Fiddler working principle and proxy settings

1, what is fiddler

Fiddler is an HTTP protocol debug Proxy tool that records all HTTP requests between the client and the server, can analyze request data for specific HTTP requests, set breakpoints, debug Web apps, modify requested data, and even modify the data returned by the server, very powerful , is a tool for Web debugging. I can't find the package here because of the agent's problem.


2,fiddler Working principle

Fiddler is working as a proxy Web server, which uses proxy addresses: 127.0.0.1, Port: 8888. When Fiddler starts to turn itself into a proxy server, the proxy server listens to 127.0.0.1:8888 by default. Then when you open ie, ie will be 127.0.0.1:8. When you exit, it automatically unregisters the agent, so that it does not affect other programs. However, if Fiddler exits abnormally, this is because Fiddler does not log off automatically, which can cause the webpage to be inaccessible. So what's his working principle?

First, fiddler intercepts the HTTPS request sent by the client browser to the server, and the handshake is not established at this time.


In the first step, Fiddler sends a request to the server to handshake, obtains the CA certificate to the server, decrypts the root certificate public key, verifies the server data signature, and obtains the public key of the server CA certificate.


The second step, Fiddler forge their own CA certificate, impersonate the server certificate passed to the client browser, the client browser do the same thing as fiddler.


In the third step, the client browser generates a symmetric key for HTTPS communication, which is then passed to the server with fiddler forged certificate public Key and is intercepted by fiddler.


Fourth step, fiddler will intercept the ciphertext with their own forged certificate of the private key to obtain the HTTPS communication with the symmetric key.


Fifth step, fiddler the symmetric key with the server certificate public key encryption to the server, the server with the private key after the establishment of trust, the handshake is complete, with a symmetric key to encrypt the message, began to communicate.


Sixth step, Fiddler received the ciphertext sent by the server, with the symmetric key to solve, get the clear text sent by the server. Encrypted again, sent to the client browser.


In the seventh step, the client sends a message to the server, encrypts it with a symmetric key, and is Fidller intercepted and decrypted to obtain plaintext.


Since Fiddler has always had a symmetric key for communication, the information is transparent to the entire HTTPS communication process.

3,fiddler can't catch the bag after installation

Generally can support HTTP proxy of any program's packet can be fiddler sniff, fiddler operation Mechanism is actually on this machine listening to 8888 port HTTP proxy. Fiddler start when the default IE proxy is set to 127.0.0.1:8888, and other browsers need to be set manually, so the browser agent to 127.0.0.1:8888 can listen to the data.

Fiddler working principle and proxy settings