Android Grab Bag method (GO)

Android Grab Bag method (GO)

Findyou

Address:http://www.cnblogs.com/findyou/p/3491014.html

Objective:

To do front-end testing, the basic requirements will be caught, will analyze the request packet, to see if the interface is called correctly, the data returned is correct, the problem is to locate the root cause and so on.

Whether it is to do HTML5 mobile phone project testing, or now the Enterprise Mail app testing, often need to grab the package, do the front-end development of the basic first time will think of Fiddler, indeed fiddler more powerful and convenient, this article mainly on Android phone for example introduced through the Fiddler grab mobile phone packets, This method can also be used for mobile phones, such as Iphone, Ipad, and Win phone.

Directory

1, grasping the package principle

2, the method merits

3. Preparatory work

4. Example

5. Other

1, grasping the package principleFiddler is a proxy-like form of work that records all of the HTTP (S) traffic between your computer and the Internet, and can view and modify all the "in and out" data . Use proxy address: 127.0.0.1, default port: 8888. Open Fiddler will automatically set up the agent, normal exit will automatically logout agent, abnormal exit on the network, restart a fiddler, or directly in IE Cancel agent can.

2, the method merits [Advantages]:1). Fiddler operation is simple, convenient and powerful2). Can grasp the packet in real time, can simulate the modification request2). Only need mobile support agent3). Applicable for Android, Iphone, Ipad, Winphone and other support agent mobile phones are applicable

[Cons]:1). The computer needs to be installed fiddler2). The test phone needs to support WiFi3). Test phone and computer need the same network4). The app you are testing needs to support the agent3. Preparatory work

1). Check your computer's network connection

A. Use another computer in the same network) ING this machine to check if it is connected properly.  

Reason: I previously measured HTML5 project found that the fiddler agent can not catch the package, the phone settings are correct, after the discovery is not found in the network local, native firewall setup problems.

Also need to pay attention to whether the same network, if the mobile phone GPRS and other Internet access, you in the LAN grab packet ... Elder brother thinks you can change a row ...

(Contract: The fiddler computer is referred to as this machine)

2). Fiddler installation

A.: http://fiddler2.com/get-fiddler

B. Install: Omit (Next ... Next)

3). Fiddler configuration

A. allow remote computers to connect fiddler

Menu:tools-> Fiddler options->Connections, tick "Allow remote computers to connect"

Note: 8888 is the default port number, can be modified, but pay attention to two points, one is the local idle port, the second is the mobile phone proxy settings when the port to be consistent.

B. Configure to capture HTTPS requests (* Ignore this step if you do not need to capture HTTPS )

Menu:tools-> Fiddler options->Connections, check "Capture HTTPS connects" after

tick "Decrypt HTTPS traffic", "Ignore server certificate Errors"

Note 1: Tick the option English do not know, please Google, not another explanation

4). The phone installs the HTTPS certificate (* Do not need to capture HTTPS, ignore this step *)

A. First determine the IP address of the computer where the fiddler is located: Example: 192.168.8.8

B. Open the tested phone browser, Access http://192.168.8.8:8888, click "Fiddlerroot Certificate" and install the certificate

Note: Iphone, ipad installation is simple, click Install. Android installation A little trouble, you need to set the phone lock screen password, PIN code, install the certificate will prompt, follow the steps to go.  

4. Example

Thinkdrive Grab Bag Instance

During the first phase of the test, the app security test is involved, so you need to see if there is a plaintext password for the transmitted data.

1). Turn on fiddler, determine the native IP, fiddler port number

Native ip:192.168.8.8

Fiddler port number: 8888

2). Mobile phone connected to the same network WiFi, set up the agent

A. Proxy hostname: Fiddler computer IP

B. Proxy server port: Port used by fiddler

3). App operation, generating request data

A. Example: Login

B. Example: Log Out

4). Analyze Fiddler capture data

A. Example: Login Request Analysis

1). Double-click to view the login request, select other class tags such as WebForms or JSON, view the request parameter values, control the interface document and the point analysis you want to test, and check that the returned data is correct.

2). With account number, different password, different account, with password and other test cases, test multiple login found that the password is only MD5 encryption, no good password encryption transfer

3). The analysis has the following issues:

Issue 1: Account password with HTTP transmission, account number and password (MD5 value) Local Area network can be captured;

Issue 2: The password is MD5 encrypted, but the transmission is not encrypted, simple password can be decrypted online (the figure in the password online decryption less than 1 seconds: 123qwe); Issue 3: Password does not decrypt also can log in, through a account in the app login, and then use sniffer to get the B account and password (MD5 value), use fiddler modify a account request to complete the B account in the app login.  

Note 1:fiddler function use, please google or Baidu, here is unknown said

Note 2: The above examples are for reference only, specific testing, with the relevant business and testing objectives as the guidance for testing and analysis.  

5. Other

Although this article mainly on Android mobile phone capture example, but its purpose is to show that, whether it is a computer, or mobile phone, or other internet terminals, can be through the agent of the way to grab packets (HTTs, HTTPS).

Android Grab Bag method (GO)