This is a migrated thread and some comments may be shown as answers.

Need help reading https traffic from android app

2 Answers 426 Views
Mobile
This is a migrated thread and some comments may be shown as answers.
dies
Top achievements
Rank 1
dies asked on 12 Dec 2014, 09:21 AM
Hello Eric, i've been racking my brains for the last few days figuring out why i cant sniff my twitter android app traffic anymore!



Basically what worked before was that i had simply installed fiddler proxy on my PC, exported the root certificate (and added it to my android devices CA storage), then i installed cydia's mobile substrate and Android-SSL-TrustKiller because apparently the twitter apk uses certificate pinning that needs to be bypassed in order to properly MitM the app. I set my android wifi proxy settings to the same ip:port as the machine that fiddler is listening on.



Unfortunately this does not work anymore and im left unable to properly read twitters app traffic, whereas googleplay, facebook, instagram, etc etc all work fine. It had worked fine until a few days ago. I hadn't updated my twitter app either so im just not sure how it could have broke itself.



I tried proxydroid (which uses iptables i believe), and fiddler showed attempts at connecting to one of twitters ip, but it never goes through (i believe this is an issue with the IP not resolving to the host-name correctly, which causes certificate name mismatch errors)

With standard wifi proxy tuned to fiddler, i dont see ANY requests.  With proxydroid, i see this http://gyazo.com/6792f884e1f88453a8cacb1632d0b3d5
(tones of CONNECTS and cert mismatches, despite having imported fiddlerroot into CA storage.


I'm incredibly vexed...i need someone who can help me properly diagnose and fix this issue.



If it helps, im on a SGS3 android version 4.1.2 (I even tried genymotionemulator, yielding the same results).

2 Answers, 1 is accepted

Sort by
0
Eric Lawrence
Telerik team
answered on 15 Dec 2014, 03:42 PM
Installing Fiddler's root certificate will not help with certificate name mismatch errors. When you use iptables to reroute Android traffic, you need to set the SetCNFromSNI preference: https://groups.google.com/d/msg/httpfiddler/hvsDR14j1Lg/P02zBzIYCE4J so that Fiddler knows what server it's talking to (rather than just its IP address).

In the other scenario, where you don't even see a CONNECT request, this is a sign that there's a bug somewhere in the client application or your jailbreaking/trustbreaking software, since Fiddler obviously can't screw anything up if you're not even sending it traffic. :-)

Regards,
Eric Lawrence
Telerik
 

Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

 
0
dies
Top achievements
Rank 1
answered on 07 Feb 2015, 11:55 PM
Thanks for the response, Eric. 

I have tried both methods (setting SNI preference to true, which did not affect this particular twitter APP but DID affect "fix" instagram app), and manually correcting the mismatches on the once-off basis (I repeated this for all of the ~20 ip's that twitter uses)

Still no cigar.
Tags
Mobile
Asked by
dies
Top achievements
Rank 1
Answers by
Eric Lawrence
Telerik team
dies
Top achievements
Rank 1
Share this question
or