0x00 purpose
Grab the data packet of the PC client
(Use the client software "NetEase Youdao Dictionary" to demonstrate the client-side capture, which is not captured by default)
0x01 Fiddler can't catch the data reason
Why can't Fiddler capture the data packets on the PC side, it can only capture:
-
Browser packet
-
The program uses WinInet library for HTTP/HTTPS communication
-
Webbrower embedded in the program
(If the program does not use the WinInet library provided by Windows for HTTP communication, but its own library, it directly implements the encapsulation and disassembly of the HTTP package internally, and finally directly calls the socket api of the operating system to send data. The operating system cannot give They set up HTTP/HTTPS proxy, so Fiddler can't catch the data)
0x02, check whether the PC application uses the WinInet library for communication
》》Listdlls download
https://docs.microsoft.com/zh-cn/sysinternals/downloads/listdlls
# List whether Youdao uses the WinInet library for communication
》》query process
》》Youdao Translation Dictionary uses WinInet library provided by Windows for HTTP communication
0x03 Forced configuration of proxy-Proxifier
Introduction: The socks5 client can allow network programs that do not support working through a proxy server to pass HTTPS or
SOCKS proxy or proxy chain
Principle: Use the regular interface provided by Windows to filter/forward by installing the WinSockLSP module
TCP/UDP packet
0x04 Capture data package of "NetEase Youdao Dictionary" on PC
》》Download proxifier from official website
https://www.proxifier.com
》》After installing the installed version, enter the activation code (app charge)
》》Completed installation effect
》》Configure the proxy server
》》Add configuration
》》Successful agency
》》Configure proxy rules
(Configure the proxy rules as follows:)
# DNS configuration
》》Click >Profile >Name Resolution
》》Uncheck "Automatically detect DNS settings" and select "Resolve hostname through proxy"
(Tips: Domain name resolution is handed over to the proxy server to prevent the proxifier from parsing the domain name and sending it to the server is ip.
The server with CDN does not know Real domain name)
》》Youdao Dictionary successfully captured:
Reference article
https://www.52pojie.cn/thread-976016-1-
1.html#26506016_%E6%8A%93%E5%8C%85%E6%95%88%E6%9E%9C