Fiddler - Decrypt Android HttpsUrlConnection SSL traffic

Question

I\'ve spent countless hours trying to decrypt Android SSL traffic via Fiddler for HttpsUrlConnection with very little success. How do I reliably configure Fiddler to decryp

Answer 1

Having the device rooted is the key. At least in my scenario.

I unrooted the LG Optimus Android 4.0.4 and it upgraded to 4.1.2. I tried fiddler will all of the same steps but only the connect tunnels showed.

I rooted the LG Optimus again and immediately I can see all the requests/responses via fiddler.

I assume rooting the N7 will allow it to work as well.

Answer 2

Here is a workaround.

Assuming the hostname I'm sending my https requests to is myHostName.com add the following to Fiddler's CustomRules.js

if (!oSession.isHTTPS && !oSession.HTTPMethodIs("CONNECT") && (oSession.HostnameIs("myHostName"))
{
  oSession.oRequest.headers.UriScheme = "https";
}

Then in Android code update the URL to use http instead of https.

Now the client will communicate to Fiddler without SSL and all the request/response traffic will be visible.

The obvious downside to this approach is that the URLs must be modified in the client to use http. I haven't used this approach long enough to discover any additional drawbacks.

Answer 3

My research shown that there is a bug in HttpsUrlConnection pipeling implementation.

To solve a problem you need to perform following steps in Fiddler:

1. In Fiddler click "Rules->Customize Rules";

2. In opened script and find function OnBeforeResponse

3. In the function body add following code:

   if (oSession.oRequest["User-Agent"].indexOf("Dalvik") > -1 && oSession.HTTPMethodIs("CONNECT")) {  
      oSession.oResponse.headers["Connection"] = "Keep-Alive";     
   } 
   

4.Save file and restart Fiddler