To install Fiddler’s root certificate on the emulator you can follow these steps:
- In Fiddler, select “Tools…Fiddler Options…SSL…Export Root Certificate to Desktop”
- Host the FiddlerRoot.cer file in a location that the emulator can browse to (IIS)
- In the Emulator, browse to the address that has the cert
- Tell the emulator that you want to install the certificate
The certificate should now be installed and the traffic should now be intercept-able. It is important to note that you have to browse to the certificate and install it every time the emulator starts. If you are constantly restarting the emulator this can get old pretty fast. I ran into some issues trying to get the burp cert to install on the device, so once I got Fiddler set up, I just had fiddler direct through burp and it worked great.
There may be an easier way to do this, but due to the limited time given during an assessment and the lack of good information online, this was the easiest to get up and going quickly. If anyone has any good tips on setting this up, please share.
In September 2012, Telerik (http://www.telerik.com) acquired the Fiddler product so we can expect to see some great new features being added.
James Jardine is a Principal Security Consultant with Secure Ideas. If you are in need of a penetration test or other security consulting services you can contact him at james@secureideas.com or visit the Secure Ideas – Professionally Evil site for services provided.