Songqin Software Testing
Adhere to Educational Principles
Both Ask About Harvest and Cultivation
When it comes to packet capturing, many people think it’s just about using a tool to capture data easily. Yesterday, during an interview for an Android reverse engineering position, I was directly told, “Packet capturing has no technical content.”
Here, I must write a technical article to analyze the packet capturing tool – Fiddler.
Is Fiddler just a packet capturing tool? Sorry, if used well, Fiddler can really do a lot.
Introduction to Fiddler
① Fiddler is a powerful packet capturing tool that works as a web proxy server, using the proxy address: 127.0.0.1, with the default port set to 8888, which can be modified through settings.
② A proxy sets up a barrier between the client and the server. The client first sends the request data, and the proxy server intercepts the data packets, then pretends to be the client to send data to the server; similarly, when the server returns response data, the proxy server intercepts it and sends it back to the client.
③ Fiddler can capture data packets from any program that supports HTTP proxying. If you want to capture HTTPS sessions, you need to install a certificate first.
Tip 1: Fresh Installation of Fiddler
By default, Fiddler does not capture HTTPS sessions. You need to set it up by opening Fiddler Tool->Fiddler Options->HTTPS tab
Select the checkbox, and the following dialog will pop up; click “YES”
After clicking “Yes”, the setup is complete.
Tip 2: Fiddler Mobile Proxy Configuration:
1) Open Fiddler->Tools->Fiddler Options, check Allow remote computers to connect in the [Connection] panel, set the port number [default is 8888, can modify to other port numbers]; click [OK] button, close Fiddler and reopen it.
2) Get the local IP for mobile configuration, Windows->Run->cmd->ipconfig; there are two simple ways to obtain the local IP:
① Hover the mouse over the Online in the upper right corner of Fiddler to display the local IP, Host, and other information, as shown below
② Click Windows->Run->cmd->ipconfig; get the local IP
3) Mobile configuration: Change proxy settings to [Manual], enter [Proxy Server Hostname] (corresponding to the PC’s IP address), and enter [Proxy Server Port Number] (Fiddler’s configured port number)
4) After all configurations are complete, now open the assistant on your phone, and you will be able to see the requests sent by the phone in Fiddler.
Tip 3: Basic Interface of Fiddler
The Inspectors tab contains many messages to view Request or Response. The Raw Tab allows you to view the complete message, while the Headers tab only shows the headers within the message. As shown below
Tip 4: What to Do if the Response is Garbled After Starting Fiddler?
Sometimes we see that the HTML in the Response is garbled; this is because the HTML has been compressed. We can decompress it in two ways.
1. Click on “Response is encoded and may need to be decoded before inspection. click here to transform” above the Response Raw.
2. Select “Decode” from the toolbar. This will automatically decompress it, and after decompressing, restart to see the changes.
Tip 5: Using QuickExec Command Line
In the lower left corner of Fiddler, there is a command line tool called QuickExec, which allows you to enter commands directly.
Common commands include:
help: Opens the official usage page that lists all commands
cls: Clears the screen
Select: Command to select sessions
?.png: Used to select images with the png suffix
bpu: Intercept request
Tip 6: Creating AutoResponder Rules in Fiddler
The AutoResponder tab in Fiddler allows you to return files from local storage without sending the HTTP request to the server.
Let’s look at an example.
1. Go to the assistant homepage, save the serverconfig.html link to your local desktop, select that request, right-click—>copyàJust Url.
2. Select that request, click on the AutoResponder on the right, click Add Rule to add that request, or drag this session to the AutoResponder tab.
3. Select Enable automatic responses and Unmatched requests passthrough.
4. Modify the locally saved configuration file, under the Rule Editor below, select Find a file… to choose the locally saved image. Finally, click Save to save it.
5. Re-enter the assistant and check that the data returned from serverconfig is your modified version.
Tip 7: How to Filter Sessions in Fiddler
Every time you use Fiddler and open a website, you can see dozens of sessions, which can be overwhelming. The best way is to filter out some sessions, such as filtering out image sessions. Fiddler has a filtering function in the right Filters tab; as shown below, it only displays requests containing zhushou.sogou.com.
Tip 8: Encoding Tools Provided in Fiddler
Click on the TextWizard in the Fiddler toolbar; this tool can Encode and Decode strings.
Tip 9: Querying Sessions in Fiddler
Use the shortcut Ctrl+F to open the Find Sessions dialog, enter keywords to search for the session you want. The queried sessions will be highlighted in yellow.
Tip 10: Saving Sessions in Fiddler
Sometimes we need to save sessions to send to others or analyze later. The steps to save a session are as follows:
Select the session you want to save, then click File->Save->Selected Sessions.
CustomRules.js
The main methods in CustomRules.js:
Static function OnBeforeRequest(oSession: Session)// Modify the content of the Response in this method,
Static function OnBeforeResponse(oSession: Session)
// This method contains Fiddler commands. In the lower left corner of the Fiddler interface, the QuickExec Box static
function OnExecAction(sParams: String[])
Example: Modify sogouid
① Click Rules—》CustomRules in the menu bar to open the CustomRules.js script.
② Add the following script, writing the interface name in the parentheses, and fill in the request data in the url.
③ Change the sogouid you want to modify.
Place this script under the oSession.uriContains() method and click “Save script”; thus, the sogouid under this interface will be changed to your modified id.
if(oSession.uriContains(“install.html?”)){
oSession.url=”mobile.zhushou.sogou.com/m/install.html?uid=d15449c17bbded35c989736
70c1e1e0c&vn=3.11.2&channel=sogouinputgx&sogouid=e9ed8a54201e5481e20f6760804772c3&stoken==IhTefovaz0ppdInTQxRlnQ&cellid=&sc=0&iv=311″;
Tip 11: Modify Session Display Styles in Fiddler
Place this script under the OnBeforeRequest(oSession: Session) method and click “Save script”; thus, all sessions from cnblogs will be displayed in green.
if (oSession.uriContains(“mobiletoolhit.gif?”)) {oSession[“ui-color”] = “green”;}
Tip 12: How to Modify the Body in the Request in Fiddler Script
Method 1:
Static function OnBeforeRequest(oSession: Session) {
if(oSession.uriContains(“http://www.cnblogs.com/TankXiao/”)) {
// Get the body string in the Request
Var strBody=oSession.GetRequestBodyAsString();
// Modify the string using regular expressions or replace methods
strBody=strBody.replace(“1111″,”2222”);
// Show a dialog to check the modified body
FiddlerObject.alert(strBody);
// Write the modified body back into the Request
oSession.utilSetRequestBody(strBody);}}
Method 2:
Provide a simple method to directly replace data in the body
oSession.utilReplaceInRequest(“1111″,”2222”);
For testing, if the client’s data is incorrect, you might need to make a request to a specific URL to check if the returned data is correct. Sometimes, making requests through the client can be complex and time-consuming. However, checking the data through a separate request can save time. Of course, GET requests can be seen directly in the browser, while POST data requires tools. Fiddler’s composer function exists for this purpose, as shown below. Fill in the URL at the top, select the request method, add POST data in the body below, and click execute to send the request. You can then see the return value of this simulated request in inspectors.
ღ The End ღLet’s Learn Testing Together at Songqin