Using fiddle to monitor HTTPS Web pages

HTTPS adds security relative to HTTP, but still does not effectively prevent man-in-the-middle attacks (man-in-the-middleattack, "MITM attacks")

This allows the fiddle tool to effectively monitor HTTPS traffic

The normal access process for an HTTPS website is like this

A man-in-the-middle attack is to add its own CA to the browser, forge a digital certificate, and forward traffic

Join your own CA to make a fake digital certificate believable and cheat the browser

Digital certificates are forged to listen for specific content of HTTPS interactions

The following two graphs give the request and response of HTTPS for the man-in-the-middle attack phase

The most important part of a man-in-the-middle attack is putting its own CA into the browser, many ways, such as viruses, trojans, social engineering ...

Well, the principle is simple, and then we'll set up fiddle

First download fiddle

: Http://www.telerik.com/download/fiddler

As for which version to download

Win7 and previous XP recommended download. Net2 version, win8/8.1 and later versions are recommended for download. NET4 version

The reason: Win7 built-in. NET2,XP can be installed. net2,win8/8.1 built-in. NET4 version

The author here installs the. Net4 version of

After the download is Fiddler4setup.exe, double-click Install needless to say

Next look at the configuration

Open fiddle

tools[Tools]-->fiddler Options ... [Fiddle Options ...] -->https--> Check Decrypt HTTPS traffic[decrypt HTTPS traffic]

tools[Tools]-->fiddler Options ... [Fiddle Options ...] -->connections--> check allow remote computer to connect computers to connection[]

When set, turn off restart fiddle.

Next we import the certificate for the browser

Browser opens http://127.0.0.1:8888/

On the Fiddle Echo service page, click Fiddlerroot Certificate, and then import the certificate according to the browser prompts

When listening to the Android client, you need to set up a WiFi hotspot on your computer, any Android phone connected to the hotspot, the IP of the certificate is changed to the gateway IP

IP can usually be detected by the ipconfig command.

The results of the author's query are as follows

C:\windows\system32>ipconfigwindows IP configuration Wireless LAN Adapter WLAN3: Connect a specific DNS suffix ...: local link IPv6 address ...: fe80::481a:1efd:d5d4:a87b ...% atIPV4 Address ............:192.168.253.1Subnet Mask ............:255.255.255.0default gateway .............: Wireless LAN Adapter WLAN: Media status ............: media disconnected specific DNS suffix .... : Ethernet Adapter Ethernet: Connection-specific DNS suffix ...: local link IPv6 address ..... : FE80::7495: 5b85:a10c:3cb7%3IPV4 Address ............:172.18.62.201Subnet Mask ............:255.255.255.0Default Gateway .............:172.18.62.1Ethernet Adapter VMware Network Adapter VMnet8: Connection-specific DNS suffix ...: local link IPv6 address ...: FE80: £ º5919: 851f:5249: 17f1% +IPV4 Address ............:192.168.116.1Subnet Mask ............:255.255.255.0Default gateway .............: tunnel adapter ISATAP. {784b4179-ba1c-4521-9b8d-f8e29487d30b}: Media status ............: Media has been disconnected from the specific DNS suffix ...: Tunnel adapter ISATAP. {0ff64fc6-5250-4e80-8d12-902e97461a8e}: Media status ............: Media has been disconnected from the specific DNS suffix ...: Tunnel adapter ISATAP. {2b3c716b-2a34-478d-a21f-FE38734BC6BF}: Media status ............: Media has been disconnected from the specific DNS suffix ....: C:\Windows\system32>

The corresponding IP address is 192.168.253.1, so the Android client has access to the address

http://192.168.253.1:8888/Android Access interface

Also click Fiddlerroot Certificate, and then follow the prompts to import the certificate, the name of the certificate itself casually up a

Don't think it's over. The next step is to set up the Http/https agent, although Fiddle said that this agent is an HTTP proxy, in fact, not accurate, this agent can not proxy the protocol also implemented the forwarding (personally feel is directly connected), such as QQ and the client did not use the HTTP proxy

Proxy settings are similar

For native, 127.0.0.1:8888 protocol type Http/https

For Android clients, the 192.168.253:8888 protocol type Http/https

Grab a few HTTPS messages after Setup is complete

Using fiddle to monitor HTTPS Web pages