Fiddler grab the HTTPS packet on Android Real computer

Today's Android apps almost always work with the web, so when it comes to analyzing an apk, it can be a great help to the process and logic of the parser if it catches the packets it sends out.

For HTTP packets, there are a number of methods of analysis, such as using Tcpdump, or the program to be analyzed run in the simulator and then directly on the physical machine with Wireshark grab packets. But now more and more applications have used the HTTPS protocol to exchange data with the server, which undoubtedly adds difficulty to the packet-capture analysis.

Fortunately there is a tool fiddler can be used to solve this problem. Fiddler is a very powerful web debugging tool that differs in principle from Wireshark. Wireshark is to allow the network card to operate in promiscuous mode, intercept packets on all networks for analysis, while Fiddler is essentially a HTTP/HTTPS proxy server.

Since it is a proxy server, of course, you can get all the packages.

Fiddler can be downloaded from here to: Http://www.telerik.com/download/fiddler, if you can install. NET 4 and later on your Windows machine, choose Fiddler4 to install.

OK, no more nonsense, start grabbing the bag right away. Here I take Google Play as an example, to demonstrate how to do the following steps:

1) Make sure that your Android device and the computer you are installing Fiddler are connected to a WiFi AP, with two machines in a LAN segment, with the following network topology:

2) Configure Fiddler to crawl and decrypt HTTPS packets

Fiddler The default is not to crawl HTTPS packets, need to be configured accordingly.

Open Fiddler and select "Tools->fiddler Options ..."

In the dialog box that pops up, select the HTTPS tab:

Tick "Capture HTTPS connects" and tick "Decrypt HTTPS traffic". Also, since we are connected remotely via WiFi, select "... from remote clients" in the options box below.

If you are listening to a program that accesses an HTTPS site that uses an untrusted certificate, then check the following "Ignore Server certificate Errors".

Then switch to the "Connections" tab:

The listening port is 8888 by default, and of course you can set it to whatever port you want. Be sure to tick "Allow remote computers to connect".

To reduce interference, "Act as System proxy on startup" can be removed.

The last point "OK" exit, fiddler even if it is set up.

There is also a point to remind you that you must remember to shut down the firewall on your computer, I wasted a lot of time on this.

3) Set up Android device, add on Proxy server

First check the IP address of the computer that installed fiddler, and use the ipconfig command in CMD.

As can be seen, the author computer assigned to the IP address is 192.168.11.8. This is the proxy server address to be set on the Android device, as for the port, which is the listening port set in front, the default is 8888.

Okay, everything's ready. Set up the proxy server on your Android device.

Open the WiFi Settings page, select the AP you want to connect to, and press and hold, and in the popup dialog box, select Modify Network.

In the next popup dialog box, tick "show advanced Options". In the next page, click on "Agent" and select "Manual".

In the proxy server hostname and proxy server ports, write the previous address and port, and last click Save.

Finally, connect to this wireless AP.

4) Guide certificate to Android device

Fiddler is essentially an HTTPS proxy server, with its own certificate apparently not in the list of trusted certificates for Android devices.

Some applications will see if the server-side certificate is signed by a trusted root certificate, or if it is not, jump directly.

So, to be on the safe side, we're going to take the Fiddler Proxy Server's certificate to the Android device.

The process of importing is very simple, open the browser with the device, enter the IP and port of the proxy server in the address bar, for example we will enter 192.169.11.8:8888 in this example, we will see a page that is provided by Fiddler:

Click on the "Fiddlerroot certificate" link in the page, then the system will pop up a dialog box:

Enter a name for the certificate, then just click OK.

Everything is set up, let's grab a look at the effect, open Google Play on your Android device and see what you can get:

See no, all can be taken out, and then combined with some other dynamic or static analysis methods, it will become easier to crack the protocol.

Finally, some advantages and disadvantages of this method have to be mentioned.

First of all to discuss the advantages, there are the following points:

1) The phone does not need root to catch the bag;

2) can use the real machine to grasp the package, some programs are anti-dynamic analysis, can judge themselves run in the simulator.

Disadvantages, of course, there are:

1) must be connected with WiFi (this is easy to meet);

2) The application that wants to capture the packet analysis must support the proxy server settings itself.

Fiddler grab the HTTPS packet on Android Real computer