fiddler mobile phone grab bag principle
Fiddler mobile phone grasping the principle and grasp the web data on the PC, is the fiddler as an agent, the network request to go Fiddler,fiddler from intercept data, because fiddler as the role of intermediary, so can decrypt HTTPS
Now start the phone grab package set tutorial set Fiddler grab Bag
File-–> Check capture traffic set to catch https and decrypt HTTPS
Tools-–>fiddler options-–>https-–>capture HTTPS traffic-->decrypt HTTPS Traffic->ignore server Certificate errors
Since we only catch the phone, so here we choose from remote clients only
Connections-–>allow remote computers to connect
Because it is a mobile phone connection agent, so tick allow remote computers to connect
Install Certmaker plugin for fiddler
Because the default certificate does not comply with the Android and iOS certificate requirements, you need to download the Certmaker plug-in, double-click the installation, restart the fiddler. Note that this step is important, you must use the Certmaker plug-in, do not use the default certificate builder, or you will not catch the package.
set up a mobile agent mobile phone and PC in the same network segment
First, make sure the phone and PC are in the same LAN
Move the mouse to the Fiddler right corner of the Online, view the PC ip,192.168.1.106
Mobile IP is, 192.168.1.101, with the PC in the same network segment.
set up a mobile agent
Find connected wireless, set up proxy, proxy IP to be consistent with the IP in online
Mobile Installation Root certificate
In the browser, enter http://192.168.1.106:8888, click on the bottom of the fiddlerroot certificate, to determine the installation.
effect
So far all set up, we look at the effect of mobile phone web version of QQ, for example, screenshot is Space "praise" request
Follow-up questions
Similarly, can also crawl mobile phone QQ app version, pay treasure, Taobao, etc., but mobile phone QQ some go HTTP2 agreement, so catch not, this situation will have to use Wireshark grab bag, but after grasping, decryption is a problem.
Wireshark grab mobile phone QQ app version of Praise request
can't catch HTTPS packet
Many netizens ask me, follow the tutorial to come, but can't catch the package, regarding this question, here unifies the reply. analysis of the situation that Fiddler can't catch Fiddler not support all protocols
Fiddler does not support all protocols, currently known to have HTTP2, TCP, UDP, WebSocket, and so on, if the application of the above agreement, then fiddler must not be caught.
HTTP2: Because Fiddler is implemented based on the. NET Framework, because the. NET Framework does not support HTTP2, Fiddler cannot crawl HTTP2 certificate written dead in app, Fiddler can't crawl
Fiddler the principle of grasping the bag is man-in-the-middle attack, that is to say, both deceive the client && deceive the server side, if the HTTPS certificate written dead in the app, that is, the app does not trust fiddler issued to its certificate, app only trust its own certificate, Fiddler can not deceive the client, so fiddler also can not crawl to the package.
To say a few more words, if it is their own development of the app, development debugging convenience, you can use similar Wireshark tools to import server certificates, grab packet decryption. fix can't crawl package problem
In addition to the above known inability to grasp the package, other circumstances should be able to crawl. Here are the steps to troubleshoot and correct the problem. confirm whether you can catch the mobile browser Baidu home page
Because Baidu is the HTTPS encryption, so if the configuration is correct definitely can be caught. Note that I am here to say three conditions, mobile && Browser && Baidu homepage of the homepage, these conditions, all have to meet.
Mobile browser Baidu homepage this appearance.
Reinstall Certificate
If you can't catch it, you can determine that there is a problem with the configuration. Verify that the Fiddler uses the Certmarker plugin and is installed on the phone, and reinstall if it is installed. If it's not work, regenerate the certificate, reinstall the computer and phone, and then reboot the Fiddler. In general, reinstalling the certificate on the phone solves the problem.
Crawl mobile phone Baidu app login Request effect Chart
Reference
Fiddler Grab package for iOS
Fiddler grab bag for Android Rewards
If you think this article is well written, please encourage, thank you ~ ~