1. The principle of the packet capture tool The
first is to access the packet capture tool through proxy settings and browsers.
Access: Browser >> Packet Capture Tool >> Server
Response : Server >> Packet Capture Tool >> Browser
1. Capture packets of http data. The protocol itself is transmitted in plain text, so directly forward
2. Capture packets of https data. The protocol itself is encrypted in the process of transmission and cannot be parsed.
2.1 Packet capture tool For the browser, it simulates the server and uses the certificate of the
packet capture tool for encryption. 2.2 For the server, the packet capture tool simulates the client (browse server), use the server's certificate for encryption
PS: packet capture tool, listen to a specific port (ip:port, 192.168.0.108:8888) of a specific machine, any third-party device can access this proxy, and set the connection proxy
II . The role of the packet capture tool
1. Can monitor data
2. Can correctly parse and display data
3. Can filter data
4. Can find specific data
5. Can manually simulate sending data
6. Can interrupt the interaction of the browser and modify the current interaction Data
3. Preparations 1.
Install the browser, and install proxy tools 2.
Turn off all firewalls 3.
Check the IE proxy settings Root Certification Authority" 3. Three main windows
4. When capturing packets, do not take too long. Each small function block is used to capture packets once
. 5. Commonly used built-in commands and breakpoint commands
Command |Corresponding request item|Introduction|Example
Built-in command:
? All question mark followed by a string, Can you match requests that contain this string? google
> Body greater than sign followed by a number, you can match the request size, greater than this number request > 1000
< Body less than sign is the opposite of greater than sign, match the request size, smaller than this number Request <100
= Result equals sign followed by a number, can match HTTP return code =200
@ Host @ followed by Host, can match domain name @www.baidu.com
select Content-Type select followed by response type, can match the relevant type select image
cls All Clear all current requests cls
dump All Pack all requests into a saz archive and save it to the "My Documents\Fiddler2\Captures" directory to dump
start All start listening for requests start
stop All stop listening for requests stop
breakpoint command
bpafter All bpafter is followed by a string, which means to interrupt all requests containing the string bpafter baidu (input bpafter to release the breakpoint)
bpu All is similar to bpafter, except This is a request received, the interrupt response bpu baidu (input bpu to release the breakpoint)
bps Result is followed by the status, indicating that all requests with this status code are interrupted bps 200 (input bps to release the breakpoint)
bpv/bpm HTTP method only interrupts HTTP method commands, HTTP methods such as POST, GET bpv get (input bpv to release the breakpoint)
g/go All release all interrupted requests g
5. The use of charles
1. proxy >> proxy settings >> enable transparent HTTP proxying
2. proxy >> proxy settings >> windows >> enable windows proxy
3. proxy >> SSL proxy settings >> enable SSL proxying, and add, host: *, port: 443
4. Install certificate, help >> SSL proxying > > install charles root certificate
5, filter, proxy >> recording settings
6, breakpoint, proxy >> breaking settings
7, simulate slow network speed state
8, map
9, rewrite
first is to access the packet capture tool through proxy settings and browsers.
Access: Browser >> Packet Capture Tool >> Server
Response : Server >> Packet Capture Tool >> Browser
1. Capture packets of http data. The protocol itself is transmitted in plain text, so directly forward
2. Capture packets of https data. The protocol itself is encrypted in the process of transmission and cannot be parsed.
2.1 Packet capture tool For the browser, it simulates the server and uses the certificate of the
packet capture tool for encryption. 2.2 For the server, the packet capture tool simulates the client (browse server), use the server's certificate for encryption
PS: packet capture tool, listen to a specific port (ip:port, 192.168.0.108:8888) of a specific machine, any third-party device can access this proxy, and set the connection proxy
II . The role of the packet capture tool
1. Can monitor data
2. Can correctly parse and display data
3. Can filter data
4. Can find specific data
5. Can manually simulate sending data
6. Can interrupt the interaction of the browser and modify the current interaction Data
3. Preparations 1.
Install the browser, and install proxy tools 2.
Turn off all firewalls 3.
Check the IE proxy settings Root Certification Authority" 3. Three main windows
4. When capturing packets, do not take too long. Each small function block is used to capture packets once
. 5. Commonly used built-in commands and breakpoint commands
Command |Corresponding request item|Introduction|Example
Built-in command:
? All question mark followed by a string, Can you match requests that contain this string? google
> Body greater than sign followed by a number, you can match the request size, greater than this number request > 1000
< Body less than sign is the opposite of greater than sign, match the request size, smaller than this number Request <100
= Result equals sign followed by a number, can match HTTP return code =200
@ Host @ followed by Host, can match domain name @www.baidu.com
select Content-Type select followed by response type, can match the relevant type select image
cls All Clear all current requests cls
dump All Pack all requests into a saz archive and save it to the "My Documents\Fiddler2\Captures" directory to dump
start All start listening for requests start
stop All stop listening for requests stop
breakpoint command
bpafter All bpafter is followed by a string, which means to interrupt all requests containing the string bpafter baidu (input bpafter to release the breakpoint)
bpu All is similar to bpafter, except This is a request received, the interrupt response bpu baidu (input bpu to release the breakpoint)
bps Result is followed by the status, indicating that all requests with this status code are interrupted bps 200 (input bps to release the breakpoint)
bpv/bpm HTTP method only interrupts HTTP method commands, HTTP methods such as POST, GET bpv get (input bpv to release the breakpoint)
g/go All release all interrupted requests g
5. The use of charles
1. proxy >> proxy settings >> enable transparent HTTP proxying
2. proxy >> proxy settings >> windows >> enable windows proxy
3. proxy >> SSL proxy settings >> enable SSL proxying, and add, host: *, port: 443
4. Install certificate, help >> SSL proxying > > install charles root certificate
5, filter, proxy >> recording settings
6, breakpoint, proxy >> breaking settings
7, simulate slow network speed state
8, map
9, rewrite