1. Fiddler 简介
Fiddler是介于浏览器客户端和服务器之间的端口监听服务。如下图所示:他类似于中间的代理服务器,当使用fiddler时,请求直接发送到fiddler代理网桥,fiddler将请求转发给服务器,同样,服务器的响应也发送给fiddler,fiddler将请求转发给浏览器。对于客户端浏览器,Fiddler 客户端就是是web服务器,对于web服务器,Fiddler模拟web浏览器。在这个过程中,Fiddler截取和记录所有传入的和传出的消息。
Fiddler sits between HTTP client nd server nd listened on port. s the finger below, it cts s €œmn-in-the-middle€ proxy, when using fiddler, the requests is being sent directly to Fiddler proxy bridge, Fiddler will forwrd the request to rel server, Likewise, the response from server is lso sent to the fiddler, fiddler will forwrd it to the browser. To the client browser, Fiddler clims to be the web server, nd to the web server, Fiddler mimics the web browser. In this process, Fiddler intercepts nd records ll the incoming nd outgoing messges.
功能:
- 针对特定的请求过滤
- 分析请求和响应的数据、
- 设置断点、调试、修改请求的数据,
- 修改服务器返回的数据
下载地址:https://www.telerik.com/fiddler
注意:在安装过程中可能会要求关闭全部浏览器
2. 首次使用
界面如下:
2.1 检查会话
fiddler界面中显示了捕获到的所有HTTP和HTTPS会话,这些消息包括如下关键信息:
# – An ID# of the request generated by Fiddler for your convenience Result – The Result code from the HTTP Response Protocol – The Protocol (HTTP/HTTPS/FTP) used by this session Host – The hostname of the server to which the request was sent URL – The path and file requested from the server Body – The number of bytes in the Response body Caching – Values from the Response’s Expires or Cache-Control headers Process – The local Windows Process from which the traffic originated Content-Type – The Content-Type header from the Response Custom – A text field you can set via scripting Comments – A text field you can set from scripting or the session’s context menu
每种类型的项目在左边都有一个自己的图标,下面是所有图标的列表。
2.2 Check Fiddler Inspectors
Request Inspectors [RW] Headers Shows request headers and status. [RW] TextView Shows the request body in a text box. [RW] HexView ”Shows the request body in a hexadecimal view. [RO] XML Shows the request body as an XML DOM in a tree view. Response Inspectors [RW] Transformer Removes GZip, DEFLATE, and CHUNKED encodings for easier debugging. [RW] Headers Shows response headers and status. [RW] TextView Shows the response body in a text box. [RW] HexView Shows the response body in a hexadecimal view. [RO] ImageView Shows the response body as an Image. Supports all .NET image formats. [RO] XML Shows the response body as an XML DOM in a tree view. [RO] Privacy Explains the P3P statement in the response headers, if present.
2.3 Check sttistics of the request
- Sttistics--显示所选HTTP会话的性能统计数据
- Inspectors--
- utoResponder---自动回复
- FiddlerScript-------Fiddler 脚本
- Log-----log日志
- Filters--过滤器
- Timeline--时间表
- Composer 设计改动报文
3.其他
3.1. 抓取https请求
点击 Fiddler->Tools -> Options,在 HTTPS 面板选中。做如下所示操作,并安装(需重启Fiddler生效)。
3.2. 抓取手机请求
如果想要捕获手机上的通信数据,就需要手机连接上Fiddler代理,而Fiddler默认是不允许其他设备进行连接的
a. 首先安装fiddler的电脑,跟手机需在同一局域网内
b. 点击 Fiddler->Tools -> Options,在 Connections 面板选中 Allow remote computers to connect 允许其他设备连接(需重启Fiddler生效)。
c. 手机上配置代理,并安装Fiddler的安装证书
3.3. 需代码处理部分
Rules -> Customize Rules 打开Fiddler ScriptEditor,这里可以通过修改脚本中某些方法( OnBeforeRequest(oSession: Session)),来改变请求报文,或者返回报文中信息
注意:代码调整之后,一定要重启Fiddler重新加载CustomRules.js。
如何解决Fiddler 修改返回内容 OnBeforeResponse 无效的问题? 问题关键点是:必须在OnBeforeResponse前,设置oSession.bBufferResponse = true; 顾名思义,开启了缓存模式来处理返回内容,才能最终反馈到浏览器上,否则,保持原有的流式模式的话,就会出现修改和返回同时进行,浏览器得到的还是原版的数据。 建议在OnPeektResponseHeders中根据需要,设置bBufferResponse 。 添加的代码如下: sttic function OnPeektResponseHeders(oSession: Session) { if (oSession.uriContins("flow/intercept")){ oSession.bBufferResponse = true; //需要在返回头这里设置buffer处理,否则,后续无法在onBeforeResponse中修改body(修改的动作不会阻塞原来的返回) } }
3.4 Fiddler中的Tool
编码小工具TextWizrd,如何使用呢?
1、点击TextWizrd,当鼠标放上去时,有解释:lunch the textwizrd to encode/decode text ,顾名思义:编码/解码文本的