qasxc001
Reputation: 1
Fiddler doesn't capture all https like in case of snapchat
Has anyone already found this issue at capturing traffic of snapchat?
Every https data deriving from other sites via application (of ios, android) are captured successfully by Fiddler but a few apps (appstore, snapchat) don't show anything just that request:
CONNECT app.snapchat.com:443 HTTP/1.1
Host: app.snapchat.com
User-Agent: Snapchat/10.8.1.0 (iPhone8,1; iOS 10.2.1; gzip)
Connection: keep-alive
Connection: keep-alive
A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.
Version: 3.3 (TLS/1.2)
Random: 59 23 9E E1 1C 23 49 F1 A1 21 6E 60 C5 94 AB E2 9F 09 10 C3 E0 C3 99 9B 78 9B 97 1F 74 69 5F 1C
"Time": 2089.12.12. 15:48:57
SessionID: empty
Extensions:
server_name app.snapchat.com
elliptic_curves secp256r1 [0x17], secp384r1 [0x18], secp521r1 [0x19]
ec_point_formats uncompressed [0x0]
signature_algs sha256_rsa, sha1_rsa, sha384_rsa, sha512_rsa, sha256_ecdsa, sha1_ecdsa, sha384_ecdsa, sha512_ecdsa
NextProtocolNego empty
ALPN http/1.1, http/1.0
status_request OCSP - Implicit Responder
SignedCertTimestamp (RFC6962) empty
extended_master_secret empty
Ciphers:
[00FF] TLS_EMPTY_RENEGOTIATION_INFO_SCSV
[C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
[C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
[C024] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
[C023] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
[C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
[C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
[C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
[C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[C028] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
[C027] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
[C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
[C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
Compression:
[00] NO_COMPRESSION
What would be done for the unimpeded working?
Extending this issue more what's the reason the fiddler (or other interceptors) isn't able to capture all https data but their Connect handshakes?
Upvotes: 0
Views: 1458
Answers (1)
gbc921
Reputation: 316
Probably this is due to certificate pinning. Snapchat is know to use this to prevent MITM attacks.
Take a look at this answer here: https://stackoverflow.com/a/40543302/1353689
and the links related to it as well.
Upvotes: 0
Related Questions
- How to capture python https traffic in fiddler?
- Capture HTTPS request to nonexistent server with FiddlerCore
- Fiddler is not showing HTTPS traffic
- Network Sniffing/SSL Pinning : Not able to get post through the login page in a mobile app when detecting traffic with Fiddler
- Fiddler not capturing certain websites
- Fiddlercore is not able Capture the traffic for HTTPS in Firefox V 41?
- How to capture HTTPS(TLS 1.0) communications from Android App with Fiddler4?
- HTTPS->HTTP via Fiddler
- Capture HTTPS traffic from VSTO in fiddler
- Why can I see information travelling through HTTPS with Fiddler?