Fiddler抓包工具
Fiddler抓包工具很好用的,它可以干嘛用呢,举个简单例子,当你浏览网页时,网页中有段视频非常好,但网站又不提供下载,用迅雷下载你又找不到下载地址,这个时候,Fiddler抓包工具就派上用场了,它会记录你发送的每条请求记录,包括每条请求中包含的表单数据,截图示例如下:
左边是请求的url链接,右边是每个链接请求工程中的一些信息数据,从这里我们可以看到data中的数据。有了它,我们就不需要用F12了。
Android利用Fiddler进行网络数据抓包
主要介绍Android及IPhone手机上如何利用Fiddler进行网络数据抓包,比如我们想抓某个应用(微博、微信、墨迹天气)的网络通信请求就可以利用这个方法。
Mac 下请使用 Charles 代替 Fiddler。
相对于tcpdump配合wireshark抓包的优势在于:(1)无需root (2)对Android和Iphone同样适用 (3)操作更简单方便(第一次安装配置,第二次只需设置代理即可) (4)数据包的查看更清晰易懂,Fiddler的UI更简单明了 (5) 可以查看https请求。如果你坚持使用tcpdump也可见:利用tcpdump和wireshark抓取网络数据包。
PS:需要1台PC做辅助,且PC需要与手机在同一局域网内或有独立公网ip
1、PC端安装Fiddler
下载地址:Fiddler.exe,下面是Fiddler的简单介绍(不感兴趣的可以直接跳过):
Fiddler是强大且好用的Web调试工具之一,它能记录客户端和服务器的http和https请求,允许你监视,设置断点,甚至修改输入输出数据,Fiddler包含了一个强大的基于事件脚本的子系统,并且能使用.net语言进行扩展,在web开发和调优中经常配合firebug使用。
Fiddler的运行机制其实就是本机上监听8888端口的HTTP代理。 对于PC端Fiddler启动的时候默认IE的代理设为了127.0.0.1:8888,而其他浏览器是需要手动设置的,所以如果需要监听PC端Chrome网络请求,将其代理改为127.0.0.1:8888就可以监听数据了,手机端按照下面的设置即可完成整个系统的http代理。
2、 配置PC端Fiddler和手机
(1) 配置Fiddler允许监听https
打开Fiddler菜单项Tools->Fiddler Options,选中decrypt https traffic和ignore server certificate errors两项,如下图:
第一次会提示是否信任fiddler证书及安全提醒,选择yes,之后也可以在系统的证书管理中进行管理。
(2) 配置Fiddler允许远程连接
如上图的菜单中点击connections,选中allow remote computers to connect,默认监听端口为8888,若被占用也可以设置,配置好后需要重启Fiddler,如下图:
(3) 配置手机端
Pc端命令行ipconfig查看Fiddler所在机器ip,本机ip为10.0.4.37,如下图
打开手机连接到同一局域网的wifi,并修改该wifi网络详情(长按wifi选择->修改网络)->显示高级选项,选择手动代理设置,主机名填写Fiddler所在机器ip,端口填写Fiddler端口,默认8888,如下图:
这时,手机上的网络访问在Fiddler就可以查看了,如下图微博和微信的网络请求:
可以双击上图某一行网络请求,右侧会显示具体请求内容(Request Header)和返回内容(Response Header and Content),如下图:
可以发现Fiddler可以以各种格式查看网络请求返回的数据,包括Header, TextView(文字), ImageView(图片), HexView(十六进制),WebView(网页形式), Auth(Proxy-Authenticate Header), Caching(Header cache), Cookies, Raw(原数据格式), JSON(json格式), XML(xml格式)很是方便。
停止网络监控的话去掉wifi的代理设置即可,否则Fiddler退出后手机就上不网了哦。
如果需要恢复手机无密码状态,Android端之后可以通过系统设置-安全-受信任的凭据-用户,点击证书进行删除或清除凭据删除所有用户证书,再设置密码为无。
如果只需要监控一个软件,可结合系统流量监控,关闭其他应用网络访问的权限。
VPNService
如果有更复杂的需求,当然还是 Fiddler / Charles 比较好
kotlin大法好 看来是到学习的时候了
使用 tPacketCapture [0] ,无需 root,可以保存下 pcap 格式的流量捕获,然后在电脑上打开分析。
Packet Capture 功能更强些,
利用 Fiddler 抓包,适合大多数走代理的应用,优点 (1) 无需 root (2) 对 Android 和 Iphone 同样适用 (3) 操作更简单方便(第一次安装配置,第二次只需设置代理即可) (4) 数据包的查看更清晰易懂,Fiddler 的 UI 更简单明了 。可见
对于不走代理的 App 可以利用 tcpdump 抓取 andorid 手机上网络数据请求,利用 Wireshark 查看,可见:如何利用Tcpdump抓取andorid网络数据请求,Wireshark查看
windows下也可以使用charles
电脑上安装个Charles,然后在Android手机上设置下代理,就可以在Charles上监听到了。想看https的请求就稍微麻烦一些些,手机上得先安装下证书,
协议+目标地址,或者仅仅目标地址都可以,wireshark过滤规则很强大的
先下载安装wireshark和360Wi-Fi,用360Wi-Fi建立热点,手机无线连接这个热点,然后用wireshark抓取流量包。
kali, Burpsuite
mac 上面使用charles
Windows上使用fiddler
服务器上可以使用mitmproxy
以上三者都可以做到https的解析
wifikill,能够抓整个局域网的包,不过完整版要收费. 路由器没开 AP 隔离的情况下只要网卡设为 Promiscuous 模式(某些系统需要 root 权限,以及驱动程序支持)就可以抓到当前局域网所有传输的数据,对任何设备都如此。
如果知道对方目标服务器的域名,直接修改host + wireshark非常好用。如果是http服务,那么host + mitmproxy。
对于走3g的数据也可以这么处理,只是需要一台公网ip的服务器。
