Saturday 31 January 2009

Monitoring iPhone web traffic (with Fiddler)

For reasons that will become apparent in a future post, I wanted to 'sniff' the web traffic coming from my iPhone. If you are already familiar with Fiddler (web debugging proxy) you probably already know how easy that is to do. For everyone else, here's a brief rundown of the steps involved:

1. Get Fiddler
Download Fiddler and install it on your PC (with Windows 2000 / XP / 2003 / Vista and Microsoft .NET Framework v2.0 or later)

2. Set-up Fiddler
Start Fiddler then open the Fiddler Options... window


and in the General tab, ensure Allow remote computers to connect is checked.


In the Connections tab, check Act as system proxy on startup and verify what port is set (eg. 8888).

Once you've saved those settings you need to stop and re-start Fiddler.

3. Ensure Fiddler is 'listening'
Once Fiddler has re-started, verify that the Capture Traffic menuitem is ticked.


4. Check the 'listening' IP
You need to know your computer's wireless-network IP address to configure the iPhone. This screenshots shows the Command Prompt > ipconfig output:


5. Set-up iPhone Settings
With the computer IP address and Fiddler port, go to your iPhone's Wifi Settings and scroll down to the HTTP Proxy, choose Manual and input the Fiddler proxy info:

(remember to switch back to Off when you're done)

6. 'sniff' away
If everything has been setup right, anything you do in Safari or other internet applications (like, say Microsoft Tag Reader) will be logged in the Fiddler window.


It's extremely useful for testing/debugging - have fun!

Don't forget to UNDO the iPhone settings when you're finished!!

17 comments:

  1. fiddler is awesome - every web developer should have it (or something similar)!

    my favourite feature: "decrypting ssl" (http://www.fiddlertool.com/Fiddler/help/httpsdecryption.asp)

    ReplyDelete
  2. Very useful blog post! Thnx!

    ReplyDelete
  3. Great stuff, I never thought of doing this - will give it a shot later :)

    ReplyDelete
  4. Craig,

    Did you actually get this to work with a Monotouch app?

    Cheers,

    ChrisNTR

    ReplyDelete
  5. I can't get this to work when my iPhone is doing https even after following these instructions ( http://www.fiddler2.com/fiddler/help/httpsdecryption.asp ). Any tips?

    ReplyDelete
  6. @Steve - https decryption needs fiddler to insert a certificate into your browser signed by it's own CA. Try fiddler on your desktop and you'll see certs signed by "DO_NOT_TRUST_FiddlerRoot". You should have more luck if you can install this CA on your iphone (not sure if that is even possible?). "How do I configure Firefox to trust the Fiddler root certificate?" on the link you've mentioned explains how to export the CA.

    ReplyDelete
  7. For SSL traffic, you can use the iPhone Configuration Utility to create a config profile to import a cert to your iphone. http://support.apple.com/kb/DL926

    That said, my iphone does not seem to like/trust the Fiddler Root CA cert. Maybe others would have better results. I've had better luck using Charles. http://www.charlesproxy.com/

    iPhone likes its cert better, even though I like Fiddler better. Charles is not free ($50 US for license), but it works for 30 days with 30 min at a time.

    ReplyDelete
  8. I'm trying to use the solution you provide here but when I change my proxy settings and they try go go to a site (not https, just regular http) I get the error:

    "There was a problem communicating with teh web proxy server (HTTP)."

    Any ideas what I can try? FIddler is working fine for requests from my laptop

    Thanks

    ReplyDelete
  9. Thank you very much. This allowed me to debug my websites on localhost from the iPad.

    ReplyDelete
  10. Thanks for this. I am currently building a mobile version of an ecommerce site for a client and this has allowed me to test / debug locally with my iPhone :)

    ReplyDelete
  11. Thats really helpful.
    I have worked with this before but i forgot the port number to mention

    ReplyDelete
  12. If you want Fiddler to work for your iPhone's HTTPS traffic, you need the iOS Certificate Maker plugin. See http://www.fiddler2.com/fiddler/help/httpsdecryption.asp#iOS for more details.

    ReplyDelete
  13. Everything works. nut why is it that when i play a game, a server game, it doesnt want to connect to it?

    ReplyDelete
  14. HI, what is the procedure/steps in case of Galaxy Tab/mobile phone, Blackberry?

    ReplyDelete
  15. Great post! The UI has changed a bit in fiddler... I posted an updated version of this here: http://geekswithblogs.net/wojan/

    ReplyDelete
  16. Thanks for this post, very easy to follow and will be immensely useful.

    ReplyDelete
  17. Greatness. Was trying to solve how to configure my router to add a "hosts" entry for a non-public DNS entry, like http://my.local.server. Couldn't figure it out, stumbled on this. Using Fiddler anyway, now I can also capture the traffic to/from the iPhone, not just get access to the local site. Thanks for this post!

    ReplyDelete

Note: only a member of this blog may post a comment.