In the previous article, I showed you how to capture traffic from WiFi devices. In this article, I will illustrate how to capture HTTP/HTTPS traffic using Fiddler.
This skill is very useful for web programmers or security engineers who want to debug their application or audit third party applications that use web services over an encrypted channel. Let’s get started!
Do you want to master Batch Files programming? Look no further, the Batchography is the right book for you.
The setup consists of two steps: setting up Fiddler and configuring your tablet’s certificate store.
Fiddler is a web debugging proxy for HTTP and HTTPS. We will be setting up Fiddler as a proxy between your tablet and the internet.
We then add a Fiddler self-signed root certificate in the tablet’s certificate store so that your browser does not complain and allow Fiddler to intercept and decrypt the traffic.
When the setup is completed you will be able to capture/debug HTTP/HTTPS traffic with Fiddler.
Please download Fiddler from here, then install and run it. Configure Fiddler from the “Tools/Fiddler Options” menu:
Select the “HTTPS” tab and make sure you check both capture options and select “…from remote clients only“:
Now switch to the “Connections” tab and take note of the “listen on port” value and make sure the “Allow remote computers to connect” option is checked:
Last step is to figure out the IP address of your computer where Fiddler is running. Hover the mouse over the “Online” button on the top far right:
And see the list of IP addresses. If you are using the WifiShare tool then IP address should be: “192.168.137.1”.
Setting up the tablet
I am also using a Nexus 7 tablet in this article. Let us configure the network connection and add proxy settings.
Go to the Wifi settings, then select the “lallouslab” connection by tapping and holding until the menu illustrated below shows up:
Select “Modify network”:
Configure the “Proxy hostname” with the value “192.168.137.1” and the “Proxy Port” with “8888” then click “Save”.
Now start your browser and navigate to “http://ipv4.fiddler:8888”:
And you should see the following contents:
Click the highlighted link to download the certificate and then save it:
If successful, this new Fiddler certificate should show in your “Trusted credentials” screen in the “Settings/Security” screen:
Now you are ready to start browsing in your tablet and see the traffic in Fiddler:
This setup is a stepping stone towards doing more web debugging related work. I would like to suggest reading the “Debugging with Fiddler: The complete reference from the creator of the Fiddler Web Debugger”.
I hope you found this article useful and learned from it.
Please feel free to leave your comments or suggestions in the comments below. If you have an idea of an article you would like to see on this blog post, please let me know.
Other posts that you may like:
- How to capture all network traffic going through your smartphone/tablet/laptop or other wireless devices