How to use Fiddler Everywhere to inspect Android network traffic to troubleshoot SAML authentication issues

Recently Telerik would release Fiddler Everywhere, a free web debugging proxy, for macOS. Previously, Fiddler was native to Windows, and macOS users would have to resort to using Charles, or using Fiddler in Wine on their macOS. While Charles is great, it also wasn't free. With Fiddler Everywhere being a free offering, it has quickly cemented itself as a must-have tool for developers. 

Thanks Telerik, my Hawaii vacation / retirement fund just grew by $50.

Today, we're going to cover how to use Fiddler Everywhere to capture network traffic from an Android device. This is useful if you need to review SAML responses when troubleshooting authentication. But before we proceed to the fun stuff....

Wailea, Ulua Beach, Maui
Requirements:
  1. Telerik Fiddler Everywhere
    https://www.telerik.com/fiddler-everywhere
  2. Computer connected to network
  3. Android device connected to the same network as the computer
    • Android device must have no Workspace ONE profiles installed that manage:
      • Restrictions (limiting device network connectivity modifications)
      • Google Chrome application configuration (forcing device traffic to a proxy specified in the application configuration)

Steps to capture traffic:
  1. Open 'System Preferences' on your macOS. If using a Windows operating system, navigate to 'Control Panel'
  2. Open 'Network' on your macO. If using a Windows operating system, navigate to 'Network and Sharing Center'

  3. Locate the RFC1918 IP Address of your computer, mine is 192.168.0.111. If using a Windows operating system; click on the connection, and in the new window that appears, click on 'Details'.
  4. Write this IP Address down, it will be used later
  5. Download and install Fiddler Everywhere, or Fiddler if using a Windows operating system. 
  6. Open Fiddler Everywhere

  7. Ensure that Fiddler is capturing traffic

  8. Click the gear icon in the upper right corner to open 'Settings'
  9. In the 'HTTPS' tab, Ensure the 'Capture HTTPS traffic' checkbox is selected


  10. In the 'Connections' tab, specify a unused port to listen for traffic on. Ensure both 'Act as system proxy on startup' and 'Allow remote computers to connect' checkboxes are selected


  11. Click 'Save' and close 'Settings'
  12. Test that Fiddler Everywhere is running by navigating your localhost:port that you specified in 'Connections'. For my test, this will be;
    http://192.168.0.111:8866/
  13. If Fiddler Everywhere is running, you will see the following web page. If it is not running, reset your Fiddler settings, ensure there are no firewalls prohibiting traffic, and reconfigure Fiddler Everywhere settings

  14. Grab your Android tablet.
  15. Open VMware Workspace ONE Hub


  16. Tap 'This Device', and then 'Profiles'. Remove 'Restrictions' profiles, in addition to profiles managing Google Chrome's Application Configuration


  17. Tap 'Settings', followed by 'Connections'


  18. Tap the Wi-Fi network you are connected to


  19. Tap the Wi-Fi Network you are connected to in the new window that appears

  20. Tap 'Advanced' in the next window that appears


  21. In the 'Proxy' drop-down, change it from 'None' to 'Manual'

  22. Enter the IP Address of your computer in the 'Proxy host name' form field
  23. Enter the port number Fiddler Everywhere is listening on in the 'Proxy port' form field;


  24. Tap 'Save'
  25. Open Google Chrome on the Android device
  26. Type in the HTTP Address that Fiddler Everywhere is listening on. In my example, this is http://192.168.0.111:8866


  27. If the URL is not accessible, verify your Android device is not connected to a VPN
  28. Tap the link to download the 'FiddlerRoot certificate'
  29. Click 'Continue'


  30. Enter your device PIN (or other form of authentication previously setup)
  31. In the new window that appears, name the certificate. In this example I will name it 'Fiddler-Test'


  32. Tap 'Ok'
  33. Prior to this, Fiddler would have been capturing HTTP traffic already


  34. Now that the Fiddler root certificate is installed on the device, HTTPS traffic is also being captured
  35. To verify HTTPS traffic is captured, we can test this by navigating to a web site. I will navigate to https://news.ycombinator.com/


