Shulou(Shulou.com)06/02 Report--

How to modify Websocket message with the help of FreeHttp, in view of this problem, this article introduces the corresponding analysis and answer in detail, hoping to help more partners who want to solve this problem to find a more simple and easy way.

Preface

Websocket, as one of the most common data transmission protocols in Web applications, is bound to be often used in our daily work, and in debugging or testing, we often have the need to directly change Websocket data packets to confirm its impact on applications. This paper will introduce a flexible and convenient way to tamper with the data sent and received by Websocket.

Previous articles have mentioned how to use FreeHttp to modify HTTP request / response messages. In fact, Websocket data messages can also be modified arbitrarily with the help of FreeHttp. (in fact, tools such as burp suite and fiddler's script can also be done.)

FreeHttp provides an easier way for you to arbitrarily tamper with data sent and sent by websocket using a set of rules set in advance according to demand (both text and binary data modifications are supported)

Back to the top.

Introduction and installation of FreeHttp

FreeHttp is a Fiddler plug-in. With FreeHttp, you can modify http request or response messages according to your own settings (and support websocket changes).

FreeHttp installation can view https://www.cnblogs.com/lulianqi/p/10428551.html#_label0_1 directly (the content is long, you can only view the installation section)

Back to the top.

Practice of changing WebSocket package

Next, I'll show you how to use FreeHttp to modify Websocket messages in transit to meet our hypothetical needs!

1:WebSocket editing mode

After entering the FreeHttp Tab page, HTTP mode is opened by default. You can click "HTTP/WS" at the bottom left to switch to WebSocket mode. (if you do not see "HTTP/WS", it means that the FreeHttp you are using is 1.3 or below. Please upgrade FreeHttp through the link mentioned above. Note that you can directly replace the upgrade, and the upgrade will not affect your existing historical rules.)

2: suppose our scene

We choose any site that uses WebSocket to demonstrate. Usually, most of the live chat IM systems in Web systems directly use WebSocket.

Let's take JD.com 's website as an example to demonstrate (in fact, many WebSocket online test sites can be found online for everyone to debug and use, and there is no malice to use JD for demonstration here)

As shown in the picture above, we go directly to JD.com 's home page and click on the customer service IM chat system in the lower right corner (make sure your Fiddler is open during this period)

You can have a few words with JD.com customer service at will (of course, the customer service at this time is probably just a robot)

Suppose we want to modify the reply given to us by customer service to "my brother has spoken, 90% discount today" (just a joke, please don't take it seriously)

3: create a rule to complete the change package

As shown in the figure above, we need to find the Session of the Websocket we just chatted in the Session list on the left of Fiddler (in fact, the handshake negotiation of Websocket to establish a link uses HTTP, and once the link is established, it will always use the same link to transmit data, so no matter how many packets are sent and received behind this Websocket link, most packet grabbing tools will display them in the same Session, that is, the Session where the link was created.) This Session is usually easy to find in the Session list, because there are usually not too many items marked as Websocket in the Session list (note the Session with the ws icon in the Session list).

Double-click the Session we just found in the list to open the WS message list, where we can find the content that the customer service has just replied to us, which confirms that we have found the correct Websocket Session.

Pay attention to the structure of the message that is replied to us, and we will create our tampering rules later.

As shown in the figure above, now let's switch to the FreeHttp Tab page to create a simple WebSocket tampering rule to complete our just requirement.

You can click FreeHttp directly to get the icon (the location of "Click here" in the image above), and FreeHttp will automatically create an exact matching rule for the session you choose (and automatically switch http/ws mode according to the type of session you choose). Of course, if you are familiar with Filter in FreeHttp, you can manually create matching rules that better meet your own requirements. (https://www.cnblogs.com/lulianqi/p/10428551.html#_label1 you can find detailed rules for Filter here)

Looking at the WebSocket messages that the customer service replied to us, we can easily see that we can directly modify the highlighted text.

Because what we want to modify is to receive data, as in the picture above, we switch to "Websocket Receive Moditfic", and then fill in the rules in the "Payload Modific" area directly. (we use the simplest text replacement, and for more complex scenarios, we can use regular substitution or other modes such as HEX. Https://www.cnblogs.com/lulianqi/p/10428551.html#_label2_0 you can find ways to use other patterns in 2.1.4 here).

