debugging HTTPS requests from IOS Simulator

Oscar Brito

You have to debug an application that you know very little about. Things become very confusing and you have to take a step back and debug through the network requests. Then you realise the requests are HTTPS, frak encryption!

This article explains how to use Fiddler to analyse your network traffic, using a IOS application running on the IOS Simulator as an example.

A similar setup can be used when using Charles proxy without the need of a virtual machine. Be aware that Charles is not free!

Setup

Fiddler debugging proxy helps you analyse the network activity acting as a proxy. Because Fiddler runs on Windows you need to download a Windows VirtualBox machine.

Fiddler Setup

Once you have the Windows virtual machine you need to change the network adapter to a bridged adapter, so that you can access it by it's ip address from within your host machine.

To debug the HTTPS requests you need to tell fiddler to terminate the SSL and start a new one using fiddler's generated SSL certificate.

  1. Check Encrypt HTTPS traffic.

  2. Click on Trust Root Certificate.
    This will generate a SSL certificate and adds that to as a Trusted Authority.

Fiddler is acting as a proxy for the local system using the port 8888.

OSX Setup

You'll need now to setup your system to use the Fiddler proxy from the virtual machine and add the Fiddler HTTPS certificate as a Trusted Authority on your keychain.

Keychain setup

After click on Fiddler's Export Certificate to Desktop.

sudo security add-trusted-cert -k "/Library/Keychains/System.keychain" -r trustRoot -d FiddlerRoot.cer  

Proxy setup

Get the virtual box IP address and setup your system proxy.

Debugging HTTPS

After your system is configured, Fiddler will show all the details about the HTTP and HTTPS requests coming from your machine, including requests from the IOS Simulator running the application you wish to debug.

Conclusion

This is pretty useful for people who have limited access to application servers.

When starting a new job this can help you while you don't fully understand the application infrastructure, giving an overview of the network usage.

Oscar out.