Test requirements: there is a feature that allows gold exchange diamonds, diamond 1 = 1 is assumed gold, a front control exchange at least 10, up to 100, the background is not validated.
Test program: Enter 10, that is, I want to tell the front redeem 10 gold coins, and other front-end after verification by intercepting http request to be sent to the background, modified to 100, but does not do any background check will be returned directly to the customer end 100 gold coins, that is, I used 10 diamond exchange the 100 gold coins. Equivalent to the front to do the check is of no use, and this is definitely not a bug appeared.
—————————————————————————————————————————————————————————————————————————
So today's topic came out, how to intercept and modify http request it? Use Fiddler to set the breakpoint function can do this.
Fiddler modified set breakpoints Request
Fiddler most powerful features than the set breakpoints, and later set up a breakpoint, you can modify any information httpRequest include host, cookie or data form. There are two ways to set a breakpoint:
The first: Open Fiddler Click Rules-> Automatic Breakpoints -> Before Requests (this method will interrupt all sessions)
How to eliminate command it? Click Rules-> Automatic Breakpoints -> Disabled
The second: Enter the command at the command line: bpu www.baidu.com (this method will only interrupt www.baidu.com)
How to eliminate command it? Enter the command in the command line bpu
Look instance, analog login blog park, open garden blog login page in IE, enter the wrong user name and password, interrupted the session with Fiddler, modified to the correct user name and password. So that we can successfully log:
1. Open the login screen https://passport.cnblogs.com/user/signin blog garden with IE
2. Open Fiddler, enter the command line bpu https://passport.cnblogs.com/user/signin
3. Enter the incorrect username and password and click Login
4. Fiddler can interrupt this session, select the interrupted session, WebForms tab at the click Inspectors tab modify the user name and password, and then click Run to Completion as shown below.
The result is correctly logged blog Park
Fiddler set breakpoints modify Response
Of course, Fiddler also can modify Response:
The first: Open Fiddler Click Rules-> Automatic Breakpoint -> After Response (This method interrupts all sessions)
How to eliminate command it? Click Rules-> Automatic Breakpoint -> Disabled
The second: Enter the command at the command line: bpuafter www.baidu.com (this method will only interrupt www.baidu.com)
How to eliminate command it? Enter the command in the command line bpuafter
