Introduction : After Fiddler was updated to version 5.0 today, Xiao Chief inadvertently moved to the "Fiddler Orchestra" tab. The little chief who loves to toss quickly links to the official user guide to see what it is and what new functions it has implemented. The following is a pre-translated version made by Xiao Chief after reading it.
This is a guide to understanding and setting up Fiddler Orchestra, a new flavor of the Fiddler Web debugger (foreigners really know how to play, the word flavor is used well!). Note that this guide is accurate as of Fiddler 5.0.
If you want to learn the Fiddler packet capture tool, here I recommend a set of videos for you. This video can be said to be the No. 1 Fiddler packet capture tool tutorial on the Internet at station B. At the same time, the number of online users reaches 1,000, and there are notes available. Receipt and technical exchanges with various great gods : click on the card at the bottom of the article'
https://www.bilibili.com/video/BV14g4y1H7vv/?spm_id_from=333.999.0.0What is Fiddler Orchestra?
Fiddler Orchestra is a new flavor of the world famous Fiddler web debugger that provides remote debugging and web UI. Learn more about Fiddler Orchestra .
Fiddler Orchestra structure overview
Fiddler Orchestra involves two roles - Controller (Controller) and Client (Client). The controller collects data and controls any client. Clients report data and receive commands to any number of controllers. Only the controller keeps the port open and accepts incoming connections from clients. All client-controller communications are encrypted.
Fiddler Orchestra first version
The first release of Fiddler Orchestra is wrapped in (WinForms) Fiddler 5.0, consisting of Fiddler Orchestra .NET Core Clients and Fiddler Orchestra Controller in Fiddler 5.0. The .NET Core client can run on MAC, Linux and Windows.
In the first version, Orchestra Controller can only collect data in the first version. It lacks any client-side control features. .NET Core clients can only connect to a single controller in this release.
Requires (since Fiddler 5.0)
Fiddler Orchestra runs on multiple platforms, but most of its code is platform agnostic. That is, the same code will run on all platforms with very minor changes. That being the case, the core of Fiddler Orchestra is compiled to .NET Standard 2.0 assemblies. Therefore, Fiddler Orchestra clients and controllers can only run on frameworks that support at least .NET Standard 2.0. At the time of writing these are:
-
.NET Framework 4.6.1
-
.NET Core 2.0
-
Xamarin.iOS 10.14
-
Xamarin.Android 7.5
As of this writing, only WinForms Fiddler can be an Orchestra controller. However, this feature is only available on machines with .NET 4.6.1 or later installed.
Install
There are two steps to establishing a connection between the Fiddler Orchestra .NET Core Client and the WinForms Fiddler Orchestra Controller (the only Orchestra Controller available at the time of writing). Essentially, the controller must be set up to accept connections first (i.e. start the Controller first) before setting up the client to connect to the controller.
Setting up the WinForms Fiddler Orchestra controller
In WinForms Fiddler 5.0, there is a new Fiddler Orchestra tab:
This is the starting point for Orchestra controller configuration. It only requires a port and a private key to start a controller. This port must be open for external connections so Orchestra clients can connect. The private key is used to encrypt communication with the client. Clients must have the same private key to connect to this controller. Private keys can only be regenerated when the controller is stopped.
Setup .NET Core Fiddler Orchestra client (on MAC, Linux, Windows, etc.)
background
The .NET Core Fiddler Orchestra Client has full Fiddler functionality built-in. Unfortunately, at the time of writing this is all hidden behind a very limited web UI which only allows setting up Fiddler to capture traffic and establish connections to the Fiddler Orchestra controller.
The .NET Core Fiddler Orchestra client acts as a proxy by acting as a proxy, much like the good old WinForms Fiddler. However, WinForms Fiddler hides this proxy behavior by automatically setting itself as a system proxy when Windows starts, i.e. users not only don't have to perform any manual proxy setup, but may not even realize that Fiddler is acting as a proxy.
As of this writing, Fiddler Orchestra Client does not have an automatic proxy setting feature. Therefore, the user must be responsible for the proxy settings, i.e. the user must manually change the settings of the browser or any other application to point to the Fiddler Orchestra client proxy on startup, and then restore the settings on exit. In a future release of Fiddler Orchestra, users will be able to provide a script to do this, which will be executed automatically on startup.
Install
The .NET Core Fiddler Orchestra client binaries are from WinForms Fiddler 5.0. A handy shortcut is available on the Fiddler Orchestra tab in Fiddler 5.0, as shown below.
As of this writing, the .NET Core Fiddler Orchestra Client is a normal ASP .NET Core application. So, its startup is simple:
At this point, the web UI is up and running on http://localhost:8800, and any HTTP/HTTPS proxy/reverse proxy combination can be started to capture traffic. A connection to the Fiddler Orchestra Controller can also be established, and any traffic passing through any proxy will be reported to the connected Controller.
Below is a more detailed view of the proxy and Orchestra connection configuration.
proxy page
The home page is the HTTP/HTTPS proxy settings page.
The proxy settings are the same as in WinForms Fiddler.
Decrypt HTTPS can implement MITM HTTPS traffic decryption through proxy. After mentioning MITM, it's worth mentioning that HTTPS traffic decryption will not work unless an HTTPS root certificate has been created or uploaded via the HTTPS Root Certificates tab.
Unless "Allow remote clients to connect" is checked, the proxy server will only accept connections from computers that are running.
Use upstream gateway: Specify an upstream gateway to allow all outgoing traffic to pass through another proxy.
HTTP reverse proxy page
A reverse proxy allows to intercept incoming traffic of a running machine. A reverse proxy is often used to intercept incoming traffic to web servers, web services, etc.
A reverse proxy positions itself between a web server/web service and its clients. So, all requests will first go to the reverse proxy, which redirects them to the actual recipient.
The Listening Port setting specifies the port on which the reverse proxy will expect incoming traffic to arrive. The "Host Listening Port" setting specifies the port on which the origin web server/web service listens. The reverse proxy will redirect any traffic received on the "Listen on port" to the "Host listen on port".
Unless "Allow remote clients to connect" is checked, the proxy server will only accept connections from computers that are running. Since this is rarely useful in a reverse proxy setup, this option is selected by default.
HTTPS reverse proxy
An HTTPS reverse proxy follows the same logic as an HTTP reverse proxy. The only setting added is the hostname. A certificate under that hostname will be generated and signed with the root certificate provided/generated in the HTTPS Root Certificates tab. This certificate will be used by the HTTPS reverse proxy to encrypt responses to incoming requests.
Therefore, clients sending requests should trust the root certificate provided/generated in the HTTPS Root Certificates tab. It is technically possible for the actual certificate used by the proxy server/web service to be used by the reverse proxy, but not yet implemented at the time of writing this feature.
HTTPS root certificate
The presence of an HTTPS root certificate is a prerequisite for running an HTTPS (reverse) proxy. Existing certificates can be uploaded or new certificates can be generated.
The generated certificate file may be password protected. You can also add an alias to the generated certificate.
Orchestra connection
The Orchestra Connection tab allows establishing a connection to the Fiddler Orchestra controller. The controller should run before trying to connect.
Connection setup is simple. The IP address and port of the controller are required. The Controller is set up to encrypt traffic using a specific private key. The private key should also be provided (can be copied from the WinForms Fiddler Orchestra Controller settings tab).
Finally, filtering Fiddler Orchestra configuration traffic will prevent Fiddler Orchestra web client traffic from being sent to the controller and displayed there.