Fiddler proxy wrecking my android emulator packets over VPN

[Bulldog13]

I am writing a phonegap application in Eclipse that works against a RESTful api. For purposes of debugging, I would like to see what my POSTs and GETs look like. All information on google says to use a fiddler proxy. I got fiddler installed and work, setup my android emulator to use it, but whenever I start querying the restful service the packets get mangled somehow (or at least the authorzation portion of it).

If I do not have the proxy going, the following JS code works fine in my android emulator:

$.post("https://blah.hi.com/homepage/security_check",
     $("#loginForm").serialize(), function (data, textStatus, jqXHR) {...

But when I have fiddler going, so that I can analyze the requests my android app is making, I get the following error:

As far as I can tell from inspecting the initial request in fiddler the following changes are made:

User-Agent, Connection, and Host headers are stripped. I tried adding them in manually, using Fiddler rules, but that didnt work.

Also, when I look at the TextView tab of the request, the following headings under Extensions are stripped:

I thought about using WireShark, but all the communication is done over https, and would prefer to use fiddler.

Any advice would be greatly appreciated!!

Posted over at Stackoverflow if you play that game: http://stackoverflow.com/questions/...wrecking-my-android-emulator-packets-over-vpn

 

[DaveSimmons]

My normal advice:

Use Wireshark to see the raw traffic if it's HTTP instead of HTTPS. It's a packet sniffer instead of a proxy, and leaves the traffic untouched.

You only need to use Fiddler if you want to man-in-the-middle crack HTTPS, or to manually make HTTP(s) requests.

I thought about using WireShark, but all the communication is done over https, and would prefer to use fiddler.

D'oh! Can you switch to using HTTP traffic while you debug this?

 

[Bulldog13]

My normal advice:

Use Wireshark to see the raw traffic if it's HTTP instead of HTTPS. It's a packet sniffer instead of a proxy, and leaves the traffic untouched.

You only need to use Fiddler if you want to man-in-the-middle crack HTTPS, or to manually make HTTP(s) requests.



D'oh! Can you switch to using HTTP traffic while you debug this?

Can't switch over to http traffic

It doesn't look like there is a way that wireshark can decrypt https without access to the server certificate, correct me if I am wrong.

Any other ideas ?

 

[DaveSimmons]

Set up a local XAMPP linux server and connect to that instead of the real server? (Or local IIS if using ASP.NET)

For individual POSTSs and GETs to see the request (but not real response) you could also use faked endpoints that just return 200 and a dummy static page.

 

[Bulldog13]

Set up a local XAMPP linux server and connect to that instead of the real server? (Or local IIS if using ASP.NET)

For individual POSTSs and GETs to see the request (but not real response) you could also use faked endpoints that just return 200 and a dummy static page.

Damn dude, that might just be the ticket.

And to the rest, I updated with some more information and some upvotes on my SO post would be appreciated
http://stackoverflow.com/questions/...wrecking-my-android-emulator-packets-over-vpn

 

[Markbnj]

You can decrypt https traffic in Wireshark if you have the server certificate. I haven't actually done it, but the feature is in there.

There's also a way to configure the server to ignore the host header, however I don't remember the details.

 

[Bulldog13]

Thank you DaveSimmons!

Using your advice, I installed IIS on my Win8 box. My first attempts were using Fiddler as a reverse proxy over the site using instructions found here http://jasonsirota.com/using-fiddler-for-logging-of-iis-application, but I was never able to get it to work. After some more googling I came across some advice recommending using the Microsoft Network Monitor Tool (essentially a bit user friendlier version of WireShark). Using the MNMT I was able to check out my POSTS against my local server and discovered my error!

Again thanks a bunch, you're a lifesaver!