How to collect Fiddler PCAP for iOS Devices [Clientless VPN]

How to collect Fiddler PCAP for iOS Devices [Clientless VPN]

3886
Created On 01/20/22 22:47 PM - Last Modified 12/15/22 22:58 PM


Objective


Provide walkthrough for capturing HTTPs based traffic on iOS devices using Fiddler Classic.

Environment


  • Clientless-VPN
  • iOS
  • GlobalProtect
  • Prisma Access Mobile Users


Procedure


Pre-requisite Notes:
  • Fiddler is only available on Windows, for this procedure please have an iOS device and a Windows system available.
  • Test Devices used for this document are an iPhone running iOS 15.1.1 and a Windows based laptop running Windows 10.
 

Setting up Fiddler Classic on Windows Host

Step 1. Open Fiddler and Navigate to Tools > Options > HTTPS, disable Capture HTTPS Connects. Select OK

User-added image

Step 2. Fully close Fiddler and install Fiddler CertMaker.dll add-on to create a static root certificate for testing. Download Link: https://telerik-fiddler.s3.amazonaws.com/fiddler/addons/fiddlercertmaker.exe

Step 3. Once the add-on is installed, reopen Fiddler and open Tools > Options > HTTPS. Select Actions > Reset All certificates

User-added image

Step 4. Re-enable Capture HTTPs Connects and Decrypt HTTPs Traffic. Expand the drop down labeled "...from all processes" and modify to "... from remote clients only"

User-added image

Step 5. Next Navigate to the Connections tab in the Options Menu and Enable "Allow Remote Computers to Connect"

User-added image


Step 6. Restart Fiddler

 

Setup iOS Device and Test 


Note: Ensure the iOS device can reach the Windows Host machine. Fiddler will be hosting a page at http://Machine-IP:8888. If necessary disable mobile data connectivity on the iOS device

Step 1. Navigate to http://Windows-Host-IP:8888 and select the Fiddler Root Certificate hyperlink

User-added image

Step 2. Next navigate to the iOS Files application, select the newly downloaded certificate and install the profile.

User-added image

Note: Ensure the certificate is under "On my iPhone" directory and not in a sub-folder


Step 2a. Go to Settings > More for Your iPhone, select View Profile on the next page and install the profile.

User-added image         
User-added image


Step 2b. Next go to Settings > General > About > Certificate Trust Settings and Enable Full Trust for Root Certificate for the FiddlerRoot Cert

User-added image


Step 3. Go Settings > Wifi and select the "i" icon next to your connected network

User-added image


Step 3a. Scroll down to the Configure Proxy option and select Manual on the next page. Set the Server to the Windows Host IP and Port to 8888, leave authentication blank.

User-added image     
User-added image


Step 4. On Fiddler you may now start seeing output related to ongoing connections. Select the "X" icon and Remove all to clear the current logged sessions. You can also stop the capture by toggling Capture Traffic under the File menu.

User-added image


Step 5. Next navigate to the Clientless-VPN Portal and reproduce the application issue. Confirm on the Fiddler Client the relevant logs are being collected.
 

User-added image


Step 5a. Once reproduced save the session data under File > Save > All Sessions.



Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004MuyCAE&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language