Using Fiddler with an iPhone/iPad
By Brian
If you have ever user Fiddler to debug a web application, you know what a invaluable tool it can be. If you have also tried to debug that application from an iPhone or iPad, you also know how difficult it can be to figure our what's going wrong from the web server logs. Below I will explain how to configure Fiddler to proxy the iPhone/iPad.
First, you need to enable connections from remote devices. Start Fiddler, and choose Fiddler Options from the Tools menu. Make note of the "Fiddler listens on port". You will need this in the next step. Now, select the "Allow remote computers to connect" option and click OK. You be asked to restart Fiddler.
When you restart Fiddler, Windows Firewall will ask permission to allow incoming connections to Fiddler. If you are using another firewall, you may need to configure this manually. Also, if you're doing this at work, and your company has a centrally managed firewall, they may not allow you to make changes at all. BTW: when you're done debugging, you should disable this option.
Now that Fiddler is listening, you need to configure the iPhone/iPad to use the proxy server. Go into Settings and click Wi-Fi. Then click on the little circle with the arrow next to the active connection. Scroll down to the bottom and change the HTTP Proxy to manual. Now enter the IP address of your Windows box and the port that Fiddler is listening. See the image below. BTW: if you're using a VPN connection, you need to configure the proxy settings on the VPN configuration page.
Now open the browser on your device and you should see the traffic in Fiddler on your Windows box.
At this point you can examine HTTP traffic, but not HTTPS. Fiddler can be configured to do this, but the default Fiddler root certificate is not compatible with iPhone/iPad. To replace the default certificate with one that the iPhone/iPad will trust, download and run the certificate maker utility from the fiddler web site: http://www.fiddler2.com/dl/FiddlerCertMaker.exe
In order to see HTTPS traffic, you need to configure Fiddler to decrypt HTTPS. You can do this by choosing Fiddler Options from the Tools menu. Choose the HTTPS tab and ensure that "Decrypt HTTPS traffic" is enabled. If it is already enabled, I suggest that you disable it, click the "Remove Interception Certificates", and then enable it again. This will clean out the existing certificates and make it easier to find the new certificate in the steps below. Before you close the options dialogue click the "Export Root Certificate to Desktop" button.
Now you should be able to examine HTTPS URLS, but you will get a warning message similar to the one below each time you access a new URL. If you're debugging a web application and don't mind clicking continue now and then, feel free to stop reading here.
If your debugging an app that makes web service calls, you may not have the option to accept the warning above. In order to eliminate the error, you are going to need to import the Fiddler root certificate. In order to do this, you are going to need the iPhone Configuration Utility. You can download it from here: http://support.apple.com/kb/DL1466
Once you download and install it, launch the iPhone Configuration Utility. Choose Configuration Profiles and Click New. Configure the general options as shown below.
Now, go to the credentials tab and click Configure. Find the certificate issued to DO_NOT_TRUST_FiddlerRoot. If you have updated fiddler a few times, there may be more than one. If so, open each certificate and compare the certificates serial number to the one you exported above.
Now connect your device and find it in the iPhone Configuration Utility under DEVICES. Chose the Configuration Profiles tab , and push the Install button next to the new profile you just created. A message will appear on the device, click install (you may need to enter your pin).
Now you should be able to debug web applications that make AJAX calls as well as native apps. Good luck and feel free to post questions below.
HTTP Traffic
First, you need to enable connections from remote devices. Start Fiddler, and choose Fiddler Options from the Tools menu. Make note of the "Fiddler listens on port". You will need this in the next step. Now, select the "Allow remote computers to connect" option and click OK. You be asked to restart Fiddler.
Now that Fiddler is listening, you need to configure the iPhone/iPad to use the proxy server. Go into Settings and click Wi-Fi. Then click on the little circle with the arrow next to the active connection. Scroll down to the bottom and change the HTTP Proxy to manual. Now enter the IP address of your Windows box and the port that Fiddler is listening. See the image below. BTW: if you're using a VPN connection, you need to configure the proxy settings on the VPN configuration page.
HTTPS Traffic
At this point you can examine HTTP traffic, but not HTTPS. Fiddler can be configured to do this, but the default Fiddler root certificate is not compatible with iPhone/iPad. To replace the default certificate with one that the iPhone/iPad will trust, download and run the certificate maker utility from the fiddler web site: http://www.fiddler2.com/dl/FiddlerCertMaker.exe
In order to see HTTPS traffic, you need to configure Fiddler to decrypt HTTPS. You can do this by choosing Fiddler Options from the Tools menu. Choose the HTTPS tab and ensure that "Decrypt HTTPS traffic" is enabled. If it is already enabled, I suggest that you disable it, click the "Remove Interception Certificates", and then enable it again. This will clean out the existing certificates and make it easier to find the new certificate in the steps below. Before you close the options dialogue click the "Export Root Certificate to Desktop" button.
Now you should be able to examine HTTPS URLS, but you will get a warning message similar to the one below each time you access a new URL. If you're debugging a web application and don't mind clicking continue now and then, feel free to stop reading here.
Eliminating the "Cannot Verify Server" warning
If your debugging an app that makes web service calls, you may not have the option to accept the warning above. In order to eliminate the error, you are going to need to import the Fiddler root certificate. In order to do this, you are going to need the iPhone Configuration Utility. You can download it from here: http://support.apple.com/kb/DL1466
Once you download and install it, launch the iPhone Configuration Utility. Choose Configuration Profiles and Click New. Configure the general options as shown below.
Now, go to the credentials tab and click Configure. Find the certificate issued to DO_NOT_TRUST_FiddlerRoot. If you have updated fiddler a few times, there may be more than one. If so, open each certificate and compare the certificates serial number to the one you exported above.
Now connect your device and find it in the iPhone Configuration Utility under DEVICES. Chose the Configuration Profiles tab , and push the Install button next to the new profile you just created. A message will appear on the device, click install (you may need to enter your pin).
Now you should be able to debug web applications that make AJAX calls as well as native apps. Good luck and feel free to post questions below.