当前位置:网站首页>How to use fiddler

How to use fiddler

2020-12-08 11:52:21 Yushia

If you're a front-end developer or Tester , that fiddler Absolutely one of the most valuable tools to master .fiddler Is the most powerful web One of the debugging tools , He can record all client and server's http/https Request and response , Allow you to monitor , Allows you to set breakpoints to debug , Even tampering with requests and responses .

One 、Fiddler How it works

Fiddler Set up a proxy server between browser and server .Fiddler Acting as agent web Working as a server , It uses a proxy address :127.0.0.1, port :8888. When Fiddler It will automatically log out when you exit , So it doesn't affect other programs .

Two 、Fiddler Usage scenarios of

1、 Development environment host To configure ;

2、 Front and rear interface joint debugging

3、 Location line bug—— Proxy the publish file to the local , Fast positioning line bug;

4、 Performance analysis and optimization ——Inspectors 、Timeline

3、 ... and 、Fiddler Installation and configuration of

fiddler No mobile client , All installed in PC On , To realize the program capture on the mobile phone , You need to PC Upper fiddler Make some configuration with the mobile terminal . Steps are as follows :

Prerequisite :

1). Testing a mobile phone needs support Wifi

2). Testing mobile phones and computers requires the same network

(1) Computer download Fiddler

Official website : www.telerik.com/feddler

Download address : www.telerik.com/download/fi…

(2) PC End Fiddler To configure

Allow monitoring https

open Fiddler Tool->Fiddler Options->HTTPS .

Check on Capture HTTPS CONNECTs( Capture HTTPS Connect )、 Decrypt HTTPS traffic (HTTPS Request decryption ) and ignore server certificate errors( Ignore server certificate errors

Installation certificate ( First use without certificate , Will pop up whether to trust fiddler Certificates and security tips , Just click yes Just go ), restart Fiddler take effect .

Be careful :

occasionally No pop-up installation certificate or prompt at all , This situation is usually in Win7 There are more of them ,Win7 The system of https aspect stay .net Framework4.0 There are bug

The solution is :

cmd Command line   find fiddler Installation directory   Such as :

cd C:\Users\JayshSoft\AppData\Local\Programs\Fiddler   //fiddler Installation directory 
 Copy code 

Then execute the following command

makecert.exe -r -ss my -n "CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com" -sky signature -eku 1.3.6.1.5.5.7.3.1 -h 1 -cy authority -a sha1 -m 120 -b 22/11/2020
 Copy code 

  ** Be careful :** The last date of the order 22/11/2020   Must be greater than the current date Otherwise, creating a certificate is expired   After this is done Go and reconfigure it again You can install the certificate correctly .


Allow phone remote connection

Click on Fiddler->Tools -> Options, stay Connections Panel select Allow remote computers to connect Allow other devices to connect ( This operation needs to be restarted Fiddler take effect ).

“fiddler listens on port:” The default is 8888, Such as the port of your computer 8888 Occupied , The port that is not filled in

Check the computer ip Address

adopt cmd Command line input ipconfig Inquire about

Or put the mouse over fiddler In the top right corner of the online Can display the ip Address .

(2) Mobile terminal configuration

take Fiddler Only when the certificate of proxy server is exported to the mobile phone can we grasp these APP My bag .

The import process : Open the browser , In the address field, enter... For the proxy server IP And port ( That's computer IP Add fiddler The port of ), You'll see a Fiddler Page provided , Then make sure to install it

Turn on the phone Set up —> WlAN , Choose the connected wifi( Must ensure PC The end and the mobile end are in the same network segment ).

Long press the wifi, And then choose “ Modify the network ”, Then check it out. “ Show advanced options ”, Select Manual proxy settings , Host name filling Fiddler On the computer ip, Port filling Fiddler port , Default 8888, Save it .

After configuration, it is found that other web addresses of mobile browser are not allowed to access the Internet , Can be in “ Do not use proxy for the following URL ” Please fill in the relevant website And Internet access to relevant websites

Four 、Fiddler Use

(1) View functional area

The concept of conversation : A request and a response is a session .

  • fiddler main interface

Several explanations are commonly used in the shortcut function area

  • Shortcut function area

1: Add notes to the conversation

2: Reload current session

3: Delete session options

4: release , Corresponding to the breakpoint , Detailed explanation later

5: Response patterns . That is to say , When Fiddler Get the remote response After that, it will cache a response to the client or use stream To respond directly to .

6: decode . Some requests are encoded , Click this button to automatically decode according to the encoding format of the response .

7: Find the conversation .

8: Save session .

9: screenshots . After the screen capture , A screenshot will be returned as a conversation .

