foreword
Today I want to talk to you about fiddler capture, let's start without talking nonsense.
1. The role and common usage scenarios of the Fiddler tool
Fiddler is a common packet capture analysis tool that can analyze HTTP requests in detail and simulate corresponding HTTP requests
effect:
1) View the local IP
2) Simulate speed limit operation
3) Tampering with data
4) Redirect function
5) Send a custom request to simulate a small interface test
6) App capture package
Common scenarios:
1) Check the local IP
2) Assist in locating bugs--capture protocol packets, joint debugging of front and back ends
3) APP weak network simulation test - weak network, broken network, 404, 502, timeout
4) Front-end performance analysis and optimization
5) API interface test
6) Construct a simulation test scenario - data tampering, redirection
①Analysis request
>>> Parsing http request status, request header, request body, return header, return body, etc.
②Modify request return data
>>>Set a breakpoint to modify the sent request data, or modify the data returned by the request
③ Redirect request
>>>Replace remote files, debug online js/css files
④ Construction request
>>>Construct request to send data, test website security
2. What is the working principle of the Fiddler tool?
1. All Requests and Responses between the local application and the server will pass through Fiddler and be forwarded by Fiddler. At this time, Fiddler exists as a proxy server.
2. Since all network data will pass through Fiddler, Fiddler can intercept these data and realize packet capture of network data
3. See the picture description for details
First, fiddler intercepts the HTTPS request sent by the client browser to the server, and the handshake has not yet been established.
In the first step, fiddler sends a request to the server for a handshake, obtains the server's CA certificate, decrypts it with the root certificate public key, verifies the server data signature, and obtains the server CA certificate public key.
In the second step, fiddler forges its own CA certificate, pretends to be the server certificate and passes it to the client browser, and the client browser does the same thing as fiddler.
In the third step, the client browser generates a symmetric key for HTTPS communication, encrypts it with the certificate public key forged by fiddler, and transmits it to the server, which is intercepted by fiddler.
In the fourth step, fiddler decrypts the intercepted ciphertext with the private key of the forged certificate to obtain the symmetric key for https communication.
In the fifth step, fiddler encrypts the symmetric key with the public key of the server certificate and sends it to the server. After the server uses the private key to unlock it, trust is established, the handshake is completed, the message is encrypted with the symmetric key, and communication begins.
In the sixth step, fiddler receives the ciphertext sent by the server, decrypts it with the symmetric key, and obtains the plaintext sent by the server. Encrypt it again and send it to the client browser.
In the seventh step, the client sends a message to the server, encrypts it with a symmetric key, and after being intercepted by the fidller, decrypts it to obtain the plaintext.
Since fiddler always has a symmetric key for communication, the information is transparent to it during the entire https communication process.
3. Fiddler captures HTTPS packages
Take the chrome browser tool as an example, there may be some differences between different browsers
1. Set up the fiddler tool
2. Trust certificate
1. Set up the fiddler tool
2. Trust certificate
Click Yes all the way to complete the trust of the certificate. View the certificate and find DO_NOT_TRUST_FiddlerRoot, which means success.
Visit the https://www.baidu.com website and check whether there are relevant records in fiddler
4. Want to grab some specific page-related requests
Because the fiddler tool grabs all http requests, such as visiting Baidu/NetEase/Tencent webpages respectively, but only want to display Baidu's related requests on the tool?
Set filter:
5. The use of some quick commands, cls/select/?, etc.
1) Command input location:
2) command type
① ? String , such as ? sometext . When you type some string, such as sometext, Fiddler will highlight requests that contain sometext in the URL where the session is located. Pressing Enter at this point will highlight all matching sessions
② <size , such as <50k. Select a session whose request response size is less than size bytes
③ >size , such as >50k. Select a session whose request response size is greater than size bytes
④ =status , =method , such as =200, =301 (redirection response) or =post. Select a session with response status=status or request method=method
⑤ @host , such as @baidu.com. Select the session whose domain name contains host in the session, and press Enter to highlight all matching results
⑥ bold , such as: pre-set session bold: mark any subsequent request that the URL contains the target string
⑦ cls or clear r, clear the session list
⑧ g or go , restore all sessions with breakpoints set
⑨ quit , exit Fiddler
⑩ bpafter+domain name , such as bpafter baidu (enter bpafter to release the breakpoint). Set to interrupt any response that contains the specified string in the RequestURI
>>>tip: Enter bpafter again to cancel the setting
⑪ bpu , such as: bpu baidu (enter bpu to release the breakpoint). Create a request breakpoint on a URI containing the specified string. Setting this command will clear any previous value for the command, calling it with no arguments disables breakpoints
That's all for today's sharing. If you like it, you can give me a little attention.