There are scenarios when your mobile/tablet doesn’t work for a particular website and you are unable to find out the reason. If those are https encrypted traffic then you want to know what is within those encrypted requests. Fiddler has been a great tool for IT admins and Developers in such troubleshooting.

Today, I will explain how to capture http/https traffic of an Android Device using fiddler. I will be using an Android 8.1 Mobile Phone, Windows 10 Computer with Fiddler 5.0 installed. Windows 10 computer will act as a proxy server and mobile’s wi-fi will connect to windows 10 so that all traffic will route through Window 10 computer.

diagram.JPG

Here are the steps with screenshots :

  • Make sure your Mobile and Window 10 Computer are on same network (vlan). There are many reason that in a corporate network ports between different vlan would be blocked and you won’t be able to connect to the port of the proxy server.
  • We will first prepare our Windows 10 Computer to act as a proxy.
    • Install Fiddler and Launch.
    • Navigate to Tool > Options > Connections in Fiddler.
    • Configure setting as below, you can change the port if want to listen on any different port.proxy.png
    • Restart Fiddler, It will now listen on port 127.0.0.1:8888.
    • You can find out by running netstat -a on windows 10 computer.port.png
  • Let us configure Mobile to route traffic thorugh this window 10 computer.
    • Navigate to wi fi setting and open setting of currently connected wi-fi connection.
    • Navigate to the bottom and click on Proxy.

                  1

    • Set the proxy to Manual.

                2

    • Specify Window 10 Computer IP (10.0.0.3) and Fiddler Port 8888. Click back, there isn’t any option to save, it saves itself.

3

    • Now if you try to navigate any https website on mobile, It will throw an error that ‘your connection is not private’

4

    • At this point, Fiddler certificate need to be installed so that your traffic can be inspected.
    • Navigate to ipv4.fiddler:8888 in your mobile browser.

5

    • At the bottom click on ‘FiddlerRoot Certificate’ and it will download certificate.
    • Open your setting option in mobile and click ‘Install certificate from storage’.

7

    • As soon as you click the option, you will be shown recently downloaded certificates.

9

    • Click on fiddlerroot.cer and click save, It will install certificate and give you a confirmation message.

10

    • Now if you open the same webpage or any HTTPS webpage, you will be allowed to navigate.
    • 12.png
    • At the same time, you will see traffic in Fiddler on Window 10 computer and now you can perform your troubleshooting.

13-Fiddler.JPG

  • Once your work is done, don’t forget to uninstall certificate from mobile and stop fiddler to act as a proxy on windows computer.
  • You can follow the same steps for any other Andriod/iOS/Desktop devices for troubleshooting. You just need to configure your browser to use proxy and install fiddler certificate.
  • Be careful in inspecting such encrypted traffic because it can have your password in plain text.

Thank you for reading and please share your feedback !

Advertisements