I've spent countless hours trying to decrypt Android SSL traffic via Fiddler for HttpsUrlConnection with very little success. How do I reliably configure Fiddler to decrypt SSL traffic from an Android app using HttpsUrlConnection?
Here are my steps
- Run Fiddler on PC (With proper settings: capture HTTPS Connect, decrypt HTTPS traffic, allow remote computers to connect)
- Configure wireless connection on Android device to proxy through pc running fiddler
- From android device open browser to http://[ip of pc running fiddler]:8888 and download "FiddlerRoot certificate". Name and install it.
- Open https://www.google.com in android browser and view decrypted traffic in Fiddler on PC.
The above works. The problem is that non-browser android traffic shows up in Fiddler as connect tunnels. My initial research suggested the issue was due to how certs were trusted via HttpsUrlConnection so I made sure to trust all certs based on this article https://secure.mcafee.com/us/resources/white-papers/wp-defeating-ssl-cert-validation.pdf
Unfortunately trusting all certs didn't work for me with HttpsUrlConnection so I stopped investigating. A few days later I decided to try again and was surprised to find that fiddler traffic was being decrypted for HttpsUrlConnection! Unfortunately I didn't make any further changes to fix this so I'm not entirely sure why it started working. The device it works with is an LG-Optimus L9 Android version 4.0.4 and is rooted.
Now I'm trying to configure this for a Nexus 7 Android Version 4.2.2 (not rooted) but alas all I see in fiddler are the connect tunnels. Since the cert on both devices has the same serial and the app I'm testing is identical I'm stumped as to why I can't configure Fiddler with another Android device.
To summarize
- Fiddler can decrypt SSL traffic from the LG Optimus but only shows connect tunnels from Nexus 7
- Both devices are running the same app which uses HttpsUrlConnection for network requests
- Both devices have the same fiddler cert installed (serials match) and no other user cert installed.
- Don't think these matter but...
- Rooted device (LG Optimus Android 4.0.4) uses Proxy Droid to point to PC running fiddler
- Non rooted device (Nexus 7 Android 4.2.2) using built in "modify network" to point to PC running fiddler
My research shown that there is a bug in HttpsUrlConnection pipeling implementation.
To solve a problem you need to perform following steps in Fiddler:
In Fiddler click "Rules->Customize Rules";
In opened script and find function OnBeforeResponse
In the function body add following code:
if (oSession.oRequest["User-Agent"].indexOf("Dalvik") > -1 && oSession.HTTPMethodIs("CONNECT")) { oSession.oResponse.headers["Connection"] = "Keep-Alive"; }
4.Save file and restart Fiddler
Here is a workaround.
Assuming the hostname I'm sending my https requests to is myHostName.com add the following to Fiddler's CustomRules.js
if (!oSession.isHTTPS && !oSession.HTTPMethodIs("CONNECT") && (oSession.HostnameIs("myHostName"))
{
oSession.oRequest.headers.UriScheme = "https";
}
Then in Android code update the URL to use http instead of https.
Now the client will communicate to Fiddler without SSL and all the request/response traffic will be visible.
The obvious downside to this approach is that the URLs must be modified in the client to use http. I haven't used this approach long enough to discover any additional drawbacks.
Having the device rooted is the key. At least in my scenario.
I unrooted the LG Optimus Android 4.0.4 and it upgraded to 4.1.2. I tried fiddler will all of the same steps but only the connect tunnels showed.
I rooted the LG Optimus again and immediately I can see all the requests/responses via fiddler.
I assume rooting the N7 will allow it to work as well.
来源:https://stackoverflow.com/questions/16862916/fiddler-decrypt-android-httpsurlconnection-ssl-traffic