Thread Contributor: ubersakiSetting up your mobile phone to sniff your traffic with Fiddler
#1
Today we will set up our mobile phones so we can sniff the traffic (including decrypted SSL traffic) via Fiddler. This is the method I use when I break down an app and test their servers for security flaws, which I will show in another tutorial very soon.


Before you begin:
You must be on the same network
Make sure to allow Fiddler through any firewalls/NAT etc.


So lets begin

First we need to set up Fiddler if you haven't already done so. If you need a tutorial for that, you can find that here:
https://vigilante.tech/Thread-Setting-up...asic-usage

Once you have it finished at this point, open Fiddler and we will make sure the configuration is set for letting our android use it.

Go into Tools> Fiddler options. Then on the connections tab, make sure your "allow remote computers" box is checked, and take note of the port *usually set as 8888*

[Image: ebHBkCY.png]

Next we configure our phone/tablet/etc

On your device, go to your settings then to WIFI. You should see your list of connections. 

Tap and hold on your connection name until a menu pops up and select Modify Network. When the next menu pops up, select the "show advanced options" box and then change your proxy type to "Manual"

Scroll down and put your COMPUTERS INTERNAL IP ADDRESS (example: 192.168.1.69) and for the port put "8888". When finished, hit save. Now disconnect/reconnect to the network.

[Image: t8ifiXL.png]

After your proxy info is set, open up your browser and head to the following address

http://ipv4.fiddler:8888/

If all goes well, you should see the following "Fiddler Echo Service" page which looks like the following image.

[Image: tNniqyU.png]

From here, at the bottom of the page, click the link to the FiddlerRoot certificate. When it's done downloading, open it up and you should get a screen like this... (Could be different per phone... )

[Image: QjkLVOJ.png]

enter in any name, and hit ok. If you get a message to put in a password, it is the same as your screenlock password. If you don't have one of those set, you need to set one up temporarily. I personally just go for a 4 digit pin for quickness and ease. After you set up your screenlock go back and reinstall the cert and it should work fine.

Now we are all set up to sniff the traffic we want to view so badly.. so lets see how it works.


So from here, I opened chrome on my mobile and went to facebook. In the second screenshot, you will notice a couple things. since it's on mobile, it doesn't have a "process" filled in on Fiddler. Helps to decipher which is from mobile at first glance. It also shows that facebook is using HTTPs, and the urls the requests are being made to.

[Image: nJOk7t4.png]
[Image: 8BN0A6T.png]


So, you can use this for apps and browser data, for myself, im more interested in the apps request. Lets see what this looks like.

I have a game on my phone called "influence". lets see what happens when I open it.

[Image: n6IzSbg.png]

so here we have where im authorizing to the game server... lets try another button.. So let me hit the get stats button and see if we can see more data.

[Image: OwBuRc8.png]

and there you have it, you are now viewing your traffic flowing from your android device. 

I will be linking to this tutorial in future ones. Let me know if you have any questions!
#2
Another fine tutorial mate, awesome as always.
Reply
#3
Very nice and detailed tutorial. Thank you for sharing these, they're all very interesting to read.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
Setting up Fiddler for sniffing traffic and basic usage ubersaki 1 2,068 09-02-2016, 08:05 AM
Last Post: Bish0pQ

Forum Jump:


Users browsing this thread: 1 Guest(s)