Shulou(Shulou.com)06/01 Report--

Using fiddler to realize mobile phone bag grabbing

Fiddler download address: https://www.telerik.com/download/fiddler

1. Brief introduction of Fiddler bag capture

Fiddler monitors and intercepts data by rewriting the HTTP agent to let the data pass through it. Of course, Fiddler is awesome, and it has already set up a proxy for the browser the moment it is opened. When you shut it down, it helps you restore the agent. Isn't that sweet?

2. Set Fiddler to decrypt the network data of HTTPS

To decrypt HTTPS, you need to open it manually. Click:

1. Tools-> Fiddler Options-> HTTPS

two。 Check Decrypt HTTPS Traffic (install certificate, select YES)

3. Click OK

3. Fiddler grabs Iphone / Android packets

The data packets on the mobile end are all going out to wifi, so we can turn on the hotspot of our computer, connect the phone to the computer, after Fiddler turns on the agent, let the data go through Fiddler,Fiddler to catch these packets, and then send them to the router (figure).

1. Turn on the Wifi hotspot and connect the phone.

two。 Open Fidder and click [Tools]-> [Fiddler Options] in the menu bar.

3. Click [Connections], set the proxy port to 8888, check Allow remote computers to connect, and click OK

4. At this time, you can see the IP of your local wireless network card in Fiddler (if not, restart Fiddler, or you can find your own network card IP in cmd by ipconfig)

5. Connect the wifi of PC on the mobile phone, and set the proxy IP and port (proxy IP is the IP shown above, and the port is the proxy port 8888 of Fiddler)

6. Go to the web page and enter the agent IP and port, download the certificate of Fiddler, and click FiddlerRoot certificate below

7. After installing the certificate, you can use your mobile phone to access the application, and you can see the intercepted packets.

[note]: if you encounter an error similar to the following when opening a browser, please open the certificate decryption mode of Fiddler (Fiddler sets decryption of HTTPS network data)

No root certificate was found. Have you enabled HTTPS traffic decryption in Fiddler yet?

The following figure appears in log (check the certificate installed on the phone, check the certificate decryption mode of opening Fiddler, and try to reopen Fiddler)

AutoResponder allows you to intercept requests for specified rules

I bound the keyword "baidu" to the picture of my computer "f:\ Users\ YukiO\ Pictures\ boy.jpeg". Click Save to save, check Enable rules, and then visit baidu, and you will be hijacked.

. Inspectors View data content

Inspectors is used to view the content of the session. The top part is the content of the request, and the bottom part is the content of the response:

. Filters request filtering rules (specify to display sessions under a domain name)

Fiters is used to filter requests, the window on the left is constantly updated, when you want to see your system's requests, you refresh your browser, a lot of people don't know where the requests come from, it's a nuisance, and it keeps refreshing your screen. At this time, filter rules to filter out requests you don't want to see.

Check the Use Filters filter in the upper left corner. Here are the two most commonly used filtering conditions: Zone and Host.

1. Zone specifies that only the content of private network (Intranet) or Internet (Internet) is displayed:

2. Host specifies to display the session under a domain name:

Fourth, restore the status of mobile phones.

After grabbing the bag, you need to restore the status of the phone manually as follows (there may be slight differences between different models):

(1) stop the network monitoring of the computer to the mobile phone: system setting-WLAN, long press wifi to modify the network, advanced options to find the agent, and remove the manual agent

(2) Delete the certificate from the phone: Android sets the security and trusted credentials of the system device, and click on the certificate to delete.

(3) Delete the password on the mobile phone: mobile system-Security-password, delete the system password.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.