Troubleshooting iPhone App Communication with Fiddler

This post is also on my personal blog.

While troubleshooting an iPhone app, it’s sometimes helpful to see exactly what HTTP requests its sending.

Enabling Fiddler to View iPhone HTTP Traffic

I managed to do that with Fiddler by following these steps: https://www.pluralsight.com/blog/tutorials/using-fiddler-with-an-iphone-ipad

I found my laptop’s IP by doing this:

  1. Click on the Start menu and type cmd. When you see the cmd applications in Start menu panel, click it or just press enter.

  2. A command line window will open. Type ipconfig and press enter.

  3. You’ll see a bunch of information, but the line you want to look for is “IPv4 Address.” The number across from that text is your local IP address.

from https://lifehacker.com/5833108/how-to-find-your-local-and-external-ip-address

I actually saw a bunch of lines for “IPv4 Address”, one for each wireless adapter (I have a bunch of adapters running: a WiFi one, an ethernet one, a bunch of virtual host ones for my virtual . In my case, I wanted the WiFi one, because that’s how I was connected to the network.

Once I had that all setup, I could see my phone’s HTTP traffic in fiddler… but not HTTPS traffic.

Enabling Fiddler and iPhone to work with HTTPS

For that I generally followed the steps from https://www.telerik.com/blogs/using-fiddler-with-apple-ios-devices, including the part about downloading the Certificate Maker (although it was important that when I did that, I had fiddler configure to NOT decrypt HTTPS traffic yet, as I think that interfered) especially the section on “Decrypting HTTPS Traffic from iOS”.

But the part where it said to visit “ipv4.fiddler:8888” didn’t work (safari couldn’t find it). So instead, from my computer, I went into Fiddler, then Tools, then HTTPS tab, then enabled “Decrypt HTTPS traffic”, then to “Actions” and “Export Root Certificate to Desktop”. Then I emailed that certificate file to myself, opened the email from my phone, opened the attached certificate, clicked and clicked “Install”. So that installed the certificate on my phone, but didn’t enable it yet.

To enable the new certificate, I went into my phone’s Settings app, then General section, then About, then scrolled to the bottom where it said ” Certificate Trust Settings”, saw the new certificate listed but not enabled, so I enabled it.

Viewing iPhone HTTPS Traffic from Fiddler

After that, all HTTP traffic from my phone appears in Fiddler. Like you can see in this screenshot, there is a slightly yellow area in the middle-right that says “Response body is encoded. Click to decode.” Clicking that reveals the decoded message. (I would have thought that should have been “Response body is encrypted. Click to decrypt”.)

Conclusion

Using Fiddler, I was able to watch the HTTP and HTTPS traffic from my iPhone (I previously tried to use WireShark in promiscuous mode, but my iPhone traffic never appeared in there).

This was a little handy while debugging an issue we were having with our Event Espresso mobile apps… except once I had this all setup, it seems getting my iPhone to trust the root certificate generated by the Fiddler Certificate Maker caused the error to go away… pretty annoying, but it isolated the problem pretty well: either our problem was with the website’s certificate, or in the mobile app code that handled the certificate.

Anyways, let me know if you have better suggestions on how to debug mobile app HTTP communication from a computer!

Leave a Reply

Your email address will not be published.