How to collect Fiddler PCAP for iOS Devices [Clientless VPN]
Objective
Provide walkthrough for capturing HTTPs based traffic on iOS devices using Fiddler Classic.
Environment
- Clientless-VPN
- iOS
- GlobalProtect
- Prisma Access Mobile Users
Procedure
Pre-requisite Notes:
- Fiddler is only available on Windows, for this procedure please have an iOS device and a Windows system available.
- Please download Fiddler Classic at the following link: https://www.telerik.com/download/fiddler
- Test Devices used for this document are an iPhone running iOS 15.1.1 and a Windows based laptop running Windows 10.
Setting up Fiddler Classic on Windows Host
Step 1. Open Fiddler and Navigate to Tools > Options > HTTPS, disable Capture HTTPS Connects. Select OK
Step 2. Fully close Fiddler and install Fiddler CertMaker.dll add-on to create a static root certificate for testing. Download Link: https://telerik-fiddler.s3.amazonaws.com/fiddler/addons/fiddlercertmaker.exe
Step 3. Once the add-on is installed, reopen Fiddler and open Tools > Options > HTTPS. Select Actions > Reset All certificates
Step 4. Re-enable Capture HTTPs Connects and Decrypt HTTPs Traffic. Expand the drop down labeled "...from all processes" and modify to "... from remote clients only"
Step 5. Next Navigate to the Connections tab in the Options Menu and Enable "Allow Remote Computers to Connect"
Step 6. Restart Fiddler
Setup iOS Device and Test
Note: Ensure the iOS device can reach the Windows Host machine. Fiddler will be hosting a page at http://Machine-IP:8888. If necessary disable mobile data connectivity on the iOS device
Step 1. Navigate to http://Windows-Host-IP:8888 and select the Fiddler Root Certificate hyperlink
Step 2. Next navigate to the iOS Files application, select the newly downloaded certificate and install the profile.
Note: Ensure the certificate is under "On my iPhone" directory and not in a sub-folder
Step 2a. Go to Settings > More for Your iPhone, select View Profile on the next page and install the profile.
Step 2b. Next go to Settings > General > About > Certificate Trust Settings and Enable Full Trust for Root Certificate for the FiddlerRoot Cert
Step 3. Go Settings > Wifi and select the "i" icon next to your connected network
Step 3a. Scroll down to the Configure Proxy option and select Manual on the next page. Set the Server to the Windows Host IP and Port to 8888, leave authentication blank.
Step 4. On Fiddler you may now start seeing output related to ongoing connections. Select the "X" icon and Remove all to clear the current logged sessions. You can also stop the capture by toggling Capture Traffic under the File menu.
Step 5. Next navigate to the Clientless-VPN Portal and reproduce the application issue. Confirm on the Fiddler Client the relevant logs are being collected.
Step 5a. Once reproduced save the session data under File > Save > All Sessions.