Applies to: Centrify Identity Service for Mobile / SaaS / Office 365

Question:

Centrify Support has requested Fiddler traces from an iOS device. These are used for troubleshooting a range of issues, especially issues with authenticating to mobile applications.

How are these traces retrieved?


Answer:

You will need a wireless network, iOS device, and a Windows machine with Fiddler installed. Fiddler is a tool for capturing web traffic.

Configure the Windows/Fiddler host to capture traffic from the mobile device

1. Download and install Fiddler and then open the application.
2. Click Tools > Fiddler Options > Connections
3. Click the checkbox to "Allow remote computers to connect".
   • ​
4. Restart Fiddler.
5. Ensure your firewall allows incoming connections to the Fiddler process. 
6. Hover over the "Online indicator" at top right of the Fiddler toolbar to display the IP address(es) assigned to the Fiddler host machine.
   • 
   • Note: Save this address for later use on the mobile device.
7. Verify the iOS device can reach Fiddler by navigating in the browser to
   • http://[IPAddressofFiddlerHostMachine]:8888 
   • This address should return the Fiddler Echo Service page.
8. Verify that Fiddler is capturing traffic by going to File > Capture Traffic. There should be a check mark.
   • ​

Install the Fiddler root certificate on the Windows/Fiddler host to decrypt HTTPS traffic

• Note: After the root certificate is installed, all web traffic on the host machine will be decrypted and captured using Fiddler. Proceed with caution.

1. Download and install the Certificate Maker plugin for Fiddler.
   • This can be found in the Fiddler add-ons page at:
   • http://www.telerik.com/fiddler/add-ons
2. Restart Fiddler.
3. Click Tools > Fiddler Options > HTTPS
4. Click the "Decrypt HTTPS Traffic" box
   • 
5. A warning box will appear to trust the Fiddler Root certificate. Click the Yes button.
6. Another warning box will pop up asking to install the Fiddler Root certificate. Click the Yes button.

To capture traffic from an iOS device

1. On the iOS device, disable any 3G/4G connections.
2. Go to Settings > Wi-Fi
3. Click on the Wi-Fi network to go to the settings.  
   • Note: The Wi-Fi network that the iOS device is on needs to be on the same network that the Fiddler host machine is on.
4. Tap the "Manual" button in the HTTP Proxy section.
5. In the Server box, type the IP address or hostname of the Fiddler instance (from Step 6 of the Windows machine configuration section).
6. In the Port box, type the port Fiddler is listening on (Usually 8888) 
7. Ensure the Authentication slider is set to Off.
   • 

Install the Fiddler root certificate on iOS device to decrypt HTTPS traffic

• Note: After the root certificate is installed, all web traffic on your iOS device will be decrypted and captured using Fiddler. Proceed with caution.

1. Go to http://ipv4.fiddler:8888/ in the iOS browser.
2. Download the FiddlerRoot certificate from the bottom of the Fiddler Echo Service webpage.
3. Open the FiddlerRoot.cer file and tap the Install button. 
   • 
4. There will be a warning message. Click the Install button again.

Note: On iOS 10 and later, after installing the FiddlerRoot certificate, go to Settings -> General -> About -> Certificate Trust Settings and manually enable full trust for the FiddlerRoot root certificate. Accept the dialog that says that this will allow a third-party to eavesdrop on all your communications.


Reproduce the issue on the iOS device and capture the traffic

1. Reproduce the issue on the iOS device and the web traffic should now be seen being captured in Fiddler. 
2. After the issue has been captured, go to File > Save > All sessions...
3. Send in the .saz file in to Centrify Support for further investigation.