Fiddler packet capture quick practice (produced by Xiaoqiang) notes

Foreword: Fiddler is a proxy debugging tool through the HTTP protocol, which can capture all HTTP and HTTPS requests on the local machine. Its operating mechanism is to listen to the HTTP proxy on port 8888 on the local machine

1. Basic configuration of Fiddler

Open fiddler's tools-options-connections and configure as follows
fiddler basic configuration

2. Fiddler packet filtering

Open the filters tab on the right side of fiddler and check use filters.
Insert image description here
The most commonly used one is Show only if URLcontains of request headers, followed by inputting the URL or part of the URL, indicating that only requests whose URL contains the content of the input box will be displayed.
For example, enter , click remove all, and then visit in the browser , then the package captured by fiddler will only contain the content of in the URL. as the picture shows.
Insert image description here
In addition, you can also use hosts for packet filtering.
Show only intranet hosts : Only display requests from the intranet.
Show only internet hosts : Only show requests from external networks.
Hide the following hosts : Hide requests containing the following hosts.
Show only the following hosts : Only show requests containing the following hosts.
Flag the following hosts : mark requests containing the following hosts, and mark target requests with emphasis

Note: If you need to enter multiple entries in the input box in hosts, they should be separated by semicolons.

3. How to view the response information of the request

Double-click a request in the request list on the left. In the inspectors on the right, the request-related information is displayed above and the response-related information is displayed below. as the picture shows.
Insert image description here
If the following response information is garbled, don't worry, you can click response body is encoded, click to decode. As shown in the figure.
Insert image description here
The tabs of several Views in the picture use different formats to view content.

4. Capture HTTPS requests in the Web

Configure fiddler-tools-options as follows. If a dialog box pops up, just click OK.
Insert image description here
After the configuration is complete, restart fiddler.

Note: If the request list captured on the left is full of gray requests and black requests, gray represents the cache. At this time, you need to force Ctrl+F5 to refresh the page.

5. Fiddler captures HTTP packets of mobile apps

If you want to use fiddler to capture the app package, you must ensure that the mobile phone and computer are in the same LAN.
Configure mobile phone proxy:
① Check the local computer IP.
② Enter the host name, local computer IP, and port 8888 in the proxy settings of the mobile phone WiFi settings, and save.

In this way, fiddler can capture the relevant requests of the mobile phone. Fiddler can capture packages from both Android phones and Apple phones. The operation is the same. After use, be sure to turn off the proxy on the phone, otherwise the phone may not be able to access the Internet.

6. Fiddler captures HTTPS packets of mobile apps

Open the mobile browser, enter the URL: http://computer ip:8888 , click the hyperlink of FiddlerRoot certificate at the bottom of the opened page, and then follow the link content step by step. It mainly installs a fiddler security certificate on the mobile phone. After the installation is completed, you can grab the HTTPS package. In addition, Apple phones may need to choose to trust the certificate in General-About This Mac-Certificate Trust Settings, and then restart fiddler.

7. Fiddler simulates low-speed network

Click fiddler-rules-customize rules, search for 300 in the pop-up customRules.js file, and then modify the parameters. As shown in the figure, it is a function of network delay settings.
Insert image description here
The default setting is an upload speed of 300ms per kb and a download speed of 150ms per kb. At this time, you can modify the parameter 300 or 150 according to your personal needs. For example, modify 300 to 30000, then save the file and check fiddler-rules-performance-simulate module speeds, so that the file will take effect and delay the request. limit. If you access the target webpage at this time, the webpage will load very slowly or even not be displayed. You need to uncheck it after the test is completed.

8. Fiddler tampering with data requests

Fiddler intercepts requests from the target web page and tamperes with the data before sending them.
Visit the target webpage, enter the bpu target webpage URL on the fiddler command line and press Enter, then enter the data on the target webpage to send the request. Fiddler intercepts the request, double-clicks the request, modifies the data on the request form tab, and then clicks run.
① Enter bpu in the command line and press Enter. As shown in the figure at the bottom of Fiddler, the command takes effect.
Insert image description here
The web page accessed by this URL is a login page.
Insert image description here
After entering the correct account and password, click Login as shown in the picture. It shows that the page is loading, and at the same time, fiddler indicates that it has received a message. That's right, the login request was intercepted.
Insert image description here
Insert image description here
As shown in the picture above, the red mark is the login request that has just been intercepted. Double-click to display the request. Select the webform form tab and you can clearly see the login information I submitted.
Insert image description here
At this point we modify the password and click the green button run to completion. The tampered request is sent and a response is received. As shown in the figure on the web page, it prompts that the account password is incorrect.
Insert image description here
After the test is completed, you need to exit the request packet interception mode. Just enter bpu in the command line and press Enter. After input, as shown in the figure
Insert image description here

9. Fiddler uses auto responder to replace source resources

Fiddler's auto responder is a redirection function that intercepts resources in the session and replaces them.
For example, let's replace the image display on the web page. Note that this resource is not actually replaced, but displayed as another resource. (The filter function must be turned off before using this function).
Take as an example. We want to replace the image in the red box.
Insert image description here
1. Find the image resource that needs to be replaced
and right-click the image to check. Google Chrome will easily release the image resource, or just right-click it. Click on the image to copy the image address.
Insert image description here
② Open fiddler and force refresh the page. At this time, fiddler has captured the request package of the page. Click find in fiddler, copy the image resource address and find the image request package. ③ Switch the right side of
Insert image description here
Insert image description here
fiddler to the auto responder tab. , drag the request package to the right with the left button of the mouse, and check the three ticks at the top. Click the
Insert image description here
small triangle in the bottom column, select find a file, and then select what you want to replace with on the file selection page that pops up. picture, then click once in the blank space to lock it.
Insert image description here
④Forcibly refresh the web page, and you will see that the original image resource has been replaced.
Insert image description here
At this time, when we check the image address, we will find that the source resource has not been changed, but the display has changed. It can be understood that the replacement here is a deception, but Let me show you the effect.
Insert image description here
⑤ Uncheck the request package, and the web page will return to its original appearance.
Insert image description here

Note: This operation is only valid for images without links

10. Fiddler quickly simulates mocks (I don’t know much about this, I will add more after I come into contact with interface testing)

Mock is a test stub that can simulate the response corresponding to the request according to the rules you want to set. The operation is the same as above, just replace the selected image file with a txt file of json code, and the page will display the content in the file. It is generally used more in interface testing.
Insert image description here
Insert image description here

11. Fiddler sends custom requests (more commonly used in interface testing)

Switch the fiddler tab to the Composer page. Generally, GET and POST are used, as shown in the figure. Fill in your interface address in the box, and then click execute. For example,
Insert image description here
visit , and click execute on the left. There is a 200 return, which shows a login page, which is correct.
Insert image description here

Guess you like