This article will briefly go over the details on how to capture wifi traffic from your mobile devices. This includes capturing traffic on iPads, iPhones, BlackBerries, Android devices and pretty much any device that supports the ability to add a proxy to the wifi settings.
First we will install our trusty friend Fiddler. I used version 2 as it is classed as ‘Stable’ and it just works 🙂
Once you have installed Fiddler, install the CertMaker add-on (this allows you to view SSL traffic by using a modified version of the default self-signed certificate that comes with Fiddler).
Now open Fiddler and click on Tools –> Fiddler Options and make sure you have set:
- Make a note of the ‘Fiddler listens on port’ (I have mine set to 8080)
- Make sure the box for ‘Allow remote computers to connect’ is checked
- Uncheck the box that says ‘Act as system proxy on startup’ (this is so the Fiddler console doesn’t get spammed with localhost traffic – we just want to capture traffic from the mobile device)
- Make sure ‘Capture HTTPS CONNECTs’ and ‘Decrypt HTTPS traffic’ is selected
- On your mobile device, go to the following URL: http://IP.of.Fiddler.Proxy:8080 (e.g., if the machine with Fiddler has the IP 192.168.10.5 and the Fiddler proxy is listening on port 8080 then on your mobile device you would go to http://192.168.10.5/8080)
Now download the FiddlerRoot certificate where it says ‘You can download the FiddlerRoot certificate’ <– trust the certificate
Once you have set-up Fiddler, you need to configure your device to use a proxy.
The below example is from my iPod Touch device. All it involves is going in to your wifi settings and configuring a proxy; a simple Google search should suffice.
Now start up an App and watch the traffic flow in on the Fiddler console!
Below is an example of me using the Safari app to search Ars Technica on Google. The first request is a background finance app I have running on the home screen. Requests 3 to 6 is a request for each character I type (sent to Google to it returns results in real time). See example of a request and response when I type letters a, r and s
Don’t forget to remove the trusted certificate from your device after you have finished with your testing!