I have a certain Android app that's not publicly available so you won't
be able to fully troubleshoot, however I can explain the behavior I'm
experiencing.
When I attempt to use the app when 'Decrypt HTTPS Traffic' is
disabled, the app works, but the data is encrypted and Fiddler prompts
me to configure the settings.
When I enable 'Decrypt HTTPS Traffic' the app does not let me do anything and simply says 'network unavailable.'
I did install the Android certificate. I tested on several other apps and
don't appear to be experiencing the same problem. Any ideas on how I
can further troubleshoot this?
the application url is here:
https://c.quizofkings.com/apks/QuizOfKingss-secure-direct-direct-6146.apk
6 Answers, 1 is accepted
Hi Mahdi,
This is most likely a security measure implemented by the App Developer. Something like, Certificate Pinning will not work with Fiddler certificates.
Additionally, apps targeting API Level 24 will ignore all user-installed root certificates which may be causing the issue.
Lastly, can you confirm that you followed the steps as outlined in the How to: Capture Android Traffic with Fiddler blog post?
Please let me know if you need any additional information. Thank you for using the Fiddler forums.
Regards,
Eric R | Senior Technical Support Engineer
Progress Telerik
Our thoughts here at Progress are with those affected by the outbreak.
Rank 1
Iron
Rank 1
Iron
Hi Herb,
Thank you for the kind words regarding Fiddler. However, since the Decrypt HTTPS issues are platform specific, there isn't anything Fiddler can do to alleviate them.
Ultimately, the goal of Fiddler is to aide in debugging applications and it works best when the source code is available.
For other scenarios, low-level network analyzer tools like WireShark might make more sense.
I hope this helps. Please let me know if you need any additional information. Thank you.
Regards,
Eric R | Senior Technical Support Engineer
Progress Telerik
Rank 1
Iron
Eric,
Are there any new thoughts here? It seems like the Android API level 24 thing would be a show stopper. However, I am successfully able to decode certain apps, which also tells me my certificates are good. On the other hand, other apps are not working, even though the same use-case may have worked for me a month ago. Very strange...
Hi Herb,
If the apps are developed by you it is possible to temporarily override the API Level 24 issue by changing the application configuration as described in the Eric Law's Using Fiddler with iOS 10 and Android 7 blog post.
If the apps are not developed by you, then there isn't a way to make this change unless the developer wants to do it. This unlikely, as it is a security feature for the Android Platform and there is no way for Fiddler to circumvent it.
Please let me know if you need any additional information. Thank you.
Regards,
Eric R | Senior Technical Support Engineer
Progress Telerik
Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.