Fidder-Grab the https clear (Web/app) Grab packet analysis (reliable article)

Why learn Fidder to grab a bag?

Learn the interface, you must learn the HTTP protocol, do not ask you to grasp how deep the protocol. Just hope you can understand what is the Protocol, Protocol, status code and so on! This article Fidder takes you to the door of the interface via the Grab kit tool. We learn the HTTP protocol by crawling requests.

I. Crawling the web-side HTTPS protocol

Fiddler is a very good grab bag tool, as for the installation, the Fool-type installation is good, here no longer described. Fidder default is to catch the HTTP request, for the HTTPS request on the PC, will prompt the webpage is not safe, this time need to install the certificate on the browser.

1.1 Web Page not secure

With Fidder to Firefox grab bag, open Baidu Home: https://www.baidu.com, will prompt webpage unsafe

1.2 Fidder Settings

Open the menu bar: Tools>fiddler Options>https, check the decrypt HTTPS traffic, the two sub-menu is also checked together

1.3 Exporting a Certificate

Click the Actions button in the upper right corner, choose the second option, export to the desktop, there will be one more file on the desktop: fiddlerroot.cer

1.4 Import into Firefox

Open the upper right corner browser settings "advanced" certificate "View Certificate" certificate Authority "import"

Import the certificate that you just exported from Fidder to the desktop into Firefox

After opening the file, a box will pop up, tick three options to complete the operation.

If not successful, only restart the browser, re-follow the above steps to set up!

1.5 Resolution for certificate export failure

Export Failed:the root certificate could not be located in point of actions. Recently, a lot of small partners in fiddler export certificate, encountered the problem cannot be exported, collected several solutions, for reference.

I. In the point of actions, export failed:the root certificate could not be located appears.

Two. Solution

1. First ensure that the installed Fiddler is a newer version, and first close the Fiddler
2. Download and install the Fiddler Certificate generator: http://www.telerik.com/docs/default-source/fiddler/addons/fiddlercertmaker.exe?sfvrsn=2

　　　3. Point Tools>fiddler Options
4. Tick capture HTTPS Traffic
5. Click the Actions button, export the Root Certificate Desktop button to the desktop

Third, delete the certificate
1. Some of the small partners may have previously installed some fiddler certificates, the installation of the wrong posture, resulting in a new certificate does not work, it is necessary to delete the previous certificate
Method One: Open the certificate management interface from fiddler
Method Two, input from the file Manager: Certmgr.msc and enter

2. Search for the previously installed fiddler certificate and delete all after it is found
3. Re-download the certificate generator: http://www.telerik.com/docs/default-source/fiddler/addons/fiddlercertmaker.exe?sfvrsn=2, a fool-type installation, The direct ignore of what is encountered is OK.
4. After installing the certificate, follow the 1.1 section fiddler grab 1-grab Firefox on the HTTPS request browser to import the certificate on the line (after the completion, restart the computer is OK)

Two. Crawl app requests

2.1 Preparing the relevant software environment

Computer has installed Fidder, mobile phone and computer on the same LAN (Fool understanding: Mobile phone and computer connected to the same WiFi or computer release hotspot, mobile phone connection can be)

2.2 Fidder Settings

Fiddler>tools>fiddler options>connections check Allow remote computers to connect, remember the port number you set, Bo master here set for 8888

2.3 View Computer IP

Desktop->windows key +r->cmd->ipconfig (for example: IP: 192.168.1.14)

2.4 Setting up a mobile WiFi proxy

Phone--Set-->wifi settings--click the arrow behind the WiFi name (each phone is different)----manually---Enter the IP address and port number--OK

2.5 Open the Phone browse number enter your IP port number, access the Web page, download the certificate (this step does not know how many people, bloggers suffer from the damage), this time bloggers should visit: 192.168.1.14:8888

2.6 Click "Fidderroot Certificate" to install the certificate * (remember, be sure to download the installation)

2.6 Setting filters

Set up the agent on the phone, this time fiddler caught on the PC and app all requests, if the PC open URLs, there will be a lot, this time you need to turn on filtering function. Setup process: Open Fiddler>tools>fiddler options>https>...from remote clients only, tick this option. (... from all processes: catch all requests; from browsers only: request only for browser, ... from Non-browsers only: Catch non-browser requests; from remote client s only: Catch remote client request only)

After the setup is complete, Fidder can crawl the HTTPS request on the phone app.

Note: After the test, remember that the agent on the phone from the manual change to "no", otherwise it will not be able to surf the internet!

Fidder-Grab the https clear (Web/app) Grab packet analysis (reliable article)