fiddler解决抓包Tunnel to 443 和 断点调试

时间:2024-02-15 13:24:15

fiddler解决抓包Tunnel to 443 和 断点调试

Tunnel to 443

1.下载证书生成工具 {链接:https://pan.baidu.com/s/1d8pItWMivQWBt_yjlKikPA 提取码:nvu1}

2.打开fiddler,选择fiddler脚本跳转到 OnBeforeRequest函数 (Fiddler Script  > OnBeforeRequest)

3.在该函数结尾的大括号内添加下列代码并保存 (https抓包证书配置正确抓包结果出现Tunnel to 443,加下列代码重新生成证书)

  1.  
    var hosts = \'zkd.me develop.dog\';
  2.  
    FiddlerApplication.Log.LogFormat("Logger session {0}, Url: {1}, isHttps: {2}, port: {3}", oSession.id, oSession.fullUrl, oSession.isHTTPS, oSession.port);
  3.  
    if(hosts.indexOf(oSession.host) > -1){
  4.  
    FiddlerApplication.Log.LogFormat("Capture session {0}, Url: {1}, isHttps: {2}, port: {3}", oSession.id, oSession.fullUrl, oSession.isHTTPS, oSession.port);
  5.  
    if(oSession.HTTPMethodIs(\'CONNECT\')){
  6.  
    FiddlerApplication.Log.LogString(\'create fake tunnel response\');
  7.  
    oSession[\'x-replywithtunnel\'] = \'FakeTunnel\';
  8.  
    return;
  9.  
    }
  10.  
     
  11.  
    if (oSession.isHTTPS){
  12.  
    FiddlerApplication.Log.LogString(\'switch https to http request\');
  13.  
    oSession.fullUrl = oSession.fullUrl.Replace("https://","http://");
  14.  
    oSession.port = 80;
  15.  
    }
  16.  
     
  17.  
    FiddlerApplication.Log.LogFormat("Processed session {0}, Url: {1}, isHttps: {2}, port: {3}", oSession.id, oSession.fullUrl, oSession.isHTTPS, oSession.port);
  18.  
    }
  19.  
    FiddlerApplication.Log.LogFormat("Logger session {0}, Url: {1}, isHttps: {2}, port: {3}", oSession.id, oSession.fullUrl, oSession.isHTTPS, oSession.port);

4.菜单栏>tool>Options分别设置抓包https与允许远程主机链接,如图

5.运行fiddlercertmaker.exe,并导出证书(tool>Options>https>Actions>Export Root  certificate to Desktop)

6.PC端浏览器删除所有fiddler证书并导入桌面证书到浏览器并信任,移动端设置代理通过浏览器进入http://IP地址:8888下载安装证书并添加到信任

7.重启fiddler与移动端后打开浏览器或者APP进行抓包测试


fiddler断点调试

全局断点

对请求断点: Rules > Automatick Breakpoints > Before Requests

对响应断点: Rules > Automatick Breakpoints > After Requests

断点后可在Requests(请求断点)和Response(响应数据) 对请求和响应数据进行修改然后点击Run to completion释放

单个断点

命令行输入:  bpu 接口               请求断点

                     bpafter 接口          响应断点

断点某个网站:bpu  域名     与     bpafter  域名

调试介绍后记得输入bpu + 回车   or   after + 回车 取消断点