Development·Security

Network Sniffing with Fiddler

September 19, 2017 | By Kim

Now and then when you encounter a problem, you have to put on your Hacker hoodie and just go for it. That’s how I discovered some of the debugging capabilities of Fiddler.

As an iOS developer – it’s difficult to capture the network calls your app is making to determine why weird things are happening. After you’ve determined it’s not your code, the next step is determining where it’s coming from. Enter network sniffing.

Fiddler is a free HTTP proxy server application. Translated to English: Fiddler is an application that you can hook up your device to (through a proxy) and watch the network traffic go back and forth. *There are other tools out there, like Charles for Mac, but today we’re discussing Fiddler.*

First, download Fiddler on your PC.

Configuration

You’ll need to do some configuration to connect another device to the proxy.
1. Click Tools → Fiddler Options -> Connections
Select the checkbox for Allow remote computers to connect

2. For HTTPS connections, click on the HTTPS tab under Fiddler Options.
Select the checkbox for Capture HTTPS CONNECTs, and the Decrypt HTTPS traffic checkbox.

You’ll have to initiate the SSL Certificate for Fiddler too.
Click Actions -> Trust Root Certificate

3. Click OK

4. Restart Fiddler. After any changes, you must restart Fiddler.

Note: You may have to enable Fiddler to go through the firewall.

Connection Info

On the right side of the Fiddler window, you’ll see an “Online” status. If you don’t – please refer to Telerik’s documentation. It’s great!
If you hover over your online status, you’ll see the IP address at the bottom of the window. That’s the IP address you’ll need for the next step.

Device Setup

1. Go to your device’s network settings, and enable a proxy.

2. For server, enter the IP Address from Fiddler.

3. For port, enter “8888” (or whatever is in the Fiddler Options -> Connections menu.)

4. For HTTPS:
Go to a web browser and enter “[IPADDRESS]:8888”
You should see a “Fiddler Echo Service” page.
Download the FiddlerRoot certificate
Install & Trust the certificate

Note: It’s recommended to delete the certificate when you’re finished

Ta-Da!

You should now be all set to go.
Now you can capture detailed network traffic, requests and responses, and figure out where things are going awry. Use your powers for good and not evil.

Questioning "The Man"<< >>Developer Book Club - Full List

About the author : Kim

Kim Arnett is an iOS Developer at Expedia. She enjoys watching her creations work wonders while making a positive impact on the population. She’s interested in technology, feminism, mental health, and Iron Man. Current side project includes learning robotics.