Fiddler Everywhere中圖標(biāo)

The Live Traffic List uses the icons listed below to provide additional context for each recorded session. Hover on an icon on an entry in the Live Traffic list to trigger an explanatory tooltip.

完整版可參考: https://docs.telerik.com/fiddler-everywhere/user-guide/live-traffic/live-traffic

抓包

牛刀小時(shí)

修改百度搜索內(nèi)容，Composer中可以輸入修改請求參數(shù)?？梢钥闯鑫覍⒄埱髤?shù)修改為%號(hào)了。

Connect

選取公眾號(hào)的一篇文章千古第一駢文進(jìn)行抓包。

對應(yīng)上面的圖標(biāo)，可知The request used the HTTP CONNECT method - establishes a tunnel used for HTTPS traffic.

CONNECT mp.weixin.qq.com:443 HTTP/1.1
Host: mp.weixin.qq.com:443
Connection: keep-alive
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36

A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

Version: 3.3 (TLS/1.2)
Random: 51 77 BE 85 69 6F 64 15 B3 E2 C6 97 1E 91 26 53 5B 63 D6 97 01 C4 91 00 46 2E AB E6 0E 5F 5B EE
"Time": 2041/2/7 下午8:15:13
SessionID: 01 54 46 DA 04 9B 17 75 6C 56 0F 15 88 6B 6F FA AB EB AD E7 42 6C F3 0B DB C5 B7 C9 CA 11 66 00
Extensions:
? ?grease (0x1a1a) ? ?empty
? ?server_name ? ?mp.weixin.qq.com
? ?extended_master_secret ? ?empty
? ?renegotiation_info ? ?00
? ?supported_groups ? ?grease [0xdada], x25519 [0x1d], secp256r1 [0x17], secp384r1 [0x18]
? ?ec_point_formats ? ?uncompressed [0x0]
? ?SessionTicket ? ?empty
? ?ALPN ? ? ? ?h2, http/1.1
? ?status_request ? ?OCSP - Implicit Responder
? ?signature_algs ? ?ecdsa_secp256r1_sha256, rsa_pss_rsae_sha256, rsa_pkcs1_sha256, ecdsa_secp384r1_sha384, rsa_pss_rsae_sha384, rsa_pkcs1_sha384, rsa_pss_rsae_sha512, rsa_pkcs1_sha512
? ?SignedCertTimestamp (RFC6962) ? ?empty
? ?key_share ? ?00 29 DA DA 00 01 00 00 1D 00 20 91 C0 DA D8 5E B4 87 6E B4 DC 15 06 F5 CF 07 2E FB 4E DA 86 C2 9F 5D 4D 07 BE 2E BF 48 E5 6D 7A
? ?psk_key_exchange_modes ? ?01 01
? ?supported_versions ? ?grease [0xfafa], Tls1.3, Tls1.2, Tls1.1
? ?0x001b ? ? ? ?02 00 02
? ?grease (0x5a5a) ? ?00
? ?padding ? ? ? ?204 null bytes
Ciphers:
? ?[1A1A] ? ?Unrecognized cipher - See https://www.iana.org/assignments/tls-parameters/
? ?[1301] ? ?TLS_AES_128_GCM_SHA256
? ?[1302] ? ?TLS_AES_256_GCM_SHA384
? ?[1303] ? ?TLS_CHACHA20_POLY1305_SHA256
? ?[C02B] ? ?TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
? ?[C02F] ? ?TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
? ?[C02C] ? ?TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
? ?[C030] ? ?TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
? ?[CCA9] ? ?TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
? ?[CCA8] ? ?TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
? ?[C013] ? ?TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
? ?[C014] ? ?TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
? ?[009C] ? ?TLS_RSA_WITH_AES_128_GCM_SHA256
? ?[009D] ? ?TLS_RSA_WITH_AES_256_GCM_SHA384
? ?[002F] ? ?TLS_RSA_WITH_AES_128_CBC_SHA
? ?[0035] ? ?TLS_RSA_WITH_AES_256_CBC_SHA

Compression:
? ?[00] ? ?NO_COMPRESSION


關(guān)于HTTPS，可參考?通過Wireshark分析HTTPS

HTTP的一些狀態(tài)和字段

refer: 它就是表示一個(gè)來源?？聪聢D的一個(gè)請求的 Referer 信息。

這里可以看出來源是從origin對應(yīng)的value的URL過來的.

