I have an android(4.2) app that uses the https to talk to the webservice. I want to debug/log every https that goes out. I have fiddler and wireshark to debug them, but everything looks encrypted. can a man-in-middle attack be setup with emulator and fiddler/wireshark to decode and display the http url and its params?
HTTPS will now be the default for all Android Apps.
You can use a MITM proxy, such as Burp. Once you install the CA certificate as trusted on the device/emulator, you will be able to decrypt SSL traffic.
Also, if you have the server private key (i.e., it is your own server), you can decrypt traffic intercepted with Wireshark if really need low-level info.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With