Hello. I've been messing around with fiddler for a while now and recently, I tried to monitor and isolate certain app's web traffic to track down the analytics api used. But unfortunately, not everything works. Most of the connections are ssl tunnels with 443 terminations. I did some searching and from what I found, I have tried the following.
1. Check if filters are turned on. Status:OFF
2. Installed Fiddler root certificates to both the phone and the PC.
3. Check if specific process is selected for monitoring. Status:OFF
4. Check if the device is connecting to the right port. Obviously.
Also, my device is running android v.9. I understand that android doesn't accept user installed certificates anymore when it comes to system wide access. So, I recompiled the app after modifying the manifest file and adding a Network security configuration file inside the res/xml folder. Still, no luck. But I should point out that I was able to capture everything once before without any problem. Also, my issue doesn't revolve around https decryption as it works well for twitter in web view. To better describe the issue, I have attached a couple of screenshots. Any assistance is appreciated. Thanks
Rank 1
1 Answer, 1 is accepted
Hi Jacob,
Generally, the ERR_NAME_NOT_RESOLVED is due to the domain name not resolving. Although, I am not certain what is described is supported. The SSL Tunnels with 443 Terminations are probably due to Certificate Pinning and there is no way around that without having the SSL Certificate public and private keys. In order to troubleshoot this, I will need more information. Are you able to provide the following?
1. The application recompilation needs to be done by the developer. I am assuming that is you?
2. Output of the Session(s) that are failing. See the Create a Session Archive ZIP (SAZ) documentation.
3. Output of the Fiddler Log tab. Select everything in the tab, right-click to save the output to a file. See the below screenshot for a visual reference.
In the meantime, please let me know if you need any additional information. Thank you for using the Fiddler Forums.
Regards,
Eric R | Technical Support Engineer
Progress Telerik
Rank 1
Thanks for the link Eric, it was helpful. But does certificate pinning occur out of the blue? Because as I mentioned in my earlier post, everything was working fine not so long ago. No 443 terminations, whatsoever. Anyway, to answer your question, indeed, I am the developer of the app. But technically, it's just a web wrapper. On a side note, I installed an app called 'Drony' which is a proxy app and since then, fiddler won't collect any data without opening that app - even with my wifi correctly configured to redirect traffic to fiddler. Maybe the log files you asked for would offer better understanding of the situation. They are in the link below. Kindly take a look.
https://gofile.io/?c=47JDbr
Cheers.
Hi Jacob,
Thank you for sending over the information. From the logs it appears that specific domains are using certificate pinning. Additionally, the Drony application might have installed or made changes to some infrastructure that wasn't cleared out upon removal. Another option is that other software is conflicting with the Proxy Settings. Common culprits are VPN and Firewall apps. I recommend checking the Proxy Settings in the Android Device and making sure they are not conflicting with the Fiddler Proxy Settings.
I hope this helps. Please let me know if you need any additional information. Thank you.
Regards,
Eric R | Technical Support Engineer
Progress Telerik
Rank 1
You are absolutely spot on. The proxy configuration turned out to be the cause of the issue. After resetting both system proxy configuration and Drony's, things are back to normal. After proxy reconfiguration, fiddler now captures and decodes everything except several domains due to certificate pinning as per your deduction. Thank you so much for your time and patience, Mr.Eric. My issue is resolved now. Have a great day!