403: 出現(xiàn)403是因?yàn)榉?wù)器拒絕了你的地址請求，很有可能是你根本就沒權(quán)限訪問網(wǎng)站，就算你提供了身份驗(yàn)證也沒用。講真，很有可能是你被禁止訪問了。 除非你與Web服務(wù)器管理員聯(lián)系，否則一旦遇到403狀態(tài)碼都無法自行解決。

504: 代表網(wǎng)關(guān)超時(shí) （Gateway timeout），是指服務(wù)器作為網(wǎng)關(guān)或代理，但是沒有及時(shí)從上游服務(wù)器收到請求。 204: 空內(nèi)容 服務(wù)器成功執(zhí)行請求，但是沒有返回信息。 0: 當(dāng)rule設(shè)置為reset/drop的時(shí)候，Result是0。 drop: Close the client connection immediately without sending a response. reset: Reset the client connection immediately using a TCP/IP RST to the client. 關(guān)于RST：RST標(biāo)示復(fù)位、用來異常的關(guān)閉連接。

?發(fā)送RST包關(guān)閉連接時(shí)，不必等緩沖區(qū)的包都發(fā)出去，直接就丟棄緩沖區(qū)中的包，發(fā)送RST。?而接收端收到RST包后，也不必發(fā)送ACK包來確認(rèn)。

exit: Stop processing rules at this point.

下載文件的js腳本

知道需要下載文件的url，使用下面的腳本就可以實(shí)現(xiàn)下載。

<script type='text/javascript'>
top.location='https://down.7yolgame.com/***.apk';
</script>


Fiddler Everywhere中的正則表達(dá)式

官網(wǎng)中的String Literals功能感覺用途不太大，很多時(shí)候達(dá)不到要求，不知道什么原因根本沒有作用，推測這個(gè)功能被廢棄了。

這里主要看正則表達(dá)式: regex:(.*)這里是網(wǎng)址/(.\*)[2]?drop掉網(wǎng)站信息。

Meddler

目前只有exe程序，需要windows系統(tǒng)。個(gè)人理解，據(jù)此可以實(shí)現(xiàn)請求的攔截，響應(yīng)的攔截等功能。

Meddler is a HTTP(S) Generation tool based around a simple but powerful JScript.NET event-based scripting subsystem. It's kinda like a basic nodeJS test server, but a little more user-friendly.

下面的代碼是通過Fiddler Everywhere導(dǎo)出的Meddler script，運(yùn)行的話需要windows安裝meddler工具。

簡單解釋下代碼，當(dāng)又請求http://localhost:8088shakespeare/notes/29e0ba31fb8d/recommendations的時(shí)候，響應(yīng)頭和響應(yīng)體會(huì)被設(shè)置。

import Meddler;
import System;
import System.Net.Sockets;
import System.Windows.Forms;

// Script generated by Fiddler2 export.
// You can set options for this script using the format:
// ? ? ScriptOptions("StartURL" (where {$PORT} is autoreplaced by the Meddler port number), "Optional HTTPS Certificate Thumbprint", "Random # Seed")
public ScriptOptions("http://localhost:{$PORT}/shakespeare/notes/29e0ba31fb8d/recommendations")
class Handlers
{
? ?static function OnConnection(oSession: Session)
? ?{
? ?try {
? ? ? ?if (oSession.ReadRequest())
? ? ? ?{
? ? ? ? ? ?var oHeaders: ResponseHeaders = new ResponseHeaders();
? ? ? ? ? ?if (oSession.requestHeaders.Path == '/shakespeare/notes/29e0ba31fb8d/recommendations')
? ? ? ? ? ?{

? ? ? ? ? ? ? ?oHeaders.Version='HTTP/1.1';
? ? ? ? ? ? ? ?oHeaders.Status='200 OK';

