How to capture and analyze HTTP/HTTPS from your smartphone or tablet using Fiddler

Hello,

In the previous article, I showed you how to capture traffic from WiFi devices. In this article, I will illustrate how to capture HTTP/HTTPS traffic using Fiddler.

This skill is very useful for web programmers or security engineers who want to debug their application or audit third party applications that use web services over an encrypted channel. Let’s get started!
flower separator
batchography-good-resDo you want to master Batch Files programming? Look no further, the Batchography is the right book for you.

Available in print or e-book editions from Amazon.
flower separator

The setup

The setup consists of two steps: setting up Fiddler and configuring your tablet’s certificate store.

Fiddler is a web debugging proxy for HTTP and HTTPS. We will be setting up Fiddler as a proxy between your tablet and the internet.

We then add a Fiddler self-signed root certificate in the tablet’s certificate store so that your browser does not complain and allow Fiddler to intercept and decrypt the traffic.

When the setup is completed you will be able to capture/debug HTTP/HTTPS traffic with Fiddler.

Configuring Fiddler

Please download Fiddler from here, then install and run it. Configure Fiddler from the “Tools/Fiddler Options” menu:

image

Select the “HTTPS” tab and make sure you check both capture options and select “…from remote clients only“:

image

Now switch to the “Connections” tab and take note of the “listen on port” value and make sure the “Allow remote computers to connect” option is checked:

image

Last step is to figure out the IP address of your computer where Fiddler is running. Hover the mouse over the “Online” button on the top far right:

image

And see the list of IP addresses. If you are using the WifiShare tool then IP address should be: “192.168.137.1”.

Setting up the tablet

I am also using a Nexus 7 tablet in this article. Let us configure the network connection and add proxy settings.

Go to the Wifi settings, then select the “lallouslab” connection by tapping and holding until the menu illustrated below shows up:

image

Select “Modify network”:

image

Configure the “Proxy hostname” with the value “192.168.137.1” and the “Proxy Port” with “8888” then click “Save”.

Now start your browser and navigate to “http://ipv4.fiddler:8888”:

image

And you should see the following contents:

image

Click the highlighted link to download the certificate and then save it:

image

If successful, this new Fiddler certificate should show in your “Trusted credentials” screen in the “Settings/Security” screen:

image

Now you are ready to start browsing in your tablet and see the traffic in Fiddler:

image

Conclusion

This setup is a stepping stone towards doing more web debugging related work. I would like to suggest reading the “Debugging with Fiddler: The complete reference from the creator of the Fiddler Web Debugger”.

I hope you found this article useful and learned from it.

Please feel free to leave your comments or suggestions in the comments below. If you have an idea of an article you would like to see on this blog post, please let me know.


 

Other posts that you may like:

 

One Reply to “How to capture and analyze HTTP/HTTPS from your smartphone or tablet using Fiddler”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.