Original address: http://testingpai.com/article/1601003017501
As a software test engineer, packet capture is always inevitable: you need to capture packets for analysis when you encounter problems; you need to locate bugs to capture packets; check the security of data transmissions need to capture packets; interface testing also needs to capture those with incomplete requirements Packet... Just because packet capture is ubiquitous in testing work, there will be a large number of packet capture tools on the market for everyone to choose from.
Before, I also posted some articles about some commonly used packet capture tools, such as wireshark, Charles, etc., and then one of the most frequently asked questions by many small partners in private messages or messages is "what is the difference between this tool and the xxx tool?" or "this Which tool or xxx tool is better to use?"
Therefore, in order to solve your doubts, so that you can reasonably choose more suitable tools, and better assist the execution of the test work, we will analyze the advantages and disadvantages of various popular packet capture tools today.
Fiddler
The Fiddler tool is very classic and powerful, which everyone should understand. It can provide computer-side and mobile-side packet capture, including http and https protocols, which can capture and analyze messages; it can set breakpoint debugging, intercept messages for request replacement and data tampering, and can also perform request construction, and You can set network packet loss and delay for APP weak network test, etc.
Therefore, the first advantage of fiddler is that it is powerful and complete;
The second advantage is that Fiddler is open source and free, and all computers can directly use all functions as long as they are installed! This is undoubtedly a very big advantage, for it also attracts a large number of users!
Of course, it also has its own shortcomings: it can only be installed and used under windows. If you want to capture packets on other systems, such as MacOS systems, Linux systems, then Fiddler is useless.
Charles
Charles tool alias "vase", it is achieved through proxy capture, that is, when we visit the web page, we configure the proxy to point to the port Charles listens to, and then all requests Charles will help us forward and record.
Charles is very simple to use. After configuring the proxy, Charles starts to capture packets. We can directly view the contents of the package through its GUI. In fact, the functions and usage are very similar to Fiddler. It can also provide packet capture analysis, set breakpoints, and weak network environment simulation on computers and mobile phones. Then it is different from fiddler. Where is it?
advantage:
- Charles is based on Java and has good cross-platform performance. Therefore, it not only supports the Windows system, but also supports MacOS and Linux operating systems; so basic non-windows computers will choose Charles tools.
- It is also very simple to grab the configuration of the https protocol, just install the certificate of Charles.
Disadvantages:
Charles tools are not free. It needs to buy a license, if you don't buy it, it will be disconnected every 30 minutes. The experience is very bad!
Wireshark
Wireshark can also be installed and used on various platforms, but its functional focus is different from Charles&Fiddler. It is mainly used to capture data packets of all protocols in the network. It is very professional in analyzing network protocols and network problems!
Advantages of Wireshark tool:
- You can select a specific network card to capture traffic, then only the data that the network card you care about will be captured, which is very targeted;
- It can capture packets of all protocols, and the captured packets can be displayed in the format of the OSI seven-layer network model. You can clearly see every interactive packet and every data packet between the client and the server. The detailed content of each level of the network is displayed. Therefore, this tool is very suitable for learning and analyzing network protocols.
- Provides very powerful filtering rules. Wireshark can provide pre-capture filtering or post-capture filtering, and the filtering rules are very detailed, which can achieve very high-precision and fine-grained packet filtering;
- It can be used in conjunction with TCPdump to analyze the data packets captured under the online server (Linux system) to locate online problems.
Disadvantages of Wireshark tool:
- If you want to use it flexibly, you need to have a certain network foundation, which is difficult for beginners;
- The https packet cannot be analyzed. Since wireshark obtains the packet information at the link layer, the obtained https packet is encrypted data, so the packet content cannot be analyzed. Of course, we can decrypt the https packet, but the operation has a certain degree of complexity and may consume a lot of time.
BurpSuite
The Burpsuite tool is also developed based on the Java language, so it can also be used across various platforms, including Windows, MacOS and Linux.
Burpsuite can provide packet capture function, and its working method also acts as a proxy between the browser and the website to achieve message interception; it can also modify the data content and forward the function; you can even choose to use a crawler to crawl down the website. The data...
However, it is definitely not just a packet capture tool, it integrates a lot of practical small tools to complete more powerful functions, such as http request forwarding, modification, scanning, etc. At the same time, these gadgets can also collaborate with each other to carry out customized attack and scanning schemes under the framework of BurpSuite.
Therefore, many functional testers of this tool will use it for message capture and tampering with data. Many security testers will use it for semi-automatic network security audits. Developers can also use its scanning tools for website stress testing and attack testing. , The scope of function is wider.
But it also has its own shortcomings, that is, it is not free! The annual cost of each user is 299$, and the usage cost is relatively high.
F12
F12 is the simplest and most lightweight among many packet capture tools, because it is a developer tool built into the browser to provide the function of capturing data messages from the browser. It is free of installation and can be used directly by opening the browser. It is very easy to use and suitable for beginners at entry level.
It is mainly aimed at the HTTP protocol and HTTPS protocol. It can confirm a state of our network data packets. By analyzing the content of the request and response messages, it can analyze whether the request data and response data are correct, and whether the problem is front-end or back-end problem. End problem.
And F12, as a part of the browser, is the data sending and receiving end. The captured HTTPs packets can get the plaintext data; but because only the current browser's sending and receiving packets can be captured, the level can only be at the application layer Http( s) Protocol, other data packets cannot be captured.
Although F12 packet capture and debugging can also meet our basic testing requirements, there is still a certain gap between the scope and power of other packet capture tools.
TCPdump
TCPdump I published an article last week that specifically introduced it. This is a packet capture tool specifically for Linux command lines. It can provide a lot of parameters to filter and define network packets.
The messages it grabs can be directly printed on the Linux command line interface, or saved as a file, and opened with the Wireshark tool for more detailed analysis.
If you want to know more, you can check the specific article. (Attach a link to the previous article)
to sum up
In summary, there are many capture tools that can be used for testing, but each has its own advantages and corresponding shortcomings, so according to your own usage scenarios, choosing the most suitable capture tool is the most important!