P1 packet capture tool
01. Fidder
First of all, the first Fiddler has the advantage of running independently. The second one supports mobile devices (whether it can capture mobile APP packages). In this area, wireshark and httpwatch do not support it, so in this area, the first one can be eliminated. , because sometimes when we go for testing, in addition to testing the web side, we will also test the app side, which is something we often do in the enterprise.
fidder certificate export:
02. Charles
Compared with fiddler, the biggest advantage of charles is that it is cross-platform. It can support Windows, MacOs, ios, and Android. In addition, Charles also has the following advantages: it supports viewing messages by domain name and interface; it supports reverse proxy network speed limit; it can select the network type; it can parse the AMF protocol.
Charles certificate export:
03. Burpsuit
Burp Suite Professional is the toolkit of choice for network security testers. Use it to automate repetitive testing tasks, then dig deeper with its expertly designed manual and semi-automatic security testing tools. Burp Suite Professional can help you test the OWASP top ten vulnerabilities, as well as the latest hacking techniques.
Burpsuit certificate export:
P2 forwarding tool Proxifier
Proxifier is a very powerful socks5 client that allows network programs that do not support working through proxy servers to use HTTPS or SOCKS proxies or proxy chains. Proxifier supports filtering based on process, IP, domain name and port.
For example: you want to use Burpsuit to capture the data packets of the WeChat application. Since Burpsuit must set up a proxy to capture packets, but WeChat does not support proxies, set the proxy for the WeChat application at 127.0.0.1:8080 through Proxifier. Burpsuit does the same. Set up a proxy for 127.0.0.1:8080 so that data can be forwarded to Burpsuit
P3 packet capture application
01. Certificate installation
By default, the packet capture tool only captures data packets of the http protocol, so capturing https data packets requires installing certificate
001. Browser installation certificate
settings->Search for certificates->Security->Manage device certificates->Intermediate certificate authority- >Import->Select the certificate file and confirm.
002. Emulator installation certificate
settings->WLAN->Long press the network icon with the left mouse button->Modify the network
02. Browser capture packets
Local browser packet capture.
The browser can capture packets directly using fiddler and charles. If you use Burpsuit to capture packets, you need to set up the proxy
fiddler:
charles:
Burpsuit:
001 to enable proxy
002. Burpsuit to enable proxy
simulator browser packet capture: the simulator needs to be configured in advance. Proxy, take fiddle as an example
to enable the proxy in the simulator:
fiddle:
03 APP application packet capture
The APP application packet capture in the simulator is the same as the simulator's browser. You need to configure the simulator's proxy
fiddler in advance:
charles:
Burpsuit:
04. PC application packet capture
is used to run the application locally. The proxy option is not configured. Burp packet capture forwarding linkage
001 Charels+Burpsuit
002 Proxifier+Burpsuit
003 System Agent
Just open the agent of the local computer
05. Mini program application packet capture ( mini program application packet capture is basically the same as PC application packet capture)
WeChat applet is run locally, no proxy option is configured, burp packet capture forwarding linkage
001 Charels+Burpsuit
002 Proxifier+Burpsuit
003 System proxy settings
p4 Summary
The above content is the general idea of using Fiddler, Charles, and Burp to capture packets from browsers, APPs, PC applications, and mini programs. You can see that data packets can be captured, but the captured data must be combined with web pages/mini programs/ The correspondence between mobile APP/PC application pages requires careful analysis and comparison.