All geek questions in one place

Why can some HTTPS requests not be decrypted on Fiddler, and some work?

Scenario: I'm trying to debug an Android application by proxying requests through Fiddler.

I received the FiddlerRoot certificate installed on the Android device and SSL decryption works for most requests , but for other requests I can only see HTTPS Connect and nothing else in the Fiddler log. I think this may be an SSL image request that cannot decrypt.

I double checked that "Hide Images" is disabled, etc. The resulting images are hosted in a different domain than the main API that the application accesses.

What can cause this behavior? And how do I get image requests in Fiddler?

I am using the latest Fiddler4.

+7
source share
1 answer

There are many guides on how you can intercept HTTP traffic from Android using Fiddler. Try the following: http://docs.telerik.com/fiddler/configure-fiddler/tasks/configureforandroid

However, when you try to intercept and decrypt Android SSL traffic coming from the application, and not from the browser, it will not work.

Perhaps the application uses certificate commit - and you probably cannot decrypt this connection. Lost business! But most likely, the reason is an error in the implementation of the HttpsUrlConnection pipeline.

To resolve the issue, follow these steps:

  • In Fiddler, click "Rules-> Configure Rules";
  • Find the OnBeforeResponse function in a script

  • Add the following code to the function body:

    if (oSession.oRequest["User-Agent"].indexOf("Dalvik") > -1 && oSession.HTTPMethodIs("CONNECT")) { oSession.oResponse.headers["Connection"] = "Keep-Alive"; }

  • Save the file and restart Fiddler.

+2
source

Source: https://habr.com/ru/post/943877/

More articles:


All Articles