I was testing a mobile application and kept on getting this
error “Received Fatal Alert: Certificate unknown”
This is another road bump we frequently encounter when
testing SSL applications.
So I was hit by this problem where if I put a proxy tool in
a mobile app I was again and again getting the error:
Received Fatal Alert:
Certificate_unknown
Without the intercepting proxy in between it worked
perfectly fine.
I did couple of
things first:
1) Installed burp certificate on the mobile device – Did not work
2) Tried ZAP tool – Did
not work
3) Finally used
Fiddler – Worked
I have to say before I had used Fiddler and I was not very
comfortable with its interface. But when I actually used it, I realized it’s a great
tool.
How to setup your
mobile device to use Fiddler as intercepting proxy
1) Go to the WIFI ,
click on more settings and then select Proxy > Manual
2) Here put the proxy
and port as the ip of your system and port here would be 8888 -> This is the
default port for Fiddler.
3) Open Fiddler
4) Go to
Tools>Options> Connections
- Make sure Allow remote computers to connect is checked
- If it is not then check it and restart Fiddler
5) Now you should be
able to see all HTTP and HTTPS traffic in Fiddler.
- Suppose we want to replay a request we can do so by right clicking on any request and selecting “Reissue From Composer”.
- This allows you to edit any request as you like
6) If you want to
edit a response also and then check you can put breakpoints.
·
Go to
Rules>Automatic Breakpoints > Before Request or >After Responses depending
on your requirement
