Fiddler mobile phone capture principle
The principle of fiddler mobile phone packet capture is the same as that of capturing web data on PC. Fiddler is used as a proxy. Network requests go to fiddler, and fiddler intercepts data. Since fiddler acts as a middleman, it can decrypt https.
Let's start the mobile phone packet capture setup tutorial
Set up fiddler to capture packets
File-->Check capture traffic
Set up grab https and decrypt https
Tools—–>fiddler options—–>https—–>capture https traffic—->decrypt https traffic—>Ignore server certificate errors
Since we only grab mobile phones, here we choose from remote clients only
connections—–>allow remote computers to connect
Since it is a mobile phone connection agent, check allow remote computers to connect
Install the certmaker plugin for fiddler
Since the default certificate does not meet the certificate requirements of android and ios, you need to download the certmaker plugin, double-click to install it, and restart fiddler. Note that this step is very important, you must use the certmaker plugin, do not use the default certificate generator, otherwise the package will not be captured.
Set up mobile proxy
Phone and PC are on the same network segment
First make sure that the mobile phone and the pc are in the same local area network and
move the mouse to the Online in the upper right corner of the fiddler, check the ip of the pc, 192.168.1.106
The mobile ip is 192.168.1.101, which is on the same network segment as the pc.
Set up mobile proxy
Find the connected wireless, set the proxy, the proxy ip should be consistent with the ip in the online
Mobile phone installation root certificate
In the browser, enter http://192.168.1.106:8888 , click FiddlerRoot certificate at the bottom, and confirm the installation.
Effect
So far, everything is set up. Let's take a look at the effect. Take the mobile web version of QQ as an example. The screenshot is a request for "Like" in the space.
follow-up questions
In the same way, you can also capture the mobile phone QQ app version, Alipay, Taobao, etc. However, the mobile phone QQ uses the http2 protocol, so it cannot be captured. In this case, you have to use wireshark to capture the packet, but after capturing, decryption is a problem. .
Wireshark captures the like request of the mobile qq app version
Can't catch https package
Many netizens have asked me that I followed the tutorial, but I couldn't catch the package. Here is a unified answer to this question.
Analysis of the situation that fiddler can't catch
fiddler does not support all protocols
Fiddler does not support all protocols. Currently known ones are http2, tcp, udp, websocket, etc. If the application uses the above protocols, then fiddler will definitely not be able to catch it.
http2: Because fiddler is implemented based on .net framework, and because .net framework does not support http2, fiddler cannot crawl http2
The certificate is hard-coded in the app, and fiddler cannot grab it
The principle of fiddler's packet capture is a man-in-the-middle attack, that is, to deceive the client && to deceive the server. If the https certificate is written in the app, that is, the app does not trust the certificate issued by fiddler, and the app only trusts it. With its own certificate, fiddler can't hide it from the client, so fiddler can't grab the package.
To say a few more words, if it is an app developed by yourself, for the convenience of development and debugging, you can use a tool like wireshark to import the server certificate, capture and decrypt the packets.
Fix the problem of not being able to grab the package
In addition to the above-mentioned cases that are known to be unable to capture packets, other cases should be able to capture. The following are the steps to troubleshoot and fix the problem.
Confirm whether you can catch the Baidu homepage of the mobile browser
Because Baidu is HTTPS encrypted, it can definitely be caught if the configuration is correct. Note that I am talking about three conditions here, mobile phone && browser && homepage of Baidu webpage, these conditions must be satisfied.
The Baidu homepage of the mobile browser looks like this.
Reinstall the certificate
If you can't catch it, you can be sure that there is a configuration problem. Verify that fiddler uses the certmarker plugin and is also installed on the phone; if it is installed, reinstall it. If it still doesn't work, then regenerate the certificate, reinstall both the computer and the phone, and restart fiddler. Generally, reinstalling the certificate on the phone solves the problem.
Grab the mobile phone Baidu app login request renderings
refer to
fiddler capture for ios
fiddler capture for android
reward
If you think this article is well written, please encourage it, thank you~~
