changed.
When I disable proxy, all is good.
Any idea?
I know understand that this very likely happens because those apps use "certificate pinning", which is hard to bypass.
I have set Fiddler to disable decryption of the URLs but they don't show up in the log window, although the app must making the requests because I can see it showing the data it receives by doing so.
Actually: it would be absolute sufficient to see what URL the app calls, including the PATH of that POST requests. I don't need to see the data or anything encrypted ... any idea?