Fiddler plug-in---Decrypt elong MAPI request parameters and response content

Current Issues:

In our daily Web/app testing process, Fiddler is a major aid tool, and in our team, we often use fiddler for app capture testing.

The rest (internally called MAPI) interface used by the Art Dragon app has the following features in use:

1, interface request entry, whether it is a GET or post interface, in order to ensure privacy and data security, its entry will be encrypted once AES, and then do a encode processing;

Like what:

　　　　　　

Well, not through the decryption, I do not know req parameter in the end of the smelly and long is what ghost;

2, the interface response, is generally through gzip or LZSS compression;

This results in the inability to view the request parameters and the response content when using the Fiddler Auxiliary test, and always returns a bunch of garbled characters , which is extremely inconvenient to use.

Follow the previous procedure, such as to view the entry and exit parameters, generally viewed through the app-side debug tool, or through the MAPI log;

To see the response in Fiddler, we need to take three steps as we've done before:

1. Save response body to local, and use. gz as the file suffix;

2, unzip the GZ file;

3, open with the Text tool;

Cumbersome operation, low efficiency;

To solve the above problems, improve the efficiency of testing, and make full use of the powerful features of fiddler; We have developed a fiddler plug-in that allows you to view the decrypted incoming request and the response content directly in Fiddler, and is more convenient than some of the test methods described earlier.

　　

The currently implemented features are:

1. 1. Supports both Get or post type MAPI requests for access to the parameters and the contents of the response;

   2. Input and exit parameters formatted output;

   3. Text lookup, Save (Gzip, text) features

first, let's talk about how to use:

1. Copy the 2 DLLs to the Inspectors folder in the Fiddler installation directory;

2. Re-open fiddler; set up mobile agent

3, and then as a way to see (you can see the inspectors tag, more than two sub-tags "view MAPI in the parameters" and "View MAPI response", click on these 2 tags, you can see the format of the response content)

　　

Second, the pit process 0) First of all, the next fiddler in the Gzip self-contained decompression function;

For a normal HTTP request, if it is in the response header, with Content-encoding:gzip, in Fiddler is to support decompression to view the contents of response, the Fiddler in general will appear such a button;

　　　　

We only need to click on it to view the content of the response after decompression;

　　　　

Yo ~,niubility!!! So, since Fiddler has been so d bombing days, and most of the MAPI response is gzip compression, why do we have a plug-in, superfluous?

Let's look back at MAPI and see where it's going with the pit Daddy ;

To get a review of the interface as an example, let's take a look at its response header:

　　　　

Careful you may have seen it; it has no content-encoding:gzip in the header!!!

So fiddler will commit two; it will not give you the automatic decompression of the content of the gzip stream; we will still see a bunch of garbled characters when we look in the TextView or raw panel;

　　　　

According to this principle, let the couple try the following first

1) in the header of response, add content-encoding:gzip automatically

How to add the header in the response, let the development to change, wake up first, and so on, the flowers are to be thanked;

It is time to come out of our fiddlerscript, yes, again; it is also the last time the HTTPS replacement task was measured;

In the Onbeforeresponse method, we add the following code, and then use the mobile agent to access the elong App;

PS: From the method name can also be known, it is in response to Fiddler, was intercepted by fiddler, but has not returned to the agent client, a series of tampering process;

As we can see, the Response header has already added Content-encoding:gzip, and the familiar Decode button is back;

Click the Long Decode button in the middle and switch to the TextView tab; Sure enough, you can see the returned response.

So easy ~ ~ ~ Applause! Sprinkle the flowers!

But, we look back at the phone, Whats the f*****k;

The original app side of the header added Content-encoding:gzip response in the processing of an exception, was caught; don't stop me, let me cry for a while

2) Plug-in development; fiddler extended Swiss Army Knife

As the 34-year-old, is about to be eliminated from the elderly, we have to think of another way, try to play a bit of waste heat;

Since even fiddlerscript this former invincible geek function are uncertain, have to take a step deeper, please out the ultimate weapon---fiddler plug-in;

First went to the official plug-in library to find a bit, there is no plug-in for the scene, it seems that our needs are also a bit of wonderful;

In the face of the desperate situation, the yuan's grandpa Mao taught us--hands-on, clothed!

First Open fiddler two Times development official website, open Vscode, recall three years did not knock C #;

And then you hit a line of the classic code that surprises the world:

Console.WriteLine ("Hello world!");

Nonsense so much, it is time to give out our solutions;

Enter the parameter to see how it is implemented:

1. 1. For get type, use the Fiddler Api to get the URL in Get, parse out the request parameter;

   2. Post type API; intercept body data;

   3. Get ClientType and appversion from the header;

   4. For the parameters obtained in 1 and 2, do a decode processing;

   5. Call the AES decryption interface in the Http://192.168.14.206:8206/husky/system/aes in the internal husky, use the data obtained in 1, 2, 3 to splice the parameters, obtain the decrypted data;

　　　　　The main code is as follows:

　　Note:

1, check the MAPI entry function, can only be used in the intranet, because the internal husky is called the AES decryption interface;

2, the use of interface decryption instead of algorithm decryption reason is: the algorithm decryption needs to configure the key, maintenance slightly trouble;

In addition, the interface of the intranet is decrypted faster, and it is called only once when the tab is viewed, not activated, not invoked, and not for non-MAPI requests.

　　To view the implementation of an interface response:

1. Obtain the response body data, and implement the Gzip stream reading method; NET GZipStream class, return the extracted real text content

2. Implement JSON Format function, use to Newtonsoft.json class library

Fiddler plug-in implementation method:

1, the implementation of the plug-in needs to inherit Inspector2 base class and IRequestInspector2, IResponseInspector2 interface, overwrite or implement some of these key methods;

Inherit and implement IRequestInspector2 interface, can be in fiddler processing request process of some entry, header modification and view;

While inheriting and implementing the IResponseInspector2 interface, it can modify and view the response content, response header in the process of fiddler processing response;

2, need to implement a custom control, integrated into the Fiddler form as a plug-in, used to show the decrypted request entry, as well as the response content after decompression;

Additional notes:

Fiddler is to support 4 kinds of extension development mode; This plugin uses the 2nd type;

1 Ifiddlerextension,iautotamper,iautotamper2,iautotamper3

1, these interfaces are oriented to a global plug-in,

2, the plug-in location and Log,timeline peer

3, the plugin compiled into a DLL can only be placed in the Scripts folder

2 Inspector2,iresponseinspector2,irequestinspector2

1, these interfaces are oriented to a single connection

2, plugin will appear inspector this menu and Headers,textview peer

3, the plugin compiled into a DLL can only be placed in the Inspectors folder

3 Ihandleexecaction This interface allows your control to receive commands from the command line, this interface

4 Isessionexporter,isessionimporter

1, as the name implies bulk to the request by the line import and export operations. For example, batch export to TXT, etc.

2, the position appears in the right-click menu save-selectd session-and file-importsession popup menu

3. dll needs to be put into importexport.

Resources:

Official documents:

Http://docs.telerik.com/fiddler/Extend-Fiddler/ExtendWithDotNet

Some plugins on GitHub source code:

Https://github.com/jessemcdowell/FiddlerMessagePackViewer

Https://github.com/waf/WCF-Binary-Message-Inspector

Fiddler plug-in---Decrypt elong MAPI request parameters and response content