fiddler pc https 抓包
原理
fiddler抓包原理
fiddler 偵錯程式註冊到作業系統因特網服務中,系統所有的網路請求都會走fiddler的代理,所以fiddler才能抓包。
Debug traffic from any client and browser
Fiddler helps you debug traffic from any browser: Internet Explorer, Chrome, Firefox, Safari, Opera, and more. Once you start Fiddler, the web debugger registers itself as the system proxy for Microsoft Windows Internet Services (WinINet), the HTTP layer used by Internet Explorer, Microsoft Office, and many other products. As the system proxy, all HTTP requests from WinINet flow through Fiddler before reaching the target web servers. Similarly, all HTTP responses flow through Fiddler before being returned to the client application.
Additionally, most devices that support Wi-Fi or Ethernet can be configured to send their traffic to Fiddler; this includes iOS, Android, Windows Phone and Windows RT devices.
fiddler解密https原理
其實fiddler就是中間人攻擊,依次經過如下過程
- fiddler接到客戶端的https請求,fiddler將請求轉發給伺服器
- 伺服器生成公鑰證書,返回給fiddler;fiddler攔截下真的公鑰證書,並生成偽造的公鑰證書給客戶端;
- 客戶端使用偽造的公鑰證書加密共享金鑰傳送給fiddler,fiddler使用偽造的私鑰解密獲取共享金鑰
- fiddler將解密後的共享金鑰,使用真正的公鑰加密傳送給伺服器端,伺服器使用共享金鑰與fiddler通訊
- fiddler使用共享金鑰與客戶端通訊
以上是fiddler抓包解密的原理,這個原理是建立在https建立連線的基礎上的,請參考
下面開始抓包設定教程
設定fiddler抓包
File—–>capture traffic
設定抓https和解密https
Tools—–>fiddler options—–>https—–>capture https traffic—->decrypt https traffic—>Ignore server certificate errors—->Actions—–>Trust root certificate—->之後都是確定
安裝根證書後,可以點選Actions—–>open windows certificate manager檢視安裝到系統的根證書
根證書的作用:fiddler對每個域名都會生成公鑰證書,瀏覽器會用根證書驗證公鑰證書的合法性,所以,根證書是https 抓包必不可少的部分
效果
我們那支付寶登陸介面做測試,支付寶登陸頁面
常見問題
http tunnel、http connect
有一種情況,host都是tunnel to, url 後邊都帶著443,這是什麼意思呢?
檢視,請求頭會發現使用了Connect方法,Connect方法通常會建議代理(fiddler)與目標伺服器建立http tunnel;儘管Connect也可以用於http,但是一般是用於SSL通訊;
CONNECT www.google.com:443 這句話表示,代理與伺服器的443埠建立了http tunnel,在此之後,所有由客戶端傳送的內容,都會經由http 代理,轉發給www.google.com:443埠;更多http tunnel&http connect資料可以參考http tunnel&connect
解密失敗
有的時候,發現解密失敗,這是可以檢視connect的log。如圖
通過檢視響應,我們看到,是由於沒有設定解密導致的,
This is a CONNECT tunnel, through which encrypted HTTPS traffic flows.
Fiddler’s HTTPS Decryption feature is enabled, but this specific tunnel was configured not to be decrypted. Settings can be found inside Tools > Fiddler Options > HTTPS.
A SSLv3-compatible ServerHello handshake was found. Fiddler extracted the parameters below.
Tools > Fiddler Options > HTTPS,選中解密https,選擇正確的來源,解密成功。
當然,如果不想顯示Connect,你也可以設定rules----->hide connects 隱藏connect;
如果還是解密失敗,可以檢視Log標籤頁,錯誤資訊都會在這裡邊顯示。
抓不到手機微信
有網友跟我說,抓不到手機微信的資料,這是因為,微信走的http2協議,fiddler不支援http2協議,所以用wireshark抓,但http2也是加密的,所以抓到的資料看不懂。
手機 https 抓包
如果是抓手機 https,請參考這篇文章fiddler 手機 https 抓包 ,對於手機 https抓包做了更有針對性的解釋。
打賞
如果你覺得本文寫得好,請鼓勵一下,謝謝~~
