Proxy connection not working with Android and PC with VPN set up

1 Answer 57 Views

Android Fiddler Everywhere MacOS Mobile Windows

jungwoo asked on 23 Oct 2024, 09:19 AM | edited on 23 Oct 2024, 09:20 AM

hi
I'm use fiddler "everywhere enterprise"
I'm having trouble with proxy connection after setting up VPN on Android.

[Pre-Condition]
- PC: Mac OS / WindowOS
- VPN App: Global Protect
- Device setup: CA installed in PC / Android ddvice (No VPN setup) / Set the device to the same proxy information as the PC

[Check]
- iOS
> set up VPN > Proxy connection is successful and traiffc checked << Pass
> Proxy connection is successful and traiffc checked > can set up VPN << Pass

- AOS
> No VPN setup > Proxy connection is successful << Pass
> setup VPN > Proxy connection is successful but cannot traiffc check << Fail
> Proxy connection is successful and traiffc checked > cannot setup VPN << Fail
- VPN app Fail comment: could not verify the server cerificate of the gateway / if the issue persists, contact your administrator

Please help
thank you!

1 Answer, 1 is accepted

answered on 23 Oct 2024, 10:39 AM

Hello Jungwoo,

As a disclaimer, we are not affiliated with Global Protect or any other products developed by Palo Alto company, and we do not possess technical details about the specific implementation used in their mobile application.

The above said, based on the error message ("could not verify the server certificate of the gateway / if the issue persists, contact your administrator"), it can be inferred that the VPN in the Android mobile application only works with a specific certificate. In order for Fiddler to capture traffic from any Android application, the application must be explicitly configured to trust user-installed certificate authority (CA) files. This can only be accomplished if you have access to the application codebase and are permitted to change its security configuration (as described in the provided steps here). These steps will enable the application to utilize Fiddler's CA and allow Fiddler to decrypt the captured traffic.

It's also possible that the application's creators have implemented other security restrictions to protect against an MITM proxy (such as Fiddler), which we may be unaware of. The best course of action is to contact Global Protect support and ask them if the mobile application is compatible with forward TLS proxies that are using a man-in-the-middle approach to capture HTTPS traffic.

Regards,
Nick Iliev
Progress Telerik

Love the Telerik and Kendo UI products and believe more people should try them? Invite a fellow developer to become a Progress customer and each of you can get a $50 Amazon gift voucher.