In children's stories, we often think that "after the prince and the princess get married, they will live a happy and Fast Life." In the world of information technology, "RD and it"
After the website is deployed, it is the start of the challenge. Web
After the signing, I have not encountered any small issues. I am a real speaker, saying that I can adjust the value of the dynamic border even if I attempt to adjust my experience, the Web application cannot be customized.
Although there is nothing in the middle branch, from the perspective of a long period, it may be due to changes in the later branch.
If you say that IE8 Developer Tools
It is a good helper for analyzing CSS components and scripts, then fiddler2 can be said to be IE and Server
In the upper-right corner. Fiddler2 is very powerful. It can help it and RD personnel handle a lot of problems that are frequently encountered. After understanding the meaning of the interface, it can be used more efficiently.
Fiddler helps us with debuging.
- How fiddler works
Fiddler is a proxy.
When Fiddler is used, the proxy settings of IE will change to 127.0.0.1: 8888.
Will be passed through the proxy (fiddler) and wininet before the zookeeper appears.
- Web session interface Parsing
「 If you want to know how to pursue your mind, you must first understand her thoughts 」. In the same way, you must first understand the interface functions before making full use of Fiddler. Fiddler
Although it is only a small response of more than 600 KB, its analysis function is more than kb. In this part, tigerlin will
The interface provides a simple introduction, so that you can first understand the functions and usage of each region.The first step is to enter the left region after Fiddler, Which is [Web
Session] the region indicates all HTTP Communication requests and request content. In this region, you can list Internet Explorer and Web
Every digit has its own meaning.
[#]
-The sorting order of the HTTP request. You can see that the sorting order of the incoming response is obtained.
[Result]
-HTTP Response response. You can use response to determine whether the website content is frequently used. Ex: 200 is normal, 304 is re-directed, 404 cannot find the resolution case, and 500 is the server failover.
[Protocol]
-Used parameter settings
[Host]
-Source server of the disaster recovery case
[Url]
-Complete URL of the resolution case
[Body]
-Request size (measured in bytes)
[Caching]
-Cache adequacy
[Content-Type]
-Classification of case types. This ranking is very important in addition to the logic. It will be explained below.
[Process]
-Which program is connected to the target through the communication port?
Next, let's look at the region in the right region.
Domains are information-related. Here we will explain each region ~
-
- [Statistics] Function
Request
The number of response seconds, the size of the response sent, and the total number of HTTP response messages, the chart function below allows the two-dimensional table of the text to be sorted into a single two-dimensional chart for further query.
- [Inspectors] Functions
HTTP request and
Response Information Analysis. You can view the information contained in each request. For example, JPG requests use imageview.
You can see the clip. You can see the content in textview in HTML. Tigerlin most often uses the header and raw metadata functions, which can be used
The header part of the server passes through the division of IE and web server collections, helping tigerlin
Confirm that the configuration of the replica set is correct. The XML indexing function can analyze the xhr processing line of Ajax, but this part is rarely used, so it is not required.
- [Autoresponder]
You can change the existing network
In fact, in addition to copying objects in a certain region, this function cannot be used for other purposes, I think that when I think of a website, I don't need to use it manually.
For details about the usage of HTML and plain refer to using.
The fiddler autoresponder
.
- [Request builder] Functions
HTTP dynamic word generation
Whether the Web server has the Dynamic Injection Vulnerability. Most of tigerlin uses this feature to encrypt IIS URLScan.
Whether the blocking dynamic word function is set successfully.
- [Filters] Function
Forward web session
You can perform an analysis based on the specified condition, or set a medium bandwidth. You can perform an analysis based on the total KB of the Analysis page, you can also hide all successful requests (HTTP 200)
Only common handling is shown, and the acceleration can increase the analysis speed ~
- [Timeline] Function
Sort all requirements in sequence and time
The external tables that are used for auditing can easily find out which case in the graphic area causes slow operation on the graphic area, which is very useful when auditing the Web speed.
While
The big analysis feature of Fiddler allows web developers and IT staff to quickly divide the data. Below we will list six common cases:
- In the case of failure, the response should be 404, but the path does exist.
- Usage ratio of the primary case
- Offline Analysis
- Raw HTTP Request Transfer history analysis-server version hidden
- Raw HTTP Request Processing Statistics Analysis-
Web
Set positiveness
- Flash reference cases
- In the case of failure, the response should be 404, but the path does exist.
