Debugging applications on a mobile device is very difficult. In this article, we will demonstrate a simple way to capture device traffic using Fiddler and Fiori Client to aide in debugging device applications.
In this wiki, we will demonstrate how to capture the end to end communication between a Mobile Device using Fiori Client on an Android device. Following a short explanation of Fiori Client, we will demonstrate how to configure Fiddler from Telerik on a Windows desktop, configure the Android mobile device to use Fiddler as a proxy server, and finally capture the traffic from Fiori Client to the SAP direct gateway.
What is Fiori Client?
SAP Fiori or Fiori UX is a collection of Web applications that are designed to be multichannel: both desktop and mobile browser. This means a single instance of the application supports end users regardless of the device they are using. This is critical in a world where mobile devices, like smartphones and tablets, outnumber laptop and desktop computers. Fiori Client is a SAP Kapsel-Cordova container that can encapsulate Fiori providing the Fiori applications access to various mobile features such as the device bar code scanner, camera, address book, and implement enterprise level options including enterprise security (SAML, x509, Mutual Authentication, etc..), device logging and tracing, among others. Please see Getting Started with Kapsel for additional information.
What is Fiddler?
Fiddler is an HTTP debugging proxy server application written by Eric Lawrence, a former Program Manager for Internet Explorer development team at Microsoft. Fiddler can be used for various actions (acts as proxy):
- Web Debugging
- Performance Testing
- HTTP/HTTPS Traffic Recording
- Web Session Manipulation
- Security Testing
- Requires PC install only
- Supports HTTP and HTTPS protocols
- Supports non-browser clients
- Any Browser – Any System – Any Platform
Configure Fiddler on Windows Desktop/Laptop
- Download and install Fiddler from Download Fiddler on Windows based Desktop/Laptop.
- Launch Fiddler:
- Click Tools > Fiddler Options > Connections.
- Ensure that the check box by "Allow remote computers to connect" is checked.
- Select HTTPS tab, ensure "Capture HTTPS CONNECTs" and "Decrypt HTTPS traffic" is checked
- If you had to check any of these boxes, restart Fiddler.
- After restart, hover over the Online indicator at the far right of the Fiddler toolbar to display the IP address of the Fiddler server.
- Fiddler is now ready to use on Windows Desktop/Laptop.
Configure Mobile Device for Fiddler Proxy
There is no client software installation requirements for Fiddler on the mobile device, you simply configure the proxy on the mobile device wifi connection to use the host machine and port Fiddler resides on to pass traffic through Fiddler for capture. Some configuration considerations to consider:
- Mobile device and Windows Desktop/Laptop with Fiddler need to be on same network.
- Firewalls must allow traffic between Mobile device and Windows Desktop/Laptop with Fiddler on specified Fiddler port (default 8888).
- Some VPN software or network security software could block communication between mobile device and Fiddler host.
For this example, we will show steps to configure Android device to route traffic through Fiddler:
- Access Android device Settings.
- Select the Wi-Fi configuration.
- Tap and hold the Wi-Fi network you are using.
- Select Modify Network.
- Select Show advanced options
- Then set the proxy connection host to match the IP address garnered from Fiddler and the Fiddler port (default 8888) from the Connections tab in Fiddler.
- The last step for configuration on the device is to test connectivity from the device and install the Fiddler root certificate. In the mobile Chrome browser, load the address http://ipv4.fiddler:8888/. When the page comes up, click the link under download the FiddlerRoot certificate and install the root certificate in device user certificate store.
- You should now be able to logon to Fiori Client and observe the traffic in Fiddler as a proxy:
How to Trace SAP Fiori Client with Fiddler (QIQ)
How to configure Mutual Authentication in SMP 3.0 using X.509 Certificate
Use this structure to help you compose your contributions for WIKI and at the same time will ensure spelling and grammar.
Great post Kevin! I have an incident open with SAP, and I was able to provide the Fiddler logs.
In case anyone else hits an issue on newer Android or iOS releases, you may need to recreate the certificate that Fiddler uses since it does not have the ca flag=true set which is required by newer mobile OSes. This assumes you are on a Windows OS as Fiddler defaults to using makecert.exe on Windows.
You need to download and install the Fiddler Cert Maker add-on from http://fiddler2.com/r/?fiddlercertmaker
Install the file and Fiddler will switch to using that product instead.
Under Tools --> Telerik Fiddler Options --> HTTPS you should now see BCCertMaker.BCCertMaker from CertMaker.dll instead of CertEnroll engine or MakeCert engine
Then click Actions --> Reset All Certificates to regenerate your certificate
Follow the steps from the http://ipv4.fiddler:8888/ and install the certificate. I needed to install it under both "VPN and Apps" as well as "Wi-Fi" from the drop-down menu. After that, you should be able to launch the SAP Fiori Client without getting the ERR_INSECURE_RESPONSE error.
You can see http://www.telerik.com/blogs/faq---certificates-in-fiddler for more information as well.
This is great information and I really appreciate it. I've been meaning to check the Wiki for updates, but this will definitely save others time.