HTTP
Since the HTTP request is not encrypted, nor do any validation, so the packet capture tool directly forwards the request to.
HTTPS
So when Ethereal packet capture tool HTTPS requests, will be disguised.
First packet capture tool with its own certificate to the client disguised as a server, and then disguised as a client when sending requests to the server.
In order to achieve crawl and forwarding data.
Fiddler
The official website to download and install:
https://www.telerik.com/fiddler
Which it can be said at present the most comprehensive and powerful capture tool is the fiddler, and is not too cumbersome to use.
Fiddler official website has also provided very detailed documentation and tutorials, if you encounter problems when used, can have direct access to the document's official website.
There are also said to do anything just to verify, the packet capture tool crawl HTTPS packet forwarding time with direct HTTP is different. So we need to configure a certificate for HTTPS.
After opening the selected HTTPS, check this option and then check the two options that appear below. Then the final pop-up window, choose yes.
02 use packet capture tools
toolbar
1. # : serial number of the Session
2. the Result : status code in response to the request
3. Protocol : protocol type requested
4. Host : Domain Name
5. The the URL : URL request
6. The Body : The size of the response
7. Caching : Cache mode
8. The the Content the Type- Data type of response:
9. Process : the process of initiating the request
10. Comments : Comment
1. Add a comment to session
2. Replay : The target session resend
3. Delete session
4. breakpoints session resumes
5. The the Decode : decoding the transmission data into an easily readable format
6. the Find : Find session
7. the Save * *: ** The session costs to save the file
8. the Clear Cache : Clear Cache
Session window
1. # : serial number of the Session
2. the Result : status code in response to the request
3. Protocol : protocol type requested
4. Host : Domain Name
5. The the URL : URL request
6. The Body : The size of the response
7. Caching : Cache mode
8. The the Content the Type- Data type of response:
9. Process : the process of initiating the request
10. Comments : Comment
At the same time, each session has a different color, different colors represent different session types.
Inspectors标签页
请求数据窗口
1.Headers:报头
2.TextView:查看文本数据
3.Syntax:根据语法格式查看
4.WebForms:Web表单
5.HexView:查看十六进制数据
6.Cookies:查看请求的Cookies
7.Json:查看json格式数据
响应数据窗口
1.Transformer:解压方式
2.Headers:报头
3.TextView:查看文本数据
4.Syntax:根据语法格式查看
5.ImageView:查看图片
6.WebForms:Web表单
7.HexView:查看十六进制数据
8.Cookies:查看响应设置的Cookies
9.Json:查看json格式数据
03 查找过滤**Session**
Filters选项卡
我们在抓包的时候常常会遇到非常杂乱的请求,而我们需要去分析的往往只是其中很小的一部分,那么我们就需要从许多请求中过滤出我们需要的那些请求。
1.是否使用Filters。
2.Filters的规则是可以保存和加载的,也就是我们可以把规则保存下来以后再用。
3.根据Host域名来进行筛选。
4.根据客户端的进程来进行筛选。
5.根据请求的Headers来进行筛选。
6.断点:Fiddler的断点功能能够让请求在发送后,或者是在返回时暂停,这时候就能够对请求和响应进行相应的修改。
7.根据响应的状态码筛选。
8.根据响应的类型和大小来进行筛选。
9.根据响应的Headers来进行筛选。
Find查找
使用快捷键ctrl+f或者在工具栏中选择find来打开查找窗口,查找窗口可以从所有session中搜索到我们想要的session
1.文本输入框。
2.可以选择搜索的范围,限定在仅Requests或者response中,也可以选择限定在headers或bodies中。
3.是否区分大小写。
4.是否用正则表达式来搜索。
5.仅仅搜索被选中的session。
6.将搜索到的结果高亮,可以选择颜色。
命令行查找
在Fiddler中同样也是可以使用命令行来进行搜索的,在图中的黑框中输入命令即可。
1.select命令:搜索相应类型的session,也就是content-type。
2.?命令:根据URL来进行搜索。
3.=命令:根据状态码来进行搜索。
4.@命令:仅根据域名进行搜索。
04 断点
设置断点是Fiddler最强大的功能之一,在设置好断点后,Fiddler会捕捉所有经过的消息,我们可以任意修改HTTP请求信息,包括Host、Cookies或表单的数据。可以设置断点修改request,也可以设置断点修改response。
断点方式有两种,一种是通过菜单栏设置全局的断点,一种是通过命令行设置指定的断点
全局断点
在菜单栏中选择Rules
Automatic Breakpoints,即可选择断点方式。有两个选择,分别是在请求往服务器发送的时候暂停,和在响应返回到客户端的时候暂停。
指定断点
指定断点需要输入指定的命令来进行断点:
1.bpu(breakpointurl):在指定网页发起请求后暂停。如:bpu www.baidu.com
2.bpafter(breakpointafter):在指定网页返回响应时暂停。
3.bpm(breakpointmethod):中断指定请求方式的请求。如:bpm get
4.bps(breakpointstatus):中断指定状态码的session。如:bps 200