Why would some HTTPS requests fail to decrypt on Fiddler, while some works ?

Question

Scenario: I am trying to debug an Android app by proxying requests through Fiddler.

I got FiddlerRoot certificate installed on the Android device, and the SSL decryption works for most requests, but for other requests I can only see the HTTPS Connect, and nothing else in the Fiddler log. I think it might be image requests over SSL that fails to decrypt.

I have double-checked that "Hide images" is off, etc. Images retrieved are hosted on another domain than the main API the app talks to.

What could cause this behaviour ? And how do I get the image requests to show in Fiddler ?

I am using the latest Fiddler4.

Answer 1

There are plenty of tutorials on how you can intercept HTTP(s) traffic from Android using Fiddler. Try this one: http://docs.telerik.com/fiddler/configure-fiddler/tasks/configureforandroid

However, it will fail when you try to intercept and decrypt Android SSL traffic coming from an application, and not from a browser.

It might be that the application uses a certificate pinning – and you are probably cannot decipher this connection. Lost cause! But more probably, the reason is a bug in the HttpsUrlConnection pipeline implementation.

To solve the issue, please proceed with the following steps:

1. In Fiddler click "Rules->Customize Rules";
2. Find function OnBeforeResponse in the script

3. Add following code to the function body:

   if (oSession.oRequest["User-Agent"].indexOf("Dalvik") > -1 &&
       oSession.HTTPMethodIs("CONNECT")) {
       oSession.oResponse.headers["Connection"] = "Keep-Alive";
   }
   

4. Save the file and restart Fiddler.