Adam Caudill

Security Leader, Researcher, Developer, Writer, & Photographer

Monitor iPhone HTTP(S) Traffic with Fiddler

For a research project I decided that I needed to monitor the traffic to and from my iPhone – both HTTP and HTTPS. Having had so much luck with Fiddler in the past, it was the first place I looked. There are a number of posts on this topic, but few that provide a clear and complete picture of what’s needed. So I wrote one.

First, install the latest version of Fiddler, then install the iOS-compatible certificate generator. Now update the settings to decrypt HTTPS traffic:

Next, update the settings to allow remote connections (make sure that restart Fiddler after this):

Then export the Fiddler Root Certificate to your desktop from the options dialog:

Email the FiddlerRoot.cer file to your iPhone – you’ll need to import and trust the certificate to make this work. To install certificate, just click on the attachment and click the ‘Install’ button.

Now configure your iPhone to use the Fiddler proxy. The setting can be found at Setting -> Wi-Fi -> (your network) -> HTTP Proxy -> Manual. Set the ‘Server’ to the IP address of of your PC, then set ‘Port’ to 8888, and ‘Authentication’ to off.

You should now be able to see all of the HTTP and HTTPS traffic going across your phone. It’s worth noting though, that some applications won’t work while using the proxy – Twitter being one, though most work without issue.

Adam Caudill


Related Posts

  • PL/SQL Developer: HTTP to Command Execution

    While looking into PL/SQL Developer – a very popular tool for working with Oracle databases, to see how it encrypts passwords I noticed something interesting. When testing Windows applications, I make it a habit to have Fiddler running, to see if there is any interesting traffic – and in this case, there certainly was. PL/SQL Developer has an update mechanism which retrieves a file containing information about available updates to PL/SQL Developer and other components; this file is retrieved via HTTP, meaning that an attacker in a privileged network position could modify this file.

  • A month with DuckDuckGo

    It wasn’t long after Google went live that they became my search engine of choice – with the only other (somewhat) viable option being Yahoo, it was an easy choice. In the years since then, I’ve not questioned that choice, but now that Google is focusing on killing features and building little-used social features, the time seemed right to see if there are better options. So a month ago I began an experiment, I committed to using DuckDuckGo for a month – here’s what I’ve found.

  • The Evolution of Paranoia

    That researchers from Kaspersky Lab uncovered malware that uses hard-drive firmware has now been throughly discussed — perhaps too much for some people. It’s not exactly Earth-shattering news either, the idea has been discussed for years, and has been publicly demonstrated. Brandon Wilson and I were even working proof of concept for SSD controllers to demonstrate this based on our BadUSB work. This isn’t about that story, exactly. This is about paranoia, and how it has changed over the last few years — and even the last few months.

  • Blog Traffic: Another View

    There are hundreds of guides on how to get more traffic directed to your blog, and most are wrong. Seth Godin recently posted on this topic, and I have to disagree with most of his points. While there are a few basically good ideas, there are many more that I just don’t see holding up. Here’s what I look for in the blogs I visit: Writer is an expert in the field.

  • Conexant (formerly Rockwell) Softmodem HSF Modem

    This post was imported from an old blog archive, and predates the creation of AdamCaudill.com. I was actually rather lucky to have this brand of WinModem, as the good people over at Linuxant.com offer a very high quality driver that makes installation a breeze! But, they have recently changed their marketing methods and charge $15 for the driver, so these really lives no viable, free alternative (a rarity to say the least for linux).