{"id":1711,"date":"2016-11-07T22:39:57","date_gmt":"2016-11-07T21:39:57","guid":{"rendered":"https:\/\/blog.kodono.info\/wordpress\/?p=1711"},"modified":"2019-09-15T09:16:41","modified_gmt":"2019-09-15T07:16:41","slug":"capture-https-traffic-from-android-using-a-sniffer","status":"publish","type":"post","link":"https:\/\/blog.kodono.info\/wordpress\/2016\/11\/07\/capture-https-traffic-from-android-using-a-sniffer\/","title":{"rendered":"Capture HTTP(S) traffic from Android using a sniffer"},"content":{"rendered":"<p>I wanted to debug an Android app that uses HTTPS requests with a JSON API. Thanks to <a href=\"http:\/\/www.cantoni.org\/2013\/11\/06\/capture-android-web-traffic-fiddler\">this article<\/a> I&#8217;ve been able to use my Windows 10 computer to get all the network from my Android phone thru my local network and decode the HTTPS requests !<\/p>\n<p>I&#8217;m going to summarize the steps from the above article:<\/p>\n<ol>\n<li>Download and Install <a href=\"http:\/\/fiddler2.com\/\">Fiddler<\/a> on your computer<\/li>\n<li>Once Fiddler is installed, launch it and:\n<ul>\n<li>Click menu Tools > Options, then select the Connections tab<\/li>\n<li>Make note of the \u201cFiddler listens on\u201d port (normally it\u2019s 8888)<\/li>\n<li>Make sure the check box for \u201cAllow remote computer to connect\u201d is checked<\/li>\n<li>Switch to the HTTPS tab<\/li>\n<li>Make sure the check boxes for \u201cCapture HTTPS Connects\u201d and \u201cDecrypt HTTPS traffic\u201d are both checked<\/li>\n<li>Restart Fiddler<\/li>\n<\/ul>\n<\/li>\n<li>Go to your Android phone then:\n<ul>\n<li>Tap on Settings, then Wi-Fi<\/li>\n<li>Find the network on which you\u2019re connected (normally the first one listed), then tap and hold<\/li>\n<li>Choose Modify network from the pop-up<\/li>\n<li>Scroll down and enable \u201cShow advanced options\u201d<\/li>\n<li>Change \u201cProxy settings\u201d to Manual<\/li>\n<li>Under \u201cProxy host name\u201d enter the Windows PC IP address from above<\/li>\n<li>Under \u201cProxy port\u201d enter the Fiddler port from above (usually 8888)<\/li>\n<li>Tap Save and wait a moment for the network to reconnect<\/li>\n<\/ul>\n<\/li>\n<li>Now we need to add the certificate in Android to have the HTTPS working:\n<ul>\n<li>On Android start the Chrome browser<\/li>\n<li>Navigate to http:\/\/IP_ADDRESS_WHERE_FIDDLER_IS:8888\/ or <a href=\"http:\/\/ipv4.fiddler:8888\">http:\/\/ipv4.fiddler:8888<\/a><\/li>\n<li>Tap on the link for the \u201cFiddler Root Certificate\u201d<\/li>\n<li>Name the certificate \u201cFiddler\u201d and install it (entering your PIN or password if prompted)<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<p>You&#8217;re now ready to capture the traffic on Fiddler!<\/p>\n<p>Once you&#8217;re done you can switch back to normal by following the below steps:<\/p>\n<ol>\n<li>Tap on Settings, then Wi-Fi<\/li>\n<li>Find the network on which you\u2019re connected (should be the first one listed), then tap and hold<\/li>\n<li>Choose Modify network from the pop-up<\/li>\n<li>Scroll down and select (enable) \u201cShow advanced options\u201d<\/li>\n<li>Change \u201cProxy settings\u201d to None<\/li>\n<li>Tap Save and wait a moment for the network to reconnect<\/li>\n<li>Go up a level in settings to Security<\/li>\n<li>Tap Trusted credentials, then select the User tab<\/li>\n<li>Tap on the Fiddler \u201cDo not trust\u201d certificate, then scroll down to remove it<\/li>\n<li>You may need to power cycle your device to get all apps to forget about the Fiddler certificate (e.g., the Chrome browser will continue to try to use it for a while)<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>I wanted to debug an Android app that uses HTTPS requests with a JSON API. Thanks to this article I&#8217;ve been able to use my Windows 10 computer to get all the network from my Android phone thru my local network and decode the HTTPS requests ! I&#8217;m going to summarize the steps from the [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","hide_page_title":"","footnotes":""},"categories":[98,23,170,20,8],"tags":[99,156,123,155,148],"class_list":["post-1711","post","type-post","status-publish","format-standard","hentry","category-android","category-debug","category-english","category-niveau-expert","category-windows","tag-android-2","tag-debug","tag-english","tag-niveau-expert","tag-windows"],"_links":{"self":[{"href":"https:\/\/blog.kodono.info\/wordpress\/wp-json\/wp\/v2\/posts\/1711","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.kodono.info\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.kodono.info\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.kodono.info\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.kodono.info\/wordpress\/wp-json\/wp\/v2\/comments?post=1711"}],"version-history":[{"count":5,"href":"https:\/\/blog.kodono.info\/wordpress\/wp-json\/wp\/v2\/posts\/1711\/revisions"}],"predecessor-version":[{"id":1988,"href":"https:\/\/blog.kodono.info\/wordpress\/wp-json\/wp\/v2\/posts\/1711\/revisions\/1988"}],"wp:attachment":[{"href":"https:\/\/blog.kodono.info\/wordpress\/wp-json\/wp\/v2\/media?parent=1711"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.kodono.info\/wordpress\/wp-json\/wp\/v2\/categories?post=1711"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.kodono.info\/wordpress\/wp-json\/wp\/v2\/tags?post=1711"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}