If you’re trying to debug an app (or website) on Android that is using HTTPS, then this short guide might be for you. I’ll show you how to set up Fiddler and Connectify Me so that you can view your device’s encrypted communications.
- Computer with internet access and WiFi
- Android device that supports WiFi proxies (Honeycomb or later – older devices might require a proxy app, though I can’t guarantee it will work)
- Install Connectify Hotspot (the free version works fine) and start your hotspot. Side note: Don’t pick a stupid password for your hotspot; you probably don’t want world+dog hopping on your connection.
- Connect your Android device to your hotspot (via WiFi settings) and ensure you can access the internet using the connection.
- Install Fiddler (but don’t open it yet.)
- Install this
certificate maker plugin(seems to have moved to here). It replaces the default certificate plugin in Fiddler so that the certificates will be compatible with Android.
- Open Fiddler and follow these configuration steps:
- Go to Tools | Fiddler Options… | General tab. Uncheck “Show a message when HTTP protocol violations are encountered”
- Switch to the HTTPS tab. Check “Capture HTTPS CONNECTS” and then “Decrypt HTTPS traffic”. Click Yes twice on the two dialogs that pops up.
- Click the “Export Root Certificate to Desktop” button.
- Switch to the Connections tab and check “Allow remote computers to connect”. Click Ok on the dialog.
- Take note of the port listed next to “Fiddler listens on port:”. We’ll need it soon.
- Close the options dialog.
- Exit Fiddler and then reopen it.
- On this website, upload the certificate that was exported to your desktop. Then, on your Android device, navigate to the URL the page produces to install the certificate.
- Determine the IP address of your computer (using ipconfig at the command line) on the ad-hoc WiFi connection that Connectify Hotspot has created.
- Using the instructions on this page (halfway down), configure the WiFi connection on your phone to use the following proxy information:
- IP address: What you found in step 9.
- Port: From step 5.e.
Test it out
Let’s see if everything works. Make sure Fiddler is open on your screen. On your Android device, browse to a random page. You should see the connections on the left-hand side of the Fiddler screen. If all of our HTTPS configurations worked, you should also see HTTPS communications decoded and dumped as well.
It’s possible that not all HTTPS communications will be shown, since some apps might reject the Fiddler root certificate. There’s nothing that can be done about that, unfortunately.
Note that Fiddler will also have changed the proxy settings for your entire computer. Connections from your desktop browser, email clients, etc. will be shown side-by-side with those from your Android device.
When you’re done, you’ll want to do a few things to revert your Android device and computer back to how they were.
- Undo the proxy configurations on your Android device.
- Uncheck the “Allow remote computers to connect” option in the Fiddler settings
- Uninstall Fiddler’s root certificates from both your computer (Google for instructions) and Android device (under settings | Security)