This article describes how to use Fiddler Everywhere to capture and inspect traffic that comes from iOS devices and simulators.
To capture and inspect traffic on iOS devices or simulators, perform the following steps:
- Provide the prerequisites.
- Configure Fiddler Everywhere.
- Configure the iOS device.
- Configure the iOS simulator.
- Inspect the traffic.
Use an iOS device or an iOS simulator within the same local network as the Fiddler Everywhere host.
Enable the remote connections of Fiddler Everywhere through Settings > Connections > Allow remote computers to connect.
Check the IP address of the machine where Fiddler Everywhere is running. To obtain the IP address, for example, ipconfig on Windows or ifconfig on Linux, you can use the built-in OS tools or the Fiddler Everywhere popup status on the bottom-right part of the client. For demonstration purposes, let's assume that the local IP of the Fiddler Everywhere machine is 192.168.0.101.
To configure real iOS devices to work alongside a Fiddler Everywhere host, refer to the following steps. For more information on working with iOS simulators, refer to the section about configuring iOS simulators. Both real iOS devices and iOS simulators have to be on the same network and be discoverable.
On your iOS device, go to Settings > WiFi.
Find your current network and click the i icon.
Scroll to the bottom and choose Configure Proxy > Manual.
In the Server field, type your IP address—for example, 192.168.0.101.
Type the Fiddler Everywhere listening port (8866 by default) in the Port field. Tap Save.
With the current setup, you will be able to capture non-secure HTTP traffic. However, if you try to open any HTTPS website, you'll get the "This site's security certificate is not trusted!" error. To fix this issue, trust the Fiddler root certificate.
Open a browser on the iOS device and type the http://ipv4.fiddler:8866 echo service address of Fiddler Everywhere.
Click the Fiddler root certificate link to download it.
On your iOS device, open General and install the certificate through Profile Downloaded. Note that this option will appear only after the certificate is downloaded.
(For iOS 10.3+) Go to Settings > General > About > Certificate Trust Settings and enable full trust for the DO_NOT_TRUST_FiddlerRoot certificate. Note that you will see the DO_NOT_TRUST_FiddlerRoot certificate only after completing the previous step.
The later versions of the iOS simulators, which are accessible through XCode, use the OS system proxy by default. However, due to a security limitation, the iOS simulator won't access the folders containing the trust certificates. To capture HTTPS traffic, you must manually export the Fiddler Everywhere certificate and install it on your iOS simulator.
In Fiddler Everywhere, go to Settings > HTTPS > Advanced Settings.
Use the Export root certificate to export the Fiddler Everywhere certificate to your Desktop folder.
Start the iOS simulator.
Drag and drop the exported certificate in the simulator.
In the iOS simulator, go to Settings > General > About > Certificate Trust Settings and enable full trust for the DO_NOT_TRUST_FiddlerRoot certificate. Note that you will see the DO_NOT_TRUST_FiddlerRoot certificate only after completing the previous step.
Now you can immediately monitor HTTP/HTTPS traffic from your iOS device. For example, open a Safari browser on your iOS device, type an address of your choice, and observe the captured traffic in the Live Traffic section of Fiddler Everywhere.
Once you're done debugging, remove the WiFi proxy from your iOS device.