Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Sniffing Android app's HTTPS traffic from Fiddler fails with only 'Tunnel To' entries in Fiddler

Tags:

android

proxy

https

fiddler

sniffing

I am trying to capture HTTPS traffic from my rooted Android device (4.4.4) to analyze an undocumented protocol of an app. I've set up my Fiddler as a proxy and enabled HTTPS sniffing. I've installed the Fiddler's generated root certificate on my device. I've set up my proxy for my Wifi on my Android device.

  • When I run my browser and navigate to any HTTP or HTTPS site, Fiddler can capture traffic successfully.

  • When I run some apps (e.g. my own app which uses Parse as its backend), I can see all the HTTPS traffic to the servers, decrypted. So far so good.

  • When I try to run that particular app, I can't get Fiddler to capture its traffic. Here's all I get on Fiddler:

enter image description here

URLs are some IP addresses:SSL (:443).

I've also tried using ProxyDroid. Interestingly, I was able to capture the traffic once, saw a decrypted HTTPS connection to that app's servers, but after that, it never captured again. I know that the app uses HTTPS, and not an unknown/other protocol.

How can I capture HTTPS traffic successfully, and why would Fiddler once work for that app, and suddenly stop working?

like image 685
Can Poyrazoğlu Avatar asked Sep 17 '15 12:09

Can Poyrazoğlu

Video Answer

2 Answers

It appears to be specific to that app. I was successfully able to sniff all the other apps. That particular app probably uses SSL pinning: it checks for certificate within itself and doesn't allow fake certificates even if it's trusted by the device.

like image 72
Can Poyrazoğlu Avatar answered Sep 27 '22 18:09

Can Poyrazoğlu

"Apps that target API Level 24 and above no longer trust user or admin-added CAs for secure connections, by default"

If you are targeting API >=24 or running on a >= 24 device, create an xml resource with the following:

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <debug-overrides>
        <trust-anchors>
            <!-- Trust user added CAs while debuggable only -->
            <certificates src="user"/>
        </trust-anchors>
    </debug-overrides>
</network-security-config>

Name it "network_secutrity_config.xml" or something like that and add id as a reference to your manifest with the android:networkSecurityConfig tag.

You can read a bit more here (it helped me):

https://android-developers.googleblog.com/2016/07/changes-to-trusted-certificate.html

like image 34
TalMihr Avatar answered Sep 27 '22 17:09

TalMihr
Sign in to Comment

Related questions

Showing camera view inside html in android and then snap a picture
How to control the Android WebView history/back stack?
Android - Bitmap cache takes a lot of memory
PorterDuff color effects in android for views under a given view
Align Center Menu Item text in android
Scrolling effect with multiple viewpagers
Eclipse wizard to create new Android Activity doesn't work
Eclipse load data from 2.3 to 4.4 every time you open an xml file
How to change language Google Map V2 android
Android - Google Login with Login-Screen instead of Automatic Login
Android BLE Passive scan
virtual device of genymotion statred but displaying white screen...?
How to reset ObjectAnimator to it's initial status?
Android: what is the best way to store JSON data offline for the app in android?
Robolectric shadow not working
Refresh Recyclerview from another Activity
Why my access from my mobile to my computer network doesn't work?
Activity's member scope and Asynctask
How can I construct a Locale with a custom first day of week?
Could someone help me with this crash report

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!