Hey, there! So Ive been using fidler for a while so i decided to try to sniff the requests out from a mobile app. And for some reason it didn't work. I have the certificate and everything set up. So i googled it and i saw one guy who converted the apk of a random apk (Im on android) and put a network_secutity_config.xml file in there that basically tells the app to trust the trusted certificates. It didn't work this way either so im just lost at this point. Do you know anything about this?
Basically the app just doesn't send the requests when sniffing with fiddler. They appear but in some weird ciphered format and it doesn't even give me a response.
1 Answer, 1 is accepted
Hi Yavor,
This is most likely due to Certificated Pinning. Something like this will probably not ever work due to security measures in-place by the mobile application or operating system. For security reasons, we also cannot recommend this either.
Additionally, this is a duplicate post from the Fiddler on Mobile Forum titled Text + android application. In an effort to keep things organized, the older post will be deleted and we encourage only one post per topic.
Please let me know if you need any additional information. Thank you for using the Fiddler Forums.
Regards,
Eric R | Technical Support Engineer
Progress Telerik