The powerful role of fiddler in different scenarios

Original link: http://www.yyztech.com/archives/50/

My site: http://www.yyztech.com

If you are a front-end developer or tester, then Fiddler is definitely one of the most important tools to master. Fiddler is one of the most powerful Web debugging tools, he can record all client and server HTTP/HTTPS requests and responses, allowing you to monitor, allow you to set breakpoints debugging, even tamper with requests and responses.
How does fiddler work? In fact, every time you open fiddler, it will automatically set the "127.0.0.1:8888" on your computer as the proxy server, and Fiddler will always listen to 8888 ports, so that all requests or responses on your computer will go through this proxy server, This is a good idea.
So, this time let's take a look at the fiddler what are the easy-to-use features, which can be used to meet what scenarios.
Note: This tutorial believes that you have a basic understanding of fiddler, and understand the meaning of Fiddler each window represents. If you have not used fiddler before, please check any article on the Internet, the introduction is very detailed.

First, tampering with the request

When testing, you will certainly encounter this situation, please look at the following form (using the "Http://ip.360.cn/#/ipquery" page for instructions):

This form I entered a wrong IP address, the result of the front end has been thrown the problem of IP address error, limit I click on the "Query" button, but I also want to know the current end does not make a limit, directly to the server to submit a wrong IP to see if the server can handle, then what should I do?
With fiddler. First Open the Fiddler, check rules->automatic Breakpoints->before requests, or click on the lower left corner of the fiddler until a red up arrow appears (indicating that the breakpoint was set during the request, The client's request was fiddler blocked), as shown below:

Then, we change the form to a normal IP address such as "202.106.212.255" and then click Query.
After the query found that the page is not responding, this time to see Fiddler, found Ip.360.cn/ipquery/ipquery this request signature also has a red upload arrow, indicating that we have successfully intercepted this request. At this point, we click on the left side of the request, in the right Inspectors->textview or Inspectors->webforms interface will see the request sent the specific content:

We click on the red box labeled Value Place, the IP is modified to "202.106.212.256", and then click on another red box labeled "Run to Completion", this time can see the page just now:

At this point we can say that not only the front end, the original server to the IP address is also verified.
Just perhaps the careful classmate will notice, in the Fiddler "Run to Completion" button left, there is a button called "Break on Response", what is this button? As the name implies, just "run to completion" refers to running directly to the end of the session, while "Break on Response" means to intercept the return data again upon return.
OK, this is the basic request for tampering small example, I hope you can see after the work to be used.
Perhaps the reunion asked, you do so, directly intercepted all requests, if I only need to intercept a specific request, and other requests I have to release, what should I do? This belongs to the Fiddler command line advanced usage, first disclosed, using the BPU command can be, follow-up we introduce.
Second, tamper return
What we have just tampered with is the request content, can we tamper with the return content? For example, just below the IP query input box is its return, indicating the address of the IP and the operator, if I want to construct a very long return, to see when the return data is very long when the front page will not deform it.
Also use the example, we first set the Fiddler to this: Select Rules->automatic breakpoints->after Responses, or click on the lower left corner of the fiddler, Until a downward red arrow appears (the downward arrow indicates that the return process was intercepted by fiddler), as follows:

Then, we submit a normal IP, such as "202.106.212.255", and then click Query.
Now that the front-end page is still unresponsive, we open fiddler and see the return value for this request as follows:

As you can see, a JSON data structure is returned, where the value of data is the one to be displayed on the page. We modify this data value as follows:

After modifying, click "Run to Completion" and then view the front page:

The front-end page found a truncated display of the very long data I returned.
The above is a small example of the return of tampering, also hope that the reader can use the actual work.
There may be classmates will ask, you do so, directly intercepted all the return, if I only need to intercept a special return, and the other return I have released, this should do. This also belongs to the Fiddler command line advanced usage, and then revealed that the use of bpafter command can be, follow-up we introduce.