Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Fiddler tutorial

2025-04-01 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

A basic introduction to Fiddler

M

The official Fiddler website provides a large number of help documents and video tutorials, which are the best materials for learning Fiddler.

Fiddler is one of the most powerful and best-used Web debugging tools. It records all client and server http and https requests, allows you to monitor, set breakpoints, and even modify input and output data. Fiddler includes a powerful subsystem based on event scripts and can be extended using the. Net language.

The more you know about the HTTP protocol, the more you will know how to use Fiddler. The more you use Fiddler, the more it will help you understand the HTTP protocol.

Fiddler is a very useful tool for both developers and testers.

How Fiddler works

Fiddler works as a proxy web server, using proxy address 127.0.0.1 and port 8888. When Fiddler exits, it automatically logs out so that other programs are not affected. However, if Fiddler does not exit normally, the web page will not be accessible because Fiddler does not log out automatically.

Other tools of its kind

Similar tools are: httpwatch, firebug, wireshark

How Fiddler captures Firefox's session

The packet of any program that can support HTTP agent can be detected by Fiddler. In fact, the running mechanism of Fiddler is the HTTP agent that listens on port 8888 on the local machine. When Fiddler2 starts, the default IE proxy is set to 127.0.0.1 Firefox 8888, while other browsers need to set it manually, so changing the proxy to 127.0.0.1 8888 will listen to the data.

Use the following steps to set up the proxy on Firefox

Click: Tools-> Options, and click Advanced tab-> network tab-> setting on the Options dialog box.

How Fiddler captures HTTPS sessions

By default, Fiddler does not capture HTTPS sessions. You need to set it to open Fiddler Tool- > Fiddler Options- > HTTPS tab.

Select checkbox, pop up the following dialog box, and click "YES"

After clicking "Yes", it is set up.

Basic interface of Fiddler

Look at the basic interface of Fiddler

HTTP Statistical View of Fiddler

By displaying all the HTTP traffic, Fiddler can easily show you which files generate the page you are currently requesting. Using the Statistics tab, users can select multiple sessions to get the total information statistics for these sessions, such as multiple requests and the number of bytes transferred.

Select the first request and the last request to get the overall time spent loading the entire page. From the bar chart, you can also distinguish which requests take the most time, so as to optimize the access speed of the page.

Use of the QuickExec command line

In the lower left corner of Fiddler, there is a command line tool called QuickExec, which allows you to enter commands directly.

The common orders are:

Help opens the official usage page, and all the commands will be listed.

Cls screen removal (Ctrl+x can also clear screen)

Select commands for selecting session

The picture used to select the png suffix.

Set breakpoints in Fiddler to modify Request

The most powerful function of Fiddler is to set breakpoints. After setting breakpoints, you can modify any information in httpRequest, including host, cookie or data in the form. There are two ways to set breakpoints:

First: open Fiddler and click Rules- > Automatic Breakpoint-> Before Requests (this method interrupts all sessions)

How to eliminate the command? Click Rules- > Automatic Breakpoint-> Disabled

Second: enter the command on the command line: bpu www.baidu.com (this method only interrupts www.baidu.com)

Look at an example, simulate the login of the blog park, open the login page of the blog park in IE, enter the wrong user name and password, interrupt the session with Fiddler, and change it to the correct user name and password.

1. Open the login interface http://passport.cnblogs.com/login.aspx of the blog park with IE

two。 Open Fiddler and enter bpu http://passport.cnblogs.com/login.aspx on the command line

3. Enter the wrong user name and password and click Login

4. Fiddler can interrupt this session, select the interrupted session, click WebForms tab under Inspectors tab to change the username and password, and then click Run to Completion as shown in the following figure.

5. As a result, I correctly logged in to the blog park.

Set breakpoints in Fiddler to modify Response

Of course, Response can also be modified in Fiddler:

First: open Fiddler and click Rules- > Automatic Breakpoint-> After Response (this method interrupts all sessions)

How to eliminate the command? Click Rules- > Automatic Breakpoint-> Disabled

Second: enter the command on the command line: bpuafter www.baidu.com (this method only interrupts www.baidu.com)

How to eliminate the command? Enter the command bpuafter on the command line

The specific usage is similar to that of the previous section, so I won't say much about it.

Fiddler's AutoResponder tab allows you to return files locally without sending http request to the server.

1. Open the home page of the blog park, save the logo image of the blog park locally, and make some changes to the picture.

two。 Open the session where Fiddler finds the logo picture, http://static.cnblogs.com/p_w_picpaths/logo_2012_lantern_festival.gif, and drag the session to AutoResponer Tab

3. Select Enable automatic reaponses and Unmatched requests passthrough

4. Select Find a file... under Rule Editor below Select a locally saved picture. Finally, click Save to save.

5. If you use the home page of IE blog Park, you will see that the picture on the home page is local.

Every time you use Fiddler and open a website, you can see dozens of sessions in Fiddler, dazzling. The best way is to filter out some conversations, such as those that filter out pictures. There is filtering in Fiddler, and there are many options in the Filters tab on the right. If you study it a little bit, you will know how to use it.

Session comparison function in Fiddler

Select 2 sessions, right-click and then click Compare, and you can use WinDiff to compare the differences between the two sessions (of course you need to install WinDiff)

Coding gadgets provided in Fiddler

Click TextWizard on the Fiddler toolbar, which can be used for Encode and Decode string.

Query session in Fiddler

Use the shortcut key Ctrl+F to open the Find Sessions dialog box and enter keywords to query the session you want. The session queried will be displayed with × ×.

Save the session in Fiddler

Sometimes we need to save the conversation so that we can send it to others or analyze it later. The steps to save the session are as follows:

Select the session you want to save, and then click File- > Save- > Selected Sessions

Fiddler's script system

The most complex thing about Fiddler is the script system, the official help document: http://www.fiddler2.com/Fiddler/dev/ScriptSamples.asp.

First install the SyntaxView plug-in, Inspectors tab- > Get SyntaxView tab- > Download and Install SyntaxView Now... The figure below is as follows

After the installation is successful, there will be one more Fiddler Script tab for Fiddler, as shown below:

Inside we can write scripts and look at an example to show all cnblogs sessions in red.

Place the script under the OnBeforeRequest (oSession: Session) method and click "Save script"

If (oSession.HostnameIs ("www.cnblogs.com")) {

OSession ["ui-color"] = "red"

}

So that all cnblogs sessions will be shown in red.

When we use visual stuido to develop ASP.NET sites, we also need to use Fiddler to analyze HTTP. By default, Fiddler cannot sniff localhost sites. But as long as you put a dot after the localhost, Fiddler can smell it.

For example, the original address of ASP.Net is http://localhost:2391/Default.aspx, but after adding a period, it can be changed to http://localhost.:2391/Default.aspx

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Network Security

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report