This is
A previous case of helping customers handle the problem, that is, Web Application
After the preparation is completed, and the website is in a formal environment, the information and application programs are completely normal. Only one area of video playing functions are completely unavailable. After the RD member has checked the transcript, he confirms that the film transcript exists in
The path on the web, but it is still unable to be found, and the customer complaints are constantly there.
After using fiddler for analysis, it is found that there are video clips to be written in, but the response is always
404. The film name is "XXX.FLV
"
And you will find the reason when you see the secondary name of the video.
In IIS6, the set MIME type does not support FLV encoding. The solution is to change FLV
Add it to the MIME type. After the video is added, press F5 reload to reload the video.TIPS: Sometimes Web
404 is not a real loss or loss of traffic in the case, but a relationship with the server's settings. The mime can be viewed to the attacker during the first half of the attack.
Let's take a look at the problem.
- Graphic statistics
Orders table
The text-type statistical table shows the current information for a few words that are too simple. HTTP
According to the traditional statistics, we can quickly find that several cases cannot be found in the entire process, while other cases are re-directed. Basically some 404
It will not affect the operation of the website, but based on the principle of perfection, tigerlin generally makes 404 0 to make people feel comfortable ).
Bytes
The sum of case sizes is byte. This part of data tigerlin will be audited together with the timeline function.
Timeline takes a long time to indicate incomplete processing on the surface or surface. Large cases can quickly consume zookeeper. With this function, it can be audited as Web
The traffic to the peak limit needs to be increased, or you don't have to worry about the money to complete it to improve.
- Offline Analysis
In addition to the sequence in which the case is sorted in sequence
The amount of time spent in each case is required. The larger the case, the longer the period of time will be. Now we can know which kind of slow RMB is, and timeline
Another application is the product that can be used to access the Internet. Previously, the customer's website was placed on the machine room, due to the poor quality of the customer's products, it has been suspected that the quality of the machine room is not fixed. When I call the phone, I keep complaining about the requirements.
Our workshop... the workshop was very good, and tigerlin was very fast, but the customer did not believe the word one-sided. At this time, tigerlin will ask the other two
Friends on MSN used Fiddler to pull the first line of the customer's website, capture the timeline, and process the three timeline into a single copy.
Word reports to customers and inform customers of poor quality of their products. Ask them to contact the ISP. No picture no
True. The phone is coming soon...
- Raw HTTP Request Transfer history-server version hidden
In
The HTTP Response Header of the server
There will be version information for the server, and there will be a lot of information. Generally, when the server version is disclosed, it may have known vulnerabilities but has not been repaired, and the server can easily become a target and be attacked.
. Here tigerlin will use the raw HTTP authentication function to confirm, in the previous article IIS
Security extended modular URLScan 3 Basic settings-typical values
Removeserverheader
If the server version does not appear in the header when the server is set to the correct value ), this is also one of the commonly used raw HTTP Response features.
- Raw HTTP request processing failed-
The setting of the Web tracking balancing dataset is positive.
Large environments and highly connected web
The server usually has two or more servers, either using the hardware inbound load balance or using Windows NLB
Cluster, failover cluster... In the past, when the replica set was successfully set, you must first set the Web
For example, you can use the word "Web-1" in the first line for identification. With Fiddler, it is necessary to confirm whether the balance is successful.
The raw HTTP header cannot be accessed easily ~ Set the HTTP Host header on server-side, named
X-webfarm: The content is set to Web Server 1. If IIS 6 and 7 are different, download them.
Next, use fiddler monitoring
Raw HTTP header, you can see the self-defined header set by zookeeper. This technique can be used in many environments and is very practical.
- Complete flash capture Cases
Capture flash
What's so strange about the legal case? A lot of datasets can do this, But Fiddler is more harmful. In addition to the current memory usage, other SWF that load movie into the SWF
Can capture the request, you can go to the official network http://www.uip.com.tw/madagascar2/teaser.html of MA Jia 2
Look at the SWF that is being played on the player. The Fiddler is captured in all the other downloads. Next, you only need to press Ctrl + u for the SWF to be downloaded.
You can download the website.
- Conclusion
Fiddler2 official website http://www.fiddler2.com
Fiddler
Powertoy-Part 1: HTTP debugging http://msdn.microsoft.com/en-us/library/bb250446.aspx
From: http://www.dotblogs.com.tw/tigerlin/archive/2009/04/02/7801.aspx