When the rule is completed, click the lower right corner to confirm to save the tampered rule you just created.

After saving, you can see the rule you just added in the "Response Rule" list on the right. Note that the yellow highlighted area in the image above enables the rule you just added according to this setting (the newly added rule is not enabled by default)

After completing the rule creation, we send hello to JD.com customer service again, and you can see that the reply received on the Web page has changed according to our rules. (you can also see the change in the developer tools on the web page or in the session ws message list on Fiddler)

Have you noticed the entrance to "ask other questions" in the lower right corner? we can add another rule as we just did, and change this "ask other questions" to "90% discount entry" (we won't repeat it here).

We send you again. Hello, you can see that the quick entrance in the lower right corner has also changed.

Note that there is a detail here, because a session needs to match multiple rules for modification. If you find that your FreeHttp can only match one of them, please open "Modific Tool" and "http tamper setting" below and cancel "is only match first tamper rule".

4: complex scenes

Although we have completed our initial requirements as described above, the requirements in real situations are often not immutable, and FreeHttp also provides many more elaborate features to help you create tampering rules to tamper with Websocket messages.

In the same example mentioned above, there are usually a lot of real-time messages in Websocket. Not all messages are customer service responses to our text messages. There is no need for us to tamper with all the messages received.

As shown in the figure above, we create a more specific Filter rule and configure that only the return message at the beginning of payload can be matched, and create a more recognizable alias "modify customer service reply" for this rule.

Sometimes we need to get some data in the occurrence or reply message and turn it into parameterized data for later rules to use. For example, if we need to get the content we send to customer service, we need to create a "Websocket Send Modific" rule and use "parameter data" to get dynamic parameters.

By analyzing the payload we sent, it is not difficult to find that all the text messages we send have a fixed beginning. We can create matching rules for "Websocket Send Modific" as shown above.

Because this rule does not need to modify the message is only used to obtain dynamic data, we "Payload Modific" do not need to fill in anything, just click on the lower parameter icon (the icon in the red dotted box) to add the parameter pick rule as shown above (parameter name is my content, use string to pick up the scope is the request or response entity, starting with}, "content": "and ending with", "render": "user". For more details on parameter pick settings, you can check out https://www.cnblogs.com/lulianqi/p/10428551.html#_label8_2 8.3 to dynamically pick parameterized data)

Enable the rule you just added and send it again in the IM chat box. The rule we just created will pick up the content we sent from the payload we sent. As shown in the figure above, we open the parameter manager through "Modific Tool" and "parameter data manage" to view the content we picked (note that this data will change dynamically according to each pick)

Next, we will directly use the data we picked up earlier in the following rules. We now double-click the Response Rule we just created, "modify customer service reply to discount message" to edit it.

As shown above, we can easily find the "my content" parameter we just picked and apply it directly to our rules by right-clicking where we need to insert the dynamic parameters. At the same time, you can click the alarm clock icon below to set the delay for this session. (for more use of parameter data manage, you can see https://www.cnblogs.com/lulianqi/p/10428551.html#_label8 8: parameterized data Settings)

Don't forget to make sure to save the changes after the changes are completed.

As shown in the figure above, when you send a message like "you are all right" to the customer at this time, the customer service reply will directly use the parameters we just picked up.

Back to the top.

In fact, with FreeHttp, you can create arbitrary tampering rules for APP mobile applications, Web web pages, Mini Program Websocket and HTTP messages to modify messages.

For more details on the use of FreeHttp, you can see the instructions for using https://www.cnblogs.com/lulianqi/p/10428551.html.

The following are other testing / debugging practices done with FreeHttp

Add vConsole debugging to any mobile web web page with FreeHttp

Wechat is authorized to log in to mock (to test a large number of Wechat accounts without real Wechat accounts)

HTTPS man-in-the-middle attack practice (principle practice)

Use FreeHttp to force the login status of Wechat official account (implementation ~ principle)

Use a browser to access or debug Wechat official account (skip Wechat authentication)

This is the answer to the question on how to modify the Websocket message with the help of FreeHttp. I hope the above content can be of some help to you. If you still have a lot of doubts to be solved, you can follow the industry information channel to learn more about it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.