iddler packet capture tool very frequently used in the development process APP, problem analysis principles and positioning aspects of the HTTP network transport network for developers to understand very helpful. Today, take some time out to summarize the Fiddler application in the actual development process.
I used in the development of the relatively large number of packet capture tools are MiniSniffer, Fiddler and Wireshark. Wherein MiniSniffer is a compact of the old network capture tool, sniffing, various programs, data capture network connection open. Wireshark is a very popular, very powerful web data analysis tools, network packet can display detailed information, you need to have some knowledge of network protocols is rather easy to understand Wireshark. Fiddler is a positioning tool http / https debugging can record all http and https requests the client and server, allowing you to monitor, set breakpoints, and even modify the input and output data. If you usually only involved in the development process http / https upper-layer network protocols, use Fiddler enough, here summarize the main use under the Fiddler.
Contents of this paper involved are:
- Fiddler Overview
- Fiddler works
- Fiddler crawl Https messages principle
- Fiddler base configuration
- Fiddler gripping mounting configuration Https
- FiddlerCertMaker plug-in installation
- End mobile phones Certificate Installation
I. Overview
Fiddler is a free and powerful packet capture software. It gets its data communications through a proxy program http way, it can interact with their situation and to detect web server, capable of recording all http requests between clients and servers, monitor support, set breakpoints, and even modify data input and output functions. fiddler includes a powerful event-based scripting subsystem, and can use .net framework language extensions.
Two, Fiddler works
Fiddler HTTP proxy is located between the client and the server side, it is possible to record all HTTP (S) requests between client and server, for a particular HTTP (S) requests, analyzing data transmitted over the network, may also be provided breakpoint modification request data and the data returned by the server.
Fiddler establishing a proxy server between the browser and the server, the application layer Fiddler work of seven, capable of capturing HTTP (S) requests through. After the start Fiddler proxy settings automatically cost machine, the default port is 8888. Fiddler recording not only a network PC browser request data, can also be recorded HTTP (S) of other network devices in the same requested data. Data transfer process is as follows: 
1) the client sends a HTTP (S) is requested, the request will go through the proxy server Proxy Fiddler like WEB server.
2) Fiddler proxy server intercepts the request packet client, and then forwarded to the WEB server, can do some request message before forwarding the modified operating parameter.
After. 3) WEB server processes the request sends a response, Fiddler proxy server intercepts WEB server response packet.
4) Fiddler processed after the response packet back to the client.
Three, Fiddler crawling HTTPS principle
Now APP in data transmission basically use HTTS transmission, data transmission is encrypted, which increases the difficulty we analyze the data packets, in addition to better Fiddler HTTP packets can crawl, you can also grab HTTPS packets . Need to do some special configuration is required due to the HTTPS transport to the CA certificate, so crawl crawling HTTPS packets. Fiddler to intercept HTTPS packet process is as follows: 
1) The client requests to establish links HTTPS encryption protocol sends the client a list of supported versions and other information to the server.
2) Fiddler accept client requests sent by the client and disguised as the same request to the WEB server.
3) After the WEB server receives a request Fiddler screened suitable encryption protocol from the request. And returns the server CA certificate, certificate including public key information.
4) Fiddler received a response after saving the server certificate WEB server and a self-signed CA certificate, disguised as a server, the certificate issued to the client under.
5) client authentication certificate legitimacy. (Fiddler able to crawl HTTPS packets key to this step)
6) producing symmetric key client, sent to the server via a public key encryption certificate.
After 7) Fiddler intercepting client requests, using the private key to decrypt the message, symmetric encryption keys acquired, and sent to the WEB server in the server certificate using the public key encryption with the symmetric key. In this case the symmetric key has been leaked, after the secret key data of the client and server side interface transmission can be used.
After 8) WEB server receives the encrypted sent by the client to decrypt the symmetric key using the private key, and the encrypted symmetric key test data to the client.
9) Fiddler obtained using a symmetric key to decrypt the packet front.
10) The client authentication data is correct after the HTTPS connection is established, the client begins sending encrypted using the symmetric key data to the service server
11) Fiddler using the symmetric key to decrypt data sent by the client and re-encrypt the acquired preceding forwarded to the client.
