1. Configure Fiddler to grab and decrypt HTTPS packets
Fiddler does not capture HTTPS packets by default and needs to be configured accordingly.
Open Fiddler, select "Tools->Fiddler Options..."
2. Select the "HTTPS" tab in the pop-up dialog box:
3. Check "Capture HTTPS CONNECTs", and then check "Decrypt HTTPS traffic". At the same time, since we are connecting remotely via WiFi, select "...from remote clients only" in the option box below.
If the HTTPS site accessed by the program you want to monitor uses an untrusted certificate, please check the "Ignore server certificate errors" below.
Then switch to the "Connections" tab:
4. The default listening port is 8888, of course you can set it to any port you want. Please be sure to check "Allow remote computers to connect".
To reduce interference, "Act as system proxy on startup" can be removed.
Finally, click "OK" to exit, and Fiddler is set up.
There is another point to remind everyone to pay attention, please remember to turn off the firewall on your local machine, the author wasted a lot of time on this.
3) Set up the Android device and add the proxy server
First check the IP address of the computer where Fiddler is installed, just use the ipconfig command in cmd.
5. You can see that the IP address assigned to my computer is 192.168.11.8. This is the proxy server address to be set on the Android device. As for the port, it is the listening port set earlier, and the default is 8888.
Ok, everything is ready, let's set up the proxy server on the Android device.
Open the WiFi settings page, select the AP to be connected, and press and hold, in the pop-up dialog box, select "Modify Network".
6. In the dialog box that pops up next, check "Show advanced options". On the next page that appears, click "Proxy" and select "Manual".
Write the previously obtained address and port in "Proxy Server Host Name" and "Proxy Server Port", and finally click "Save".
7. Finally, connect to this wireless AP.
4) Import the certificate to the Android device
Fiddler is essentially an HTTPS proxy server, and its own certificate is obviously not in the trusted certificate list of Android devices.
Some applications will check whether the server-side certificate is signed by a trusted root certificate, and if not, just jump out.
Therefore, to be on the safe side, we need to import the certificate of the Fiddler proxy server to the Android device.
The import process is very simple. Open the browser that comes with the device, and enter the IP and port of the proxy server in the address bar. For example, in this example, we will enter 192.169.11.8:8888. After entering, you will see a page provided by Fiddler:
Click the "FiddlerRoot certificate" link on the page, and a dialog box will pop up:
8. Enter a certificate name, and then just click "OK".
Everything is set up, let's capture the packet to see the effect, open "Google Play" on the Android device, and see what you can get:
If you have seen it, you can take it all out, combined with some other dynamic or static analysis methods, it will become easier to crack the protocol.
Finally, some advantages and disadvantages of this approach have to be mentioned.
First, let’s talk about the advantages, as follows:
1) The mobile phone can capture packets without rooting;
2) You can use the real machine to capture packets. Some programs are resistant to dynamic analysis and can judge that they are running in the simulator.
The disadvantages, of course, are:
1) Must use WiFi connection (this is easy to meet);
2) The application that needs to capture and analyze must support the settings of the proxy server.