Fiddler mobile phone HTTPS grab bag __https

fiddler mobile phone grab bag principle

Fiddler mobile phone grasping the principle and grasp the web data on the PC, is the fiddler as an agent, the network request to go Fiddler,fiddler from intercept data, because fiddler as the role of intermediary, so can decrypt HTTPS

Now start the phone grab package set tutorial set Fiddler grab Bag

File-–> Check capture traffic set to catch https and decrypt HTTPS

Tools-–>fiddler options-–>https-–>capture HTTPS traffic-->decrypt HTTPS Traffic->ignore server Certificate errors

Since we only catch the phone, so here we choose from remote clients only

Connections-–>allow remote computers to connect
Because it is a mobile phone connection agent, so tick allow remote computers to connect
Install Certmaker plugin for fiddler

Because the default certificate does not comply with the Android and iOS certificate requirements, you need to download the Certmaker plug-in, double-click the installation, restart the fiddler. Note that this step is important, you must use the Certmaker plug-in, do not use the default certificate builder, or you will not catch the package.
set up a mobile agent mobile phone and PC in the same network segment

First, make sure the phone and PC are in the same LAN
Move the mouse to the Fiddler right corner of the Online, view the PC ip,192.168.1.106

Mobile IP is, 192.168.1.101, with the PC in the same network segment.
set up a mobile agent

Find connected wireless, set up proxy, proxy IP to be consistent with the IP in online
Mobile Installation Root certificate

In the browser, enter http://192.168.1.106:8888, click on the bottom of the fiddlerroot certificate, to determine the installation.

effect

So far all set up, we look at the effect of mobile phone web version of QQ, for example, screenshot is Space "praise" request
Follow-up questions

Similarly, can also crawl mobile phone QQ app version, pay treasure, Taobao, etc., but mobile phone QQ some go HTTP2 agreement, so catch not, this situation will have to use Wireshark grab bag, but after grasping, decryption is a problem.
Wireshark grab mobile phone QQ app version of Praise request

can't catch HTTPS packet

Many netizens ask me, follow the tutorial to come, but can't catch the package, regarding this question, here unifies the reply. analysis of the situation that Fiddler can't catch Fiddler not support all protocols

Fiddler does not support all protocols, currently known to have HTTP2, TCP, UDP, WebSocket, and so on, if the application of the above agreement, then fiddler must not be caught.

HTTP2: Because Fiddler is implemented based on the. NET Framework, because the. NET Framework does not support HTTP2, Fiddler cannot crawl HTTP2 certificate written dead in app, Fiddler can't crawl

Fiddler the principle of grasping the bag is man-in-the-middle attack, that is to say, both deceive the client && deceive the server side, if the HTTPS certificate written dead in the app, that is, the app does not trust fiddler issued to its certificate, app only trust its own certificate, Fiddler can not deceive the client, so fiddler also can not crawl to the package.
To say a few more words, if it is their own development of the app, development debugging convenience, you can use similar Wireshark tools to import server certificates, grab packet decryption. fix can't crawl package problem

In addition to the above known inability to grasp the package, other circumstances should be able to crawl. Here are the steps to troubleshoot and correct the problem. confirm whether you can catch the mobile browser Baidu home page

Because Baidu is the HTTPS encryption, so if the configuration is correct definitely can be caught. Note that I am here to say three conditions, mobile && Browser && Baidu homepage of the homepage, these conditions, all have to meet.
Mobile browser Baidu homepage this appearance.
Reinstall Certificate

If you can't catch it, you can determine that there is a problem with the configuration. Verify that the Fiddler uses the Certmarker plugin and is installed on the phone, and reinstall if it is installed. If it's not work, regenerate the certificate, reinstall the computer and phone, and then reboot the Fiddler. In general, reinstalling the certificate on the phone solves the problem.

Crawl mobile phone Baidu app login Request effect Chart
Reference

Fiddler Grab package for iOS
Fiddler grab bag for Android Rewards

If you think this article is well written, please encourage, thank you ~ ~