问题
I am trying to capture HTTPS traffic from my rooted Android device (4.4.4) to analyze an undocumented protocol of an app. I've set up my Fiddler as a proxy and enabled HTTPS sniffing. I've installed the Fiddler's generated root certificate on my device. I've set up my proxy for my Wifi on my Android device.
When I run my browser and navigate to any HTTP or HTTPS site, Fiddler can capture traffic successfully.
When I run some apps (e.g. my own app which uses Parse as its backend), I can see all the HTTPS traffic to the servers, decrypted. So far so good.
When I try to run that particular app, I can't get Fiddler to capture its traffic. Here's all I get on Fiddler:
URLs are some IP addresses:SSL (:443).
I've also tried using ProxyDroid. Interestingly, I was able to capture the traffic once, saw a decrypted HTTPS connection to that app's servers, but after that, it never captured again. I know that the app uses HTTPS, and not an unknown/other protocol.
How can I capture HTTPS traffic successfully, and why would Fiddler once work for that app, and suddenly stop working?
回答1:
"Apps that target API Level 24 and above no longer trust user or admin-added CAs for secure connections, by default"
If you are targeting API >=24 or running on a >= 24 device, create an xml resource with the following:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<debug-overrides>
<trust-anchors>
<!-- Trust user added CAs while debuggable only -->
<certificates src="user"/>
</trust-anchors>
</debug-overrides>
</network-security-config>
Name it "network_secutrity_config.xml" or something like that and add id as a reference to your manifest with the android:networkSecurityConfig tag.
You can read a bit more here (it helped me):
https://android-developers.googleblog.com/2016/07/changes-to-trusted-certificate.html
回答2:
It appears to be specific to that app. I was successfully able to sniff all the other apps. That particular app probably uses SSL pinning: it checks for certificate within itself and doesn't allow fake certificates even if it's trusted by the device.
回答3:
For anyone else encountering the issue...
Fiddler stopped handling https traffic on both my machine browsers and the device. After reinstalling/retrusting Fiddler certificates, my machine browser starting working again with https, but the device remained broken.
In order to get the device working again, I had to explicitly trust the new certificate on the device, by using the device's browser to open the site http://<adapter IP>:8888/FiddlerRoot.cer, and then trusting the certificate.
I found this answer here.
来源:https://stackoverflow.com/questions/32630925/sniffing-android-apps-https-traffic-from-fiddler-fails-with-only-tunnel-to-en