使用 tPacketCapture, 无需 root,可以保存下 pcap 格式的流量捕获,然后在电脑上打开分析。 它的原理是建立一个虚拟的 VPN 连接, 让所有的流量都通过它。 因此它捕获不到二层的信息,但这对于基本参考需求来说已经足够了。
手机连接无线路由器,把网关修改成同路由器电脑的IP;在电脑上打开路由转发功能: echo 1 > /proc/sys/net/ipv4/ip_forward
就可以用电脑上的wireshark或者其他软件抓包了。
ps:电脑得是linux类操作系统。windows的我知道怎么打开那个功能。
买个路由器,刷个openwrt,装tcpdump,
随便抓
无论是在windows操作系统下还是在linux操作系统下,要想捕获网络上的数据包,必须要对网卡进行控制,因为本机的数据报从网络上来到本机是通过网卡然后再保存到本地缓冲区上的,所以要抓获网包就必须调用网卡驱动中的对外函数,在linux系统中有net.h文件,可以调用net.h文件中的函数来操作网卡,可以直接编程实现,但为了更方便的使用,可以安装一个叫libpcap的软件,这样调用函数更好用,www .ijiami .cn
而在windows系统中,因为源代码不对外公开,所以要安装一个叫winpcap的软件,这样用C或VC++
就可以实现了,但因为我用的是java语言来实现的,所以无论是在哪个系统都要安装一个叫jpcap
的软件,它本身就把底层的函数又封装了一下,这样就可以让java来使用了。
bitshatk
botbrew
the Fiddler Alpha for Mono.
Fiddler for Mono
Current Linux build: 4.4.8.4 Built: June 13 2014
Old Linux build: 4.4.5.2 Built: August 28th 2013
Please report any issues (especially blockers) you discover to fiddler@telerik.com. Please be sure to include your OS, Mono, and Fiddler version information.
We've run this code (more or less) successfully on Ubuntu 12+, Linux Mint 15+, and OSX 10.8+.
FiddlerCore for Mono
Mono FiddlerCore 4.4.5.3 Built: Sept 13 2013
Note: FiddlerCore for Mono does not automatically change the system proxy settings for Mac or Linux. Your application's code will need to do this itself. You can look at the Proxy Configuration section below for details on how you might go about doing this.
MONO CONFIGURATION
Fiddler requires that you have the latest Mono package installed for your platform of choice. That means 3.1.2 for OSX or 2.10.8 for Linux.
On Mac: Visit http://www.mono-project.com/download/ and install the MRE package.
On Linux, if you run
sudo apt-get install mono-complete
You'll probably get everything you need.
If you want to install Mono piecemeal, beyond the base Mono, you must install the Winforms packages.
For Ubuntu 13 / Linux Mint 15 / Elementary OS Luna, run:
sudo apt-get install mono-winforms*
For Ubuntu 12.04, run:
sudo apt-get install libmono-system-windows-forms4.0-cil
sudo apt-get install libmono-windowsbase4.0-cil
Some places in Fiddler use a URLDecode function from System.Web; this will be removed in the future, but for now, consider running
sudo apt-get install libmono-system-web4.0-cil
NEW MonoFiddler v4.4.8.3 includes a new FiddlerScript engine (based on C#). That means you'll also now need
sudo apt-get install mono-mcs
Launching Fiddler on Linux
From the console, run
mono Fiddler.exe
PROXY CONFIGURATION
SYSTEM PROXY CONFIGURATION
When Fiddler starts or "attaches" as the system proxy, it runs {bash attach.script} which contains calls to the {gsettings} command to point the system proxy at Fiddler. When Fiddler closes or "detaches" as the system proxy, it runs {bash detach.script} which uses {gsettings} to disable the system proxy. If you don't like this, or want something else to happen, simply edit that script file.
