当前位置：网站首页>How to grab the mobile phone bag for analysis? Fiddler artifact may help you!

How to grab the mobile phone bag for analysis? Fiddler artifact may help you!

2022-06-24 22:05:00 【InfoQ】

In normal development , We want to analyze the traffic information of mobile phones , How to catch it at this time ？

If we open a web page in the browser of the mobile phone , Want to analyze , What should we do at this time ？

Today, Rego will introduce an artifact Fiddler, And will teach you how to use Fiddler Set the proxy to crawl the mobile phone http message .

Let's go straight to ！

What is? Fiddler？

Fiddler It's a Web Debug agent tool , Can capture HTTP(S) Traffic .

Only in Windows Up operation .

Download and install Fiddler

Download address ：

https://www.telerik.com/download/fiddler

After downloading, it is just like installing ordinary software , The next step, the next step .

After installation , open Fiddler this is it ：

Use Fiddler

Use on the computer

This is simpler , Just follow wireshark almost , But I think Fiddler Better use .

There are usually two steps , First, clear the original use records ：

This is what happens when the cleanup is complete ：

Then I Google “wljslmz”：

This is the time , We found that only http My bag , No, https My bag , What about this ？

Don't worry. , Keep looking down ：

open

tools

, spot

HTTPS

, take

Decrypt HTTPS traffic

On the hook ：

The first time I checked it , You will be prompted to download the certificate automatically , If there is no hint , Or close the window of downloading the certificate for the first time by mistake , You can manually download again ：

Click to download the certificate to the desktop ：

You can see that my desktop has downloaded the certificate ：FiddlerRoot.cer

At this time, if we do not import certificates , Take a look at the effect of grabbing bags , This is the time , Let's just type something in the browser ：

Will show “ Your connection is not private ” A hint of , Let's see Fiddler：

Still not HTTPS My bag .

Next , We import the certificate into the browser ：

Click on ” Management Certificate ”

Click on “ Import “

choice “ The next page ”

Will be taken from Fiddler Just import the certificate exported from

Default click “ The next page ” Just go

Click on “ complete ” that will do

You can see that the import is successful

Then we go to Google to search, and we can search and analyze packets normally

Grab the data packet of the mobile phone

You need to set up a proxy , Start by opening Fiddler：

take Fiddler Set the listening port of , Here we set it to

8888

Then set the mobile phone proxy , Take Android phones , Open the network details of the mobile phone connected to the network , I have a wireless network here ：

Click on “ agent “, choice ” Manual “：

Enter host name （ Your computer ip） And port （ Just at Fiddler Set the port ）：

This is the setting , Then we search the mobile web page casually , have a look Fiddler The change of ：

Pictured , We have caught the bag of the mobile page , But during the test, I put HTTPS Shut down the , Just start the normal test .

Well, the above is the introduction level to teach you how to grasp the mobile phone HTTP package , As for package analysis and Fiddler Other ways of using , Later, Ruige will introduce to you ！

原网站

版权声明
本文为[InfoQ]所创，转载请带上原文链接，感谢
https://yzsam.com/2022/175/202206241901160050.html