1. The difference between Fiddler and other packet capture tools
1. Although Firebug can capture packets, it is not powerful enough to analyze the detailed information of http requests. The function of simulating http requests is not enough, and firebug often requires "no refresh modification". If the page is refreshed, all modifications will not be saved;
2. Wireshark is a general packet capture tool that can obtain HTTP and HTTPS, but cannot decrypt HTTPS, so wireshark cannot understand the content in HTTPS, but if it is TCP or UDP protocol, wireshark can be used;
3. Httpwatch is also a commonly used http packet capture tool, but it only supports IE and firefox browsers (other browsers may have corresponding plug-ins);
And Fiddler is an HTTP proxy using the local 127.0.0.1:8888, any browser and application that can set the HTTP proxy to 127.0.0.1:8888 can use Fiddler.
Second, the working principle of Fiddler
Fiddler is an HTTP proxy located on the client and server sides, and it is also one of the most commonly used http packet capture tools. It can record all HTTP requests between the client and the server, analyze request data, set breakpoints, debug web applications, modify requested data, and even modify data returned by the server for specific HTTP requests.
Since it is a proxy, that is to say: all requests from the client must first pass through Fiddler and then forwarded to the corresponding server. Conversely, all responses from the server will first pass through Fiddler and then sent to the client, so the web client and server The request looks like this:
Note: If you use Fiddler, you need to set the browser's proxy address before you can capture the browser's data packets. What's very convenient is that after you start the tool, it will automatically set the browser proxy for you , and when it is closed, it will restore the browser proxy. Of course, if you find that the browser proxy is not automatically set, you have to go to the browser to set the proxy by yourself. (You can set the proxy for each browser on Baidu yourself), anyway, you must set the corresponding proxy, otherwise fiddler will not be able to capture the HTTP request.
Three, Fiddler user interface introduction
1. The main interface is as shown in the figure:
2. The meanings of the fields and icons on the left web session panel are as follows:
3. On the right is the details and data statistics panel
1) Statistics about the performance of HTTP requests (such as the number of bytes sent/received, sending/receiving time, and rough statistics of the time it takes to access the server around the world) and data analysis. as the picture shows:
2) Inspectors are used to view the content of the session. The upper part is the content of the request, and the lower part is the content of the response. It provides headers, textview, hexview, Raw and other ways to view the request message information of a single http request. as the picture shows:
3) AutoResponder can be used to intercept a request, that is, to redirect to local resources or Fiddler resources according to the specified rules added by oneself, so as to replace the server response.
Example: Bind the keyword "baidu" to a picture on the local computer, and then access the address with the keyword "baidu", it will be hijacked. The specific steps are shown in the figure:
After enabling the rules (check enable rules), enter pan.baidu.com in the browser, you will find that it has been hijacked, and the bound local picture is displayed instead of the page of pan.baidu.com
4) Composer customizes the request sending server. In Parsed mode, you only need to provide a simple URLS address, as shown in the figure
5) Filters are filter rules. By setting filter rules to filter the required http requests, as shown in the figure, check Use Filters in the upper left corner to open the filter:
And here are the two most commonly used filter conditions: Zone and Host
a.Zone specifies that only the content of the intranet (Intranet) or the Internet (Internet) will be displayed, as shown in the figure:
b. Host specifies to display sessions under a certain domain name, as shown in the figure, if the box is yellow, it means that the modification has not taken effect, just click the text in the red circle:
6) timeline request response time, click one or more requests in the left session window, and Timeline will display the time for the specified content to be transmitted from the server to the client, as shown in the figure:
4. Introduction to other functions of Fiddler
1. Fiddler settings to decrypt HTTPS network data
Fiddler can fool browsers and servers by forging CA certificates. The general principle is that Fiddler pretends to be an HTTPS server in front of the browser, and Fiddler pretends to be a browser in front of the real HTTPS server, so as to achieve the purpose of decrypting HTTPS packets.
Decrypting HTTPS needs to be manually enabled, click in turn: Tools –> Fiddler Options –> HTTPS -> check Decrypt HTTPS traffic -> click Yes, select Yes in the pop-up dialog box, as shown in the figure
2. Fiddler built-in commands and breakpoints
The Fiddler breakpoint function is to intercept the request, directly click the icon position of Fiddler below, you can set the breakpoint of all requests, or you can enter the breakpoint command in the command bar to intercept, as shown in the figure,
The breakpoint commands can precisely set those requests that need to be intercepted, as shown in the following table:
Note: 1. For example, the method of using the bpafter breakpoint command is: bpafter followed by a string -> means to interrupt all requests containing the string; bpafter -> means to release the interrupt breakpoint just now;
3. Modify the content of the form after interrupting the session
I don’t know why the session of the login interface cannot be captured (except for the blog garden website, the session of many other websites cannot be captured -> solution: set it according to the steps written in the above "Fiddler settings to decrypt HTTPS network data"), So the following example is from a small tank, and the detailed blog address is posted in the text of the picture.
Look at an example, simulate the login of the blog garden, open the login page of the blog garden in IE, enter the wrong username and password, interrupt the session with Fiddler, and change it to the correct username and password. This will allow you to log in successfully:
1. Use IE to open the login interface of the blog garden http://passport.cnblogs.com/login.aspx
2. Open Fiddler, enter bpu http://passport.cnblogs.com/login.aspx in the command line
3. Enter the wrong user name and password, click Login
4. Fiddler can interrupt this session, select the interrupted session, click the WebForms tab under the Inspectors tab to change the username and password, and then click Run to Completion as shown in Figure 14.
5. The result is that the blog garden is correctly logged in (of course, the Response can also be modified in Fiddler)
4. Session comparison function in Fiddler
Select 2 sessions, right-click and click Compare, you can use WinDiff to compare the differences between the two sessions (Note: WinDiff needs to be installed, you can install it yourself on Baidu, and the installation steps will not be elaborated here), as shown in the figure
5. Coding tools provided in Fiddler
Click TextWizard on the Fiddler toolbar, this tool can Encode and Decode string, as shown in Figure 16
6. Query session in Fiddler
Edit->Find Sessions (or Ctrl+F) opens the Find Sessions dialog box, enter keywords to query the session you want. The queried sessions will be displayed in yellow, as shown in Figure 17
7. Save session in Fiddler
Sometimes we need to save the session so that it can be sent to others or analyzed later. The steps to save a session are as follows: File->Save->Selected Sessions
8. The script system in Fiddler
First install the SyntaxView plug-in, Inspectors tab->Get SyntaxView tab->Download and Install SyntaxView Now... as shown
After the installation is successful, Fiddler will have a Fiddler Script tab, as shown in the figure:
We can write scripts in it, see an example to make all cnblogs sessions red.
Put this script under the OnBeforeRequest(oSession: Session) method and click "Save script"
if (oSession.HostnameIs("www.cnblogs.com")) {
oSession["ui-color"] = "red";
}In this way, all cnblogs sessions will be displayed in red.
9. How to use Fiddler when VS debugs the website
When we use visual stuido to develop ASP.NET websites, we also need to use Fiddler to analyze HTTP. By default, Fiddler cannot sniff localhost websites. But as long as you add a dot after localhost, Fiddler can sniff it.
For example: the original ASP.NET address is http://localhost:9999/Default.aspx, after adding a dot, it becomes http://localhost.:9999/Default.aspx.
The detailed introduction of Fiddler is here, and other data capture analysis and mobile phone packet capture analysis will be operated next time.