Unable to capture traffic from android device

1 Answer 999 Views
Mobile
Kishore sai
Top achievements
Rank 1
Kishore sai asked on 18 Jul 2019, 10:06 AM

Hi,

I am a newbie in using fiddler. I was trying to capture the HTTPS traffic from android app. I have installed the fiddler root certificate successfully on my android device but not able to capture the https traffic but  i see http calls going through tunnel.

Fiddler version : v5.0.20192.25091

Android OS version : 8.1.0

Please see the attached image for the fiddler settings applied and let me know if needed any more information.

Thanks

 

1 Answer, 1 is accepted

Sort by
0
Eric R | Senior Technical Support Engineer
Telerik team
answered on 18 Jul 2019, 09:24 PM
Hi Kishore sai,

After Andoird 7, a new feature was implemented that ignored all user-installed certificates which means Android will not trust the Fiddler root certificate. For more details see the Using Fiddler with iOS 10 and Android 7 blog post.

Note that this is a platform-level issue which leaves us with no way to alleviate this.

Please let me know if you need any additional information and thank you for using Fiddler.

Regards,

Eric R
Progress Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Kishore sai
Top achievements
Rank 1
commented on 19 Jul 2019, 09:22 AM

Hi Eric,

You are right. I tried with Android os version 7.0 and iphone 8 with os version 11.4.1, it worked fine and i can capture https traffic.

Thanks for the reply and link to the post.

Kishore sai
Top achievements
Rank 1
commented on 25 Jul 2019, 09:30 AM

Hi Eric,

Occasionally, i am seeing that i was not able to capture logs specifically from android (with os version <=7).

But with IOS, it connects immediately with no issues.

Please let me know what information i can help you with to debug this on android

Note :

1. No Firewalls enabled.

2. Fiddler certificate installation also looks fine.

Thank you

 

 

Eric R | Senior Technical Support Engineer
Telerik team
commented on 25 Jul 2019, 07:56 PM

Hi Kishore sai,

Are you seeing the sessions but are some encrypted or are you just not seeing some sessions?

I recommend reviewing the Specific Traffic is Missing documentation. Additionally, could you provide a screenshot of what you are referring to? 

Thank you and I look forward to your reply.

Regards,

Eric R
Progress Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Kishore sai
Top achievements
Rank 1
commented on 26 Jul 2019, 07:47 AM

Hi Eric

1. I have seen the documentation but did not find a solution. But observed a point regarding custom rules and found that when i launch the application i am seeing that customrule.js is loaded statement. I don't know if this is expected behavior but wanted to mention here and also i never had my hands on modifying custom rules. (If i click on clear cache then this statement disappears) 

2. Coming to your question on Http sessions, After connecting to fiddler from android i can see all the desired calls/sessions but are going to tunnel.

please see the attached screenshots for reference.

Thanks

Awaiting your reply.

Eric R | Senior Technical Support Engineer
Telerik team
commented on 26 Jul 2019, 05:27 PM

Hi Kishore sai,

For number 1, this is expected behavior. In order to restore the default rules, they are located in the ~/Program Files/Fiddler2/Scripts/SampleRules.js folder. For more information see the Restore Default Rules documentation.

For number 2, this is probably due to certificate pinning. Some applications will only allow communication with a specific certificate. In this case, the traffic cannot be decrypted using the Fidldler's root certificate. More information is available at the CertPinning documentation.

Please let me know if you need any additional information. Thank you.

Regards,

Eric R
Progress Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Kishore sai
Top achievements
Rank 1
commented on 29 Jul 2019, 06:21 AM

 

Hi Eric,

Thanks for the post.

I hope this certificate pinning issue is not in my case. Because, It fails to capture https traffic only some times.

And i just got to give a trail in other machine. It perfectly did well.

But when trying in my machine, i am still having issues.

I can help you giving any info required in debugging to getting this sorted, please.

Thanks

Eric R | Senior Technical Support Engineer
Telerik team
commented on 29 Jul 2019, 01:07 PM

Hi Kishore sai,

Looking at the earlier screenshot, most of the 3rd-party apps with Tunnel To​ in the Host column would indicate Certificate Pinning. For example, Outlook and Google Play would use this.

Although, it does look like there is some relevant traffic available to inspect. 

To provide more information provide the following items:

1. - Identify which session you are inspecting.
2. - Attach the Session Archive Zip (SAZ) file and Fiddler Log Tab output.

Once I receive the above information, I can investigate further on my end.

Please let me know if you need any additional information. Thank you and I look forward to your reply.

Regards,

Eric R
Progress Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
M
Top achievements
Rank 1
commented on 20 Jun 2020, 09:19 PM

Hello Eric,

I'm new to Fiddler and would really appreciate your help in capturing HTTPS traffic from a mobile app using my tablet (Android 4.2 OS). After reading the other posts in this thread, I am still unable to capture HTTPS traffic. I see the tunnels, though.

