"Go" grab Bag tool Fiddler tutorial (12) Under: Fiddler crawl HTTPS

In tutorial 12 (above), we also learned about the HTTPS protocol, this tutorial will share with you fiddler how to Crawl HTTPS

Grab Kit Tool Fiddler tutorial (12): "Reprint" HTTPS protocol
Recall the key elements again:

iddler如何在服务器与客户端之间充当第三者呢？服务器—>客户端：Fiddler接收到服务器发送的密文， 用对称密钥解开， 获得服务器发送的明文。再次加密， 发送给客户端。 客户端—>服务端：客户端用对称密钥加密，被Fiddler截获后，解密获得明文。再次加密，发送给服务器端。由于Fiddler一直拥有通信用对称密钥enc_key， 所以在整个HTTPS通信过程中信息对其透明。 从上面可以看到，**Fiddler抓取HTTPS协议成功的关键是 根证书 （具体是什么，可Google）,这是一个信任链的起点，这也是Fiddler伪造的CA证书能够获得客户端和服务器端信任的关键。**  

Fiddler crawling HTTPS settings

Note the following operations, the premise is that the phone has been able to connect the fiddler, this part of the configuration process is simply not to repeat, can refer to: How to connect the mobile phone fiddler.
How do I continue to configure the Fiddler crawl to the HTTPS protocol?
(a) Install Certmaker plug-in for fiddler
Because the default certificate does not meet the certificate requirements for Android and iOS, you need to download the Certmaker plugin, double-click Install, and restart Fiddler. Note This step is important, you must use the Certmaker plugin, do not use the default certificate generator, or you cannot catch the package.

(Note: Verified, Android and iOS, if you do not install this plugin, also can catch the package, the official document is also used a very ambiguous explanation, may, maybe, are not so absolute.) If the package is not caught, this step can be used as a solution)

(b) First set the Fiddler: Open the toolbar->tools->fiddler Options->https

Setting up the Fiddler

Select Capture HTTPS connects because we want to use Fiddler to get the HTTPS request from the mobile client, so the drop-down menu in the middle selects from remote clients only. Select Ignore server certificate errors below.
Actions-> Trust Root Certificate.

Click Yes.

Click Yes, pay attention to the contents of the red box, Do_not_trust_fiddlerroot, this is the name of the certificate.

Click Yes.

Click OK so that the Fiddler certificate has been added successfully.

Check the certificate, actions->open Windows certificate Manager

Can the certificate has been added, the certificate name is to remind everyone to pay attention to, "do_not_trust_fiddlerroot", but I do not understand why is two records, need to dig into it.

(iii) Then, the phone is installed fiddler certificate.
This step, which we analyzed above, is the key to crawling HTTPS requests.
The procedure is simple, open the mobile browser, enter the proxy server IP and port in the browser address, and you will see a fiddler provided page.

Then click on the bottom of the Fiddlerroot certificate, click OK to install to download the Fiddler certificate.
To view the installation certificate on your phone, set up a trusted certificate, security--User (location may have some differences depending on how many phones are different):

After the download installation is complete, we use the mobile phone client or browser to make HTTPS requests, Fiddler can intercept, and intercept ordinary HTTP requests as well.
The interface for the green flag is the HTTPS protocol, as shown below:

from:http://blog.csdn.net/qq_15283475/article/details/62224149

"Go" grab Bag tool Fiddler tutorial (12) Under: Fiddler crawl HTTPS