The above capture is a non-secure HTTP session that Fiddler Everywhere captures easily without using a trusted certificate. It sounds like the Android application that HTTPS traffic you are aiming to capture is not respecting the Fiddler trust certificate. This is the expected behavior for almost all Android applications in production. The solution is to explicitly configure the application to use the Fiddler certificate (this requires access to the app codebase and a complete rebuild of the application).
I'm having the same issue since the release of v3.0.0 and 3.0.1 and I keep downgrading to 2.2.0 which is the last version on Mac that is working fine. Unfortunately I have to re-install it every freaking time I close it because I can not figure how to stop the automated update...
If I run the latest version on Windows, I don't have such issues with the android apps.
I've twitted about this on December 10th https://twitter.com/cbotsikas/status/1469261209992151048
The email I've sent back then was:
Since the update to version 3.0.0 and now to 3.0.1 I'm having issues with some/most/all (not sure) requests not being able to be processed on my mobile apps (hybrid native/ionic and react native). Not sure what changed and don't have time to investigate. All I know is that when I use fiddler, the requests can't be processed by the app, but when I deactivate fiddler everything works just fine.
Is it somehow possible to downgrade to 2.2.0 which was working fine for me?
It's a big blocker for my work at the moment and I need to catch deadlines..
From what I was able to debug a bit, I was getting errors like ERR_INVALID_CHUNKED_ENCODING or java bufferedreader java.net.ProtocolException: Expected leading [0-9a-fA-F] character but was 0x0
It seems that they don't provide the link to download the previous version, only the latest version.
Qiulang reverting to a previous version is unlikely to resolve your issue as there are no architectural changes related to how Fiddler Everywhere works alongside mobile applications. Fiddler Everywhere works as a system proxy on the host machine. Any remote client (including a mobile device) will have to go through that proxy (configuration steps described in detail here...). The above said, Android has an additional layer of security applied by default for all Android applications except the browsers, and that security configuration will explicitly prevent using user-installed certificates (again, except for the mobile browsers, which will respect the Fiddler trust certificate once it is installed and enabled as in the linked tutorial above). We are not supporing previous version of the Fiddler Everywhere application so stopping the automatic updates is not possible.
The ERR_INVALID_CHUNKED_RESPONSE for which Cbotsikas talks does not look related to the issue discussed in this thread. This error code usually appears when a service communicates to the proxy, but the proxy needs to strip the Transfer-Encoding header before sending the request to the browser. A possible solution would be to use the Rules tab to create a rule that explicitly strips the header before sending the request. However, it is not very clear what the actual problem related to this error code is and if it is happening for a specific application or for a specific requests to a specific endpoint.
Hi Nick,
Thanks for replying my message. I understand what you said but the thing is as said in my first post "But the problem is fiddler occasionally captures!" For example I tried it yesterday and found fiddler captured and decoded the https traffics for my android app! I was so excited and thought 3.2.1 finally fixed it. But then after a while fiddler failed to captured again.
So why does fiddler capture occasionally ?
One of the first things that come to mind when you say that Fiddler only captures occasionally is that perhaps the client is changing the used network. Maybe the mobile device is automatically switching to another WiFI or mobile data?
Well that seemed not to be case because I had to set fiddler as the proxy on my wifi connection, which meant I used the same network as I used before.
I also tried 3.2.1 and just for a second there I was also excited cause some requests started to work but then it started to fail again (same requests). Unfortunately I can not share the apps (note, it's not just one but I have this issue with all of them, some older apps which are native and ionic, but also with new apps written with react native. Again, If I try with the same emulator, same apps using Fiddler 3.2.1 on a remote Windows system, it works just fine without any issues at all. The problem is with the Mac version. I can not test if it's only on my Mac but I have tried multiple times to uninstall/install/delete app data etc.
Regarding v2.2.0, I just figured the installer path and have downloaded "Fiddler Everywhere 2.2.0.dmg" so every time fiddler exits, I just install the old one replacing the auto-updated one.
Qiulang
My android app always complains "The server returns invalid data" for the very first https request. I would assume the server here means fiddler. I have not figured why that happened. And I tried many times on my android, occasionally fiddler can capture traffic but when it worked I did not figured out what I did differently. Fiddler can capture https traffic on my iPhone for the same app.
BTW, fiddler can capture https traffic from chrome browser. I am not sure if this is because the answer in here https://stackoverflow.com/questions/62730978/some-androids-apps-wont-connect-through-fiddler said "One of those rare apps that respect user CA certificates is Chrome. So using Chrome for testing if the proxy and the installed root CA certificate works is a bad idea, as it may only work in Chrome but not for apps."
But the problem is fiddler occasionally captures!