Configure Fiddler to Decrypt HTTPS Traffic

Enable HTTPS traffic decryption:

  1. Click Tools > Fiddler Options > HTTPS.
  2. Click the Decrypt HTTPS Traffic

 

Skip traffic decryption for a specific host

  1. Click Tools > Fiddler Options > HTTPS.
  2. Type the hostname in the Skip Decryption.

 

 

Capture Traffic from iOS Device

Configure Fiddler

  1. Click Tools > Fiddler Options > Connections.
  2. Click the checkbox by Allow remote computers to connect.

 

  1. Restart Fiddler.
  2. Ensure your firewall allows incoming connections to the Fiddler process.
  3. Hover over the Online indicatorat the far right of the Fiddler toolbar to display the IP addresses assigned to Fiddler’s machine.

 

  1. Verify client iOS device can reach Fiddler by navigating in the browser to http://FiddlerMachineIP:8888. This address should return the Fiddler Echo Service
  2. For iPhone: Disable the 3g/4g connection.

Set the iOS Device Proxy

  1. Tap Settings > General > Network > Wi-Fi.
  2. Tap the settings for the Wi-Fi network.
  3. Tap the Manualoption in the HTTP Proxy
  4. In the Serverbox, type the IP address or hostname of your Fiddler instance.
  5. In the Portbox, type the port Fiddler is listening on (usually 8888).
  6. Ensure the Authentication slider is set to Off.

 

Decrypt HTTPS Traffic from iOS Devices

  1. Download the Certificate Maker pluginfor Fiddler.
  2. Install the Certificate Maker
  3. Restart Fiddler.
  4. Configure the device where Fiddler is installed to trust Fiddler root certificate.
  5. On the iOS device, go to http://ipv4.fiddler:8888/in a browser.
  6. From the bottom of the Fiddler Echo Servicewebpage, download the FiddlerRoot certificate.

 

  1. Open the cerfile.
  2. Tap the Install

 

  1. Tap the Installbutton again.

 

On iOS 10 and later, after installing the FiddlerRoot certificate, go to Settings -> General -> About -> Certificate Trust Settings and manually enable full trust for the FiddlerRoot root certificate. Accept the dialog that says that this will allow a third-party to eavesdrop on all your communications.

 

下面这一步很重要:

IOS10.3系统以上需要在手机设置-通用-关于本机,最后一个受信任证书存储区里面,把fiddler的证书信任下