The Fiddler cert is installed on the device. Please see the attachment. 

Thanks for your help!

 

Eric R | Senior Technical Support Engineer
Telerik team
commented on 22 Jun 2020, 12:29 PM

Hi M,

Thank you for providing the screenshot. If you see tunnels, this means the traffic is using Certificate Pinning which is a security measure implemented by the site owner. Fiddler won't be able to provide any way around that without having access to the web server.

For more details see the Capture Android Traffic with Fiddler and Certificate Pinning StackExchange posts.

Please let me know if you need any additional information. Thank you for using the Fiddler Forums.

Regards,


Eric R | Senior Technical Support Engineer
Progress Telerik

Progress is here for your business, like always. Read more about the measures we are taking to ensure business continuity and help fight the COVID-19 pandemic.
Our thoughts here at Progress are with those affected by the outbreak.
M
Top achievements
Rank 1
commented on 22 Jun 2020, 02:45 PM

Eric,

Thanks for your prompt reply.

Cert Pinning makes sense. I've been unable to reproduce another auditor's scans from last year. I'm using the same Android OS, but I'm scanning a newer version of the app. It makes sense that the mobile app owner implemented security measures in this newer app version which would explain why I can't see HTTPS traffic.

Thank you, Eric. I really appreciate your help.

M
Top achievements
Rank 1
commented on 23 Jun 2020, 02:24 AM

Hi Eric,

Looks like I need to pick your brain some more. I have an upcoming meeting where I need to have all my ducks in a row for this issue. 

Do you think it's possible that it's something other than Cert Pinning? I took a look at the Fiddler logs and there are a lot of these:

!SecureClientPipeDirect failed: System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < An unknown error occurred while processing the certificate for pipe (CN=*.bubadu.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com).

So I tried the following:

  1. I forced handshakes by following the instructions in the link below, then scanned the app. https://docs.telerik.com/fiddler/Configure-Fiddler/Troubleshooting/HTTPSTimeout
  2. I deleted and reinstalled the Fiddler certs, restarted Fiddler, then scanned the app.
  3. I downloaded the APK file of the app version that I'm trying to reproduce the scans for, inserted code into the manifest xml file to force the app to trust user-added certs, then scanned the app.
  4. Under Options, HTTPS tab, I added tls1.3 to the existing list of protocols, so I now have: <client>;ssl2;ssl3;tls1.0;tls1.1;tls1.2;tls1.3   -- Again, restarted Fiddler and scanned the app.

Sadly, none of these gave me any HTTPS traffic. Any other ideas?

Thanks in advance!

Eric R | Senior Technical Support Engineer
Telerik team
commented on 23 Jun 2020, 12:47 PM

Hi M,

After performing those additional steps and a failed error is still being received means that Certificate Pinning is most likely the cause.

There are alternatives if you own the Android application and the web server. Can you confirm this is the case?

Thank you and I look forward to your reply.

Regards,


Eric R | Senior Technical Support Engineer
Progress Telerik

Progress is here for your business, like always. Read more about the measures we are taking to ensure business continuity and help fight the COVID-19 pandemic.
Our thoughts here at Progress are with those affected by the outbreak.
M
Top achievements
Rank 1
commented on 23 Jun 2020, 08:06 PM

Hi Eric, 

Thanks for your quick reply. I don't own the app, but I've been tasked to debug and scan for third-party activity. My colleague was able to see HTTPS traffic by scanning the same app with the same Android OS (earlier than Android 7), so it must be an error on my side.

I attended Progress Telerik's webinar this morning: How to Debug iOS and Android Mobile Apps with Fiddler, and there were details mentioned that I was not aware of. Once I receive the video link, I'll follow the steps carefully, and I bet I'll see the HTTPS traffic.

Although the video should be published somewhere on the Progress Telerik website, I can share the link here once I receive it. That way it can help other newbies reading this thread. 

M
Top achievements
Rank 1
commented on 25 Jun 2020, 11:33 PM

As promised, here is the link to the webinar:  How to Debug iOS and Android Mobile Apps with Fiddler

Android details start at 35:44

https://www.telerik.com/campaigns/fiddler/webinar-debugappsfiddler/thank-you?utm_medium=email&utm_source=eloqua&utm_campaign=fdlr_webinar_6_DebugAppsFiddler&elqTrackId=d3b4fd95d5f546dabacfecbe276305e3&elq=db1c4456db8240ba90823edfd7c682cf&elqaid=20896&elqat=1&elqCampaignId=20613

Tags
Mobile
Asked by
Kishore sai
Top achievements
Rank 1
Answers by
Eric R | Senior Technical Support Engineer
Telerik team
Share this question
or