? ? ? ? ? ? ? ?oHeaders.Add('Server', 'Tengine');
? ? ? ? ? ? ? ?oHeaders.Add('Date', 'Sun, 14 Mar 2021 11:06:42 GMT');
? ? ? ? ? ? ? ?oHeaders.Add('Content-Type', 'application/json; charset=utf-8');
? ? ? ? ? ? ? ?oHeaders.Add('Transfer-Encoding', 'chunked');
? ? ? ? ? ? ? ?oHeaders.Add('Connection', 'keep-alive');
? ? ? ? ? ? ? ?oHeaders.Add('Vary', 'Accept-Encoding');
? ? ? ? ? ? ? ?oHeaders.Add('X-Frame-Options', 'DENY');
? ? ? ? ? ? ? ?oHeaders.Add('X-XSS-Protection', '1; mode=block');
? ? ? ? ? ? ? ?oHeaders.Add('X-Content-Type-Options', 'nosniff');
? ? ? ? ? ? ? ?oHeaders.Add('ETag', 'W/"2ef5130a02844285dd24b1944b547bfb"');
? ? ? ? ? ? ? ?oHeaders.Add('Cache-Control', 'max-age=0, private, must-revalidate');
? ? ? ? ? ? ? ?oHeaders.Add('Set-Cookie', 'locale=zh-CN; path=/');
? ? ? ? ? ? ? ?oHeaders.Add('Set-Cookie', '_m7e_session_core=31e97c979dd3afee7d6cb2e17c9bc8ec; domain=.jianshu.com; path=/; expires=Sun, 14 Mar 2021 17:06:42 -0000; secure; HttpOnly');
? ? ? ? ? ? ? ?oHeaders.Add('X-Request-Id', 'be8871a7-fe3d-43e8-a4dd-93b527b8e3f0');
? ? ? ? ? ? ? ?oHeaders.Add('X-Runtime', '0.089191');
? ? ? ? ? ? ? ?oHeaders.Add('Strict-Transport-Security', 'max-age=31536000; includeSubDomains; preload');
? ? ? ? ? ? ? ?oHeaders.Add('Content-Encoding', 'gzip');
? ? ? ? ? ? ? ?oSession.WriteString(oHeaders);

? ? ? ? ? ? ? ?oSession.WriteBytes(Convert.FromBase64String('MjAxDQofiwgAAAAAAAADrdJNaxNBGAfwr7LsOS/zPrM56kW8KGygB5Ew2Z1Np1l3l85GD1LQgjEiLYVSsfQQREQvIuLBFqP9MJrd9JSv4NRKEre9CD3tMg8z/H/P89x77OrQbXGBGOMU1FwTD3puywVR6KEgCAClyq25sTZ5Rz+QPdUZbMa2vp7nmWk1m4MsTmVY/1MyjQ0tE7M+aOj0b+HijmlCT3iUQFEHoUBRSAjnQcRBROzbuc5jZZ+cnb6ejoa/jneK42fOzTTta/XzyVNfGaPTxP610746/95ea88nY3vxoVaPTCdIB0nutiDEwMaPdV8tz4jYql0ABcSMQ4QWQC4FUgxCIrB3HUCCiAcBqSsiCMMM2MYxjhVqZElvBVmOP57t/yh23013x+XesKogFFcNCwEBAgAPLgQQQ8EBQop2wbUIMLAAXIdddp6dcmU7xhlqbGSrglvt9l1/9ulr8Xl7dvq8/PCyaoDQdvnfOSynADyAOV8aFLQHgYwwplcZVjo33Tkot0/Kw2/T7wfzycjXSS9Wjq97iXMnmU9ezN6/nQ6/FK9OijejS5EAJ9VMcBEKIE49QhehSGiHJykMwm54Vaj/3H2BIPCY7StFEYuwlF0lhZTVzfCzTUtybqRp7iDn7GhYjPacNdU1adBX+SWR3bCKCKGt+78BXVuLgs8DAAANCjANCg0K'));
? ? ? ? ? ? ? ?oSession.CloseSocket(); return;
? ? ? ? ? ?}
? ? ? ?}
? ? ? ?oSession.CloseSocket();
? ? ? ?}
? ? ? ?catch(e) {MeddlerObject.Log.LogString("Script threw exception\n"+e);}
? ?}
}


stream

By default, Fiddler Everywhere uses buffering mode,?which means that the responses are fully collected before any part is sent to the client.?Buffering alters the responses?(for example, an image won't begin to download until the containing page download is complete). With streaming mode, the server's responses are immediately returned to the client as it is downloaded.?In streaming mode, tampering with the response body is not possible.

公眾號(hào)

更多內(nèi)容， 歡迎關(guān)注我的微信公眾號(hào): 無情劍客。