Using Config scripts for MacOSX
The {attach.script} and {detach.script} set the proxy only for HTTP, not HTTPS. If you want to capture HTTPS traffic, you will need to update the scripts as follows:
attach.script should contain:
networksetup -setwebproxy Wi-Fi 127.0.0.1 8888
networksetup -setsecurewebproxy Wi-Fi 127.0.0.1 8888
detach.script should contain:
networksetup -setwebproxystate Wi-Fi off
networksetup -setsecurewebproxystate Wi-Fi off
Note: If you want to configure Fiddler to watch for traffic on a different adapter, you will need to change the *Wi-Fi* token to the name of the adapter.
Using Config scripts for Linux
Both Firefox and Chromium running on Mint and Ubuntu respect the "system proxy setting."
For Firefox, you must manually choose Edit > Preferences > Advanced > Network > Settings and select *Use System Proxy*. Chromium uses this proxy by default.
Manual Proxy Configuration for Firefox
Click Edit > Preferences > Advanced > Network > Settings and choose "Manual Proxy Configuration", Proxy 127.0.0.1, Port 8888, and tick the "Use this proxy server for all protocols" box.
Manual Proxy Configuration for Chromium
Set your shortcut to launch Chromium like so:
/usr/bin/chromium-browser %U —proxy-server=http=127.0.0.1:8888;https=127.0.0.1:8888
HTTPS CONFIGURATION
Validating Server Certificates
To enable Fiddler/Mono to validate that remote certificates chain to a "legitimate" root, use mozroots to import the set of root certificates vetted/trusted by Mozilla.
From the console, run:
mozroots —import —sync
Note: mozroots can be installed by running sudo apt-get install mono-runtime. See also: mozroots man page.
Alternatively, you can disable certificate validation using the checkbox inside Fiddler's Tools > Fiddler Options > HTTPS tab.
TLS Version
If all HTTPS connections to Fiddler fail in Firefox with a "The connection was interrupted" message in Firefox and a note about "Unsupported security protocol" in Fiddler's Log tab, you may need to navigate to about:config inside Firefox and edit the security.tls.version.max preference. Set it to 1. This is a bug in older versions of Mono (e.g. 3.x); if you install Mono 4.0.5 directly from Xamarin, this problem will go away.
Trusting Fiddler's Certificate
If you enable HTTPS decryption in Fiddler, you must configure your browser to trust Fiddler's root certificate.
In Fiddler, click Tools > Fiddler Options > HTTPS and click the "Export Root certificate to desktop" button.
Trusting the Root in Firefox
Click Edit > Preferences > Advanced > Encryption > View Certificates. Click the Authorities tab. Click the Import button. Select the FiddlerRoot.cer file from your desktop. Tick the "Trust this CA to identify websites" box and click Ok.
Trusting the Root in Chromium
Navigate to chrome://settings/ and click the "Show advanced settings…" link. In the HTTPS/SSL section, click the "Manage certificates…" button. Click the Authorities tab. Click the Import button. Select the FiddlerRoot.cer file from your desktop (use the "All files" view in the File Picker dialog). Tick the "Trust this CA to identify websites" box and click Ok.
Notable Bugs
- Deleting multiple sessions at once in the Web Sessions list may crash Fiddler. Likely a Mono WinForms issue: https://bugzilla.novell.com/show_bug.cgi?id=684773 Should be fixed now
Troubleshooting
If Fiddler does not start properly, please try running it with tracing enabled: mono —trace=all Fiddler.exe and then email the output to us so we can have a look.
Limitations
- NEW FiddlerScript added to build 4.4.8.3 FiddlerScript is not available. It (or more likely, a variant based on C#) may arrive in a future build.
- Remote Certificate processing on HTTPS connections seems a bit wonky; Mono *always* throws RemoteCertificateNotAvailable exception but this seems to be a false positive. You can disable certificate validation if you like.
- Automatic Proxy chaining not yet supported; Fiddler currently overwrites system proxy settings without looking at them first or restoring them later. Will be fixed later. You can set the upstream proxy manually inside Tools > Fiddler Options > Gateway.
- WPAD and Proxy Configuration scripts are not supported for upstream gateways.
- X-AutoAuth and other techniques based on Windows Authentication probably do not work. Channel-Binding-Tokens definitely won't work.
- On Mac, Mono (and thus Fiddler) runs in 32bit only.
TODO List
List of upcoming work for MonoFiddler MonoTodo
Outdated notes:
- Note: Mono 3.10 was broken by Bug #23553 which prevents Fiddler from launching on Mac.
Mac Note: The WinForms framework on Mac is almost unusably buggy. Your best bet is to run Fiddler inside a Linux or Windows Virtual Machine and point the Mac's proxy settings at that.
Mac Note: To avoid OSX Gatekeeper's security block, you will need to launch the Mac version by holding the Control key while clicking on the application icon, and choosing Open on the menu. If the splashscreen/window does not appear, try CMD+Tabbing to flip between windows and/or close one or more Finder windows.