Four, Fiddler configuration process
1. Download and install
a) can go to the official website to download Fiddler free installation package: https://www.telerik.com/fiddler . Because of the need to use plug-ins FiddlerCertMaker capture HTPPS old version of Fiddler, so here I packed a compressed package that contains fiddler and FiddlerCertMaker, you can click here to download. 
b) Click Fiddler installation file (I use the demo here Fiddler5.0 version) is installed Fiddler.
2. Fiddler basic configuration
If you just need to listen to the native browser HTTP packet then need to do any additional configuration, open Fiddler can be used directly. Generally, we need to listen to the remote terminal equipment network requests, need to do the following configuration. Open Fiddler, select Tools-> Options-> Connections in the menu bar. Enter the listening port (default is 8888), select Allow remotecomputers to connect, and then click OK to restart Fiddler. 
Since we need to monitor network requests the mobile phone side, it is also necessary to set up the mobile phone side. First make sure the mobile phone network and install Fiddler computer networks in the same wifi network. Fiddler can click on the upper right corner of the main interface of the "Online" button to see Fiddler host the host name and IP address, you need to configure the IP address of the phone network.
打开手机网络设置,选择跟Fiddler主机在统一网络,打开wifi设置界面,进入wifi的高级设置(不同手机设置不一样,有一些手机长按选中的wifi名称可以出来,有一些手机是点击wifi名称后面的按钮,自己尝试)。Fiddler本身就是代理服务器,在wifi高级设置中的代理栏下面选择手动设置,设置输入Fiddler主机的IP地址(上一步显示的IP)和监听端口号(前面默认8888那个),点击确认。
这些配置按成以后,你在APP中打开有网络请求的操作,即可在Fiddler中看到。
在右边的Inspectors窗口中可以看到这个请求的请求报文和响应报文信息。
以上配置只能监听到HTTP报文,对于HTTPS报文无法显示内容,还需要做其他配置。
3. Fiddler抓包HTTPS
前面也讲了,HTTPS数据报文传输的时候涉及到证书及数据加密的问题,所以Fiddler需要抓取HTTPS报文的话还需要做其他配置。
首先还是打开Fiddler配置:Tools->Options->HTTPS:
勾选Capture HTTPS CONNECTS和Decrypt HTTPS traffic选项,如果只是想抓取本机或者远程终端的数据报文,可以在…from all processes这个下拉框中选择。这里还有一点需要注意的就是,低版本的Fiddler自签名的CA证书有一些问题,后面导入到手机上时无效,这里就需要安装上面说的FiddlerCertMaker插件。安装后要重启Fiddler,如果安装成功在上图Certificates generated by CertEnroo engine的位置的内容就会显示安装的FiddlerCertMaker插件信息。
设置完成以后点击OK,重启Fiddler。此时在手机端操作一些有https传输的app就会发现可以看到传输的内容,但是有局限性,只有设置了信任所有证书的APP中的HTTPS报文才能查看到,这类APP是非常不安全的。如果需要抓取大部分HTTPS报文怎么办呢?
大家都知道手机系统中集成了系统认为可信的CA根证书,如果服务器的证书是这些机构颁发了,HTTPS请求时系统才认为是安全的,否则SSL握手失败(前提是APP中使用系统默认证书信任机机制)。Fiddler自签名证书肯定不在系统信任的证书列表中,那怎么办呢?我们可以在手机中把Fiddler自签名的证书导入到信任证书列表中就可以解决这个问题了。
接下来打开手机中的浏览器,在地址栏输入Fiddler监听的IP:端口,比如:192.168.1.106:8888。
点击页面中的FiddlerRoot Certificate,下载并安装证书(如果下载了没有自动提示安装,可进入设置->系统安全->从存储设备安装中手动安装)。
输入证书名称,这里命名fiddler,点击确认。如果安装成功在系统安全->信任的凭据->用户中可以看到刚才安装的证书(如果证书名称是乱码,可能是Fiddler生成的证书有问题,需要安装FiddlerCertMaker插件,重新操作)。
我们在手机端打开有HTTPS链接的APP发现可以抓取HTTPS中的数据报文了。
这样就大功告成了,大家发现大部分HTTPS请求是可以抓取到的。大家有没有发现好像HTTPS传输也不是100%安全,怎么保证不被抓包呢,下次整理一篇文章总结一下怎么防止APP被抓包。
五、总结
以上哪里写的不对或者有待改进,欢迎大家提意见,谢谢!
原文出处:http://www.luoxudong.com/?p=306