Table of contents
-
- 1. Basic configuration of Fiddler
- 2. Fiddler packet filtering
- 3. How to view the response information of the request
- 4. Capture HTTPS requests in the Web
- 5. Fiddler captures HTTP packets of mobile apps
- 6. Fiddler captures HTTPS packets of mobile apps
- 7. Fiddler simulates low-speed network
- 8. Fiddler tampering with data requests
- 9. Fiddler uses auto responder to replace source resources
- 10. Fiddler quickly simulates mocks (I don’t know much about this, I will add more after I come into contact with interface testing)
- 11. Fiddler sends custom requests (more commonly used in interface testing)
Foreword: Fiddler is a proxy debugging tool through the HTTP protocol, which can capture all HTTP and HTTPS requests on the local machine. Its operating mechanism is to listen to the HTTP proxy on port 8888 on the local machine 127.0.0.1.
1. Basic configuration of Fiddler
Open fiddler's tools-options-connections and configure as follows
2. Fiddler packet filtering
Open the filters tab on the right side of fiddler and check use filters.
The most commonly used one is Show only if URLcontains of request headers, followed by inputting the URL or part of the URL, indicating that only requests whose URL contains the content of the input box will be displayed.
For example, enter baidu.com , click remove all, and then visit www.baidu.com in the browser , then the package captured by fiddler will only contain the content of baidu.com in the URL. as the picture shows.
In addition, you can also use hosts for packet filtering.
Show only intranet hosts : Only display requests from the intranet.
Show only internet hosts : Only show requests from external networks.
Hide the following hosts : Hide requests containing the following hosts.
Show only the following hosts : Only show requests containing the following hosts.
Flag the following hosts : mark requests containing the following hosts, and mark target requests with emphasis
Note: If you need to enter multiple entries in the input box in hosts, they should be separated by semicolons.
3. How to view the response information of the request
Double-click a request in the request list on the left. In the inspectors on the right, the request-related information is displayed above and the response-related information is displayed below. as the picture shows.
If the following response information is garbled, don't worry, you can click response body is encoded, click to decode. As shown in the figure.
The tabs of several Views in the picture use different formats to view content.
4. Capture HTTPS requests in the Web
Configure fiddler-tools-options as follows. If a dialog box pops up, just click OK.
After the configuration is complete, restart fiddler.
Note: If the request list captured on the left is full of gray requests and black requests, gray represents the cache. At this time, you need to force Ctrl+F5 to refresh the page.
5. Fiddler captures HTTP packets of mobile apps
If you want to use fiddler to capture the app package, you must ensure that the mobile phone and computer are in the same LAN.
Configure mobile phone proxy:
① Check the local computer IP.
② Enter the host name, local computer IP, and port 8888 in the proxy settings of the mobile phone WiFi settings, and save.
In this way, fiddler can capture the relevant requests of the mobile phone. Fiddler can capture packages from both Android phones and Apple phones. The operation is the same. After use, be sure to turn off the proxy on the phone, otherwise the phone may not be able to access the Internet.
6. Fiddler captures HTTPS packets of mobile apps
Open the mobile browser, enter the URL: http://computer ip:8888 , click the hyperlink of FiddlerRoot certificate at the bottom of the opened page, and then follow the link content step by step. It mainly installs a fiddler security certificate on the mobile phone. After the installation is completed, you can grab the HTTPS package. In addition, Apple phones may need to choose to trust the certificate in General-About This Mac-Certificate Trust Settings, and then restart fiddler.
7. Fiddler simulates low-speed network
Click fiddler-rules-customize rules, search for 300 in the pop-up customRules.js file, and then modify the parameters. As shown in the figure, it is a function of network delay settings.
The default setting is an upload speed of 300ms per kb and a download speed of 150ms per kb. At this time, you can modify the parameter 300 or 150 according to your personal needs. For example, modify 300 to 30000, then save the file and check fiddler-rules-performance-simulate module speeds, so that the file will take effect and delay the request. limit. If you access the target webpage at this time, the webpage will load very slowly or even not be displayed. You need to uncheck it after the test is completed.
8. Fiddler tampering with data requests
Fiddler intercepts requests from the target web page and tamperes with the data before sending them.
Visit the target webpage, enter the bpu target webpage URL on the fiddler command line and press Enter, then enter the data on the target webpage to send the request. Fiddler intercepts the request, double-clicks the request, modifies the data on the request form tab, and then clicks run.
Example:
① Enter bpu https://home.51cto.com/index in the command line and press Enter. As shown in the figure at the bottom of Fiddler, the command takes effect.
The web page accessed by this URL is a login page.
After entering the correct account and password, click Login as shown in the picture. It shows that the page is loading, and at the same time, fiddler indicates that it has received a message. That's right, the login request was intercepted.
As shown in the picture above, the red mark is the login request that has just been intercepted. Double-click to display the request. Select the webform form tab and you can clearly see the login information I submitted.
At this point we modify the password and click the green button run to completion. The tampered request is sent and a response is received. As shown in the figure on the web page, it prompts that the account password is incorrect.
After the test is completed, you need to exit the request packet interception mode. Just enter bpu in the command line and press Enter. After input, as shown in the figure
9. Fiddler uses auto responder to replace source resources
Fiddler's auto responder is a redirection function that intercepts resources in the session and replaces them.
For example, let's replace the image display on the web page. Note that this resource is not actually replaced, but displayed as another resource. (The filter function must be turned off before using this function).
Take http://xqtesting.sxl.cn/ as an example. We want to replace the image in the red box.
1. Find the image resource that needs to be replaced
and right-click the image to check. Google Chrome will easily release the image resource, or just right-click it. Click on the image to copy the image address.
② Open fiddler and force refresh the page. At this time, fiddler has captured the request package of the page. Click find in fiddler, copy the image resource address and find the image request package. ③ Switch the right side of
fiddler to the auto responder tab. , drag the request package to the right with the left button of the mouse, and check the three ticks at the top. Click the
small triangle in the bottom column, select find a file, and then select what you want to replace with on the file selection page that pops up. picture, then click once in the blank space to lock it.
④Forcibly refresh the web page, and you will see that the original image resource has been replaced.
At this time, when we check the image address, we will find that the source resource has not been changed, but the display has changed. It can be understood that the replacement here is a deception, but Let me show you the effect.
⑤ Uncheck the request package, and the web page will return to its original appearance.
Note: This operation is only valid for images without links
10. Fiddler quickly simulates mocks (I don’t know much about this, I will add more after I come into contact with interface testing)
Mock is a test stub that can simulate the response corresponding to the request according to the rules you want to set. The operation is the same as above, just replace the selected image file with a txt file of json code, and the page will display the content in the file. It is generally used more in interface testing.
11. Fiddler sends custom requests (more commonly used in interface testing)
Switch the fiddler tab to the Composer page. Generally, GET and POST are used, as shown in the figure. Fill in your interface address in the box, and then click execute. For example,
visit dev.intersky.com.cn , and click execute on the left. There is a 200 return, which shows a login page, which is correct.