  36. Open Fiddler Everywhere, and you will now be able to see all the HTTP Requests and HTTP Responses, including HTTPS traffic;



  37. Click on a entry and review the HTTP Headers, Text, Cookies, JSON, and XML

  38. Now you can proceed to test your service requiring authentication
  39. Review the HTTPS Request/Responses when authenticating
  40. Look for the SAMLRequest. To decode the SAML Request, OneLogin has a free tool to decrypt it. This tool is available at https://www.samltool.com/decrypt.php

     

OptimalIDM does a great job summarizing a SAML flow;
  • The user requests an access to a relying party
  • The user is redirected to the Identity Provider (IdP) with a SAML 2.0 authentication request
  • The user then authenticates at the IdP
  • A SAML 2.0 authentication response is then posted to the relying party



For more helpful tools to troubleshoot SAML, decode SAML messages, and more; OneLogin has compiled a set of tools that are a huge help.


For more information on Fiddler Everywhere, you can also check out these resources;
How to Debug iOS & Android Mobile Apps with #Fiddler - YouTube, Progress Telerik, Rob Lauer


Progress Fiddle Everywhere Documentation - https://docs.telerik.com/fiddler-everywhere/introduction



Mahalo,
Ryan Pringnitz

Comments

Post a Comment

Popular posts from this blog

Delivering Managed Configurations (key/value pairs) to Android applications with Workspace ONE UEM profiles

Image
Applications often have secrets that should not be hardcoded in the source code. This poses a challenge for developers, as ProGuard can change classes and method names, it won't help with secrets. Examples of secrets that can be removed from application source code include an API key or a OAuth refresh token. Another capability is for the MDM to dynamically deliver values to the application, such as the current logged in user, device serial number, or organization group. Google has made it more challenging to access non-resettable device identifiers like the serial number in recent years, and this remains a viable solution to provide non-resettable device identifiers (and other values) to applications running on the device. So how do we do it? Workspace ONE UEM can deliver profiles to devices. Profiles can configure a number of settings, in addition to delivering key/value pairs to your applications.  Google refers to these key/value pairs as Managed Configurations, aka application
Read more

Clean up duplicate identities and users from Workspace ONE using REST API's and PowerShell

Image
Workspace ONE gives us a centralized management plane for our users digital workspace. But with the proliferation of identity and access management solutions, it isn't uncommon to find users with multiple identities in our management plane. Especially when you lift and shift from one identity solution to the next.  I have a friend and colleague who is working with a beverage company who have a fairly tedious task ahead of them. They have to clean up duplicate identities, and do it quickly. I thought it would be great to share a solution I put together, and discuss how you can go about cleaning up identities in your environment as well. But before we get to the good stuff; some mood lifting visual stimuli... Entrance to Andaz Maui at Wailea Fun fact: Novell eDirectory still exists. Owned and maintained by NetIQ. Any readers still using eDirectory, send me a email so I can buy you a beer. A lot of organizations start with Workspace ONE by importing identitie
Read more

How to use Square's OkHttp Java library to access Workspace ONE UEM API's

Image
Digital workspace solutions often require consuming other services. When doing so, you may work with things like; REST API endpoints, Webhooks, gRPC, GraphQL - the list goes on. You can interact with these in a number of ways, but one way I've come to appreciate is with Java. It has been especially helpful when I've wanted to work with libraries like Appium, Selenium, OKHttp, or the Workspace ONE UEM SDK in a workflow. With that, I thought it would be helpful to share how to work with Workspace ONE UEM API's using Java. In this blog post, we will cover; Basics of JetBrain's IntelliJ IDE, touching on Apache Maven Using  Square's OkHttp   library  to call Workspace ONE UEM API's Why Java? Java is used by many and supported by most (Docker, Kubernetes, static code analysis tools, cloud service providers, Android, Windows, macOS, Tanzu Application Service, etc). Many languages compile to j ava
Read more