  • Conversation list

# The column icon indicates

(2) Tamper request

At testing time , You're bound to come across this situation , Look at the form below ( Use “http://ip.360.cn/#/ipquery” Web page to explain ):

I've now entered an incorrect form ip Address , As a result, the front end has already thrown ip Wrong address , Limit my click on “ Inquire about ” Button , But I also want to know when there is no restriction on the current end , Submit an error to the server directly ip, See if the server can handle it , What should I do ?

use fiddler. Start by opening fiddler, Choose Rules->Automatic Breakpoints->Before Requests, Or click directly fiddler The lower left corner , Until the red up arrow appears ( Indicates that a breakpoint has been set during the request , The request from the client is fiddler Intercepted ), Here's the picture :

then , We changed the form to normal ip Address: e.g “202.106.212.255”, Then click query . Query found that the page did not respond , Look at this time fiddler, Find out ip.360.cn/IPQuery/ipquery The signature of this request also has a red upload arrow , It means that we have successfully intercepted the request . Now , We click on the request on the left , On the right side Inspectors->TextView perhaps Inspectors->WebForms The specific content of the request will be seen in the interface :

We click on the red box value place , hold ip Modified into “202.106.212.256”, And then click on the other red box “Run to Completion”, Now you can see the page just now :

choice json Look at the content returned from the back end

Then we can say , Not just the front end , It turns out that the server is on ip The address is also checked .

stay fiddler Of “Run to Completion” To the left of the button , There is also a button called “Break on Response”, What does this button do ?

seeing the name of a thing one thinks of its function , Just now “Run to Completion” It means running directly to this session end , and “Break on Response” It refers to intercepting the returned data again when returning .

Okay , This is a small example of a basic tamper request , I hope you can use it in your work .

(2) Tamper back with

What we tampered with just now is the content of the request , Can you tamper with the returned content ? for instance , Just now, ip Below the query input box is its return , It's marked with this ip The address and operator of , So if I want to construct a very long return , It is used to see whether the front page will deform when the returned data is very long ?

Use the example just now , Let's put the fiddler Set it like this : Choose Rules->Automatic Breakpoints->After Responses, Or click fiddler The lower left corner , Until there's a red arrow down ( The down arrow indicates that you are being fiddler Intercept ), as follows :

then , We submit a normal ip, Such as “202.106.212.255”, Then click query .

Now? , The front page is still not responding , Now we open it fiddler, I see that the return value of this request is as follows :

You can see , Back to a json data structure , Among them data The value of is the data to be displayed on the page . choice raw Visually modify this data The value is very long data .

I found that the front page truncated the long data I returned .

The above is a small example of tampering return , I also hope that readers can use it in practical work .

(3) Command line

fiddler The command line is used to filter and manipulate all session, Very powerful . The location of the command line is in the black box in the lower left corner . Now let's introduce some useful commands .

  • ?sometext command

When you type ? Then follow a string and press enter ,fiddler The current session In the list url Containing the string session. This command is very convenient for finding specific requests or responses . such as :

?.png This command selects all suffixes with png The picture of the conversation .

  • Select the sessions in the session list that are larger or smaller than a specific size

for example , Find more than in the conversation list 10k Of session:>10k perhaps >10000 If not k, Then the unit is byte . When looking for less than , Just replace the greater than sign with the less than sign .

  • Search for a specific return status code session

type =200, Search all return codes as 200 Of session

  • Look for... That uses a specific method session( for example GET or POST)

type =get, Highlight get Requests and responses .

  • Choose specific host Of session

type @image.baidu.com, Search for fiddler In the interface Host Column is image.baidu.com Of session

  • Set session bold in advance

We can use bold sometext Command to preset after url In the sometext Of session.

Such as :bold image.baidu.com After setting the command , in the future url Contained in the image.baidu.com Of session All will be bold and black show . Want to clear the command , Just type again bold, That is, without parameters bold that will do .

  • bpu somestring command

bpu Command pair that contains the specified string URI Create request breakpoints , Each time you set it, it will clear all the previous settings , And if you don't have parameters , All request breakpoints are cleared . Examples are as follows :

bpu /index.php

The order will be in every /index.php Set breakpoint when request occurs . Remember what I said before “ Intercept only part of the request ” What's the need for ? Just use this command .

  • bpafter somestring command

bpafter Command pair that contains the specified string URI Create response breakpoints , Each time you set it, it will clear all the previous settings , And if you don't have parameters , All breakpoints are cleared , Usage is as follows :

bpafter /favicon.ico

Back in favicon.ico The breakpoint is set when the resource is used .

  • bps command

namely “breakpoint status”, The response matching the set status code will be interrupted , Such as :

bps 404

fiddler The commands are basically set with parameters , Cancel setting without parameters .

  • bpv perhaps bpm command

Both commands are specific to http Method to create a breakpoint , It doesn't make any difference , Such as :

bpm get

For all get Request to set a breakpoint .

  • clear command

The order is clear about all session In the list session, And ‘Ctrl+x’ Function the same , I suggest that you still use the shortcut key .

  • dump command

Save all of the current session To local

  • urlreplace oldStr newStr

The order can put url in oldStr Replace with newStr, for example :

There is one session,url by “www.haosou.com/?src=so.com”,

I execute the following order :

urlreplace src=so.com src=baidu.com

Refresh the page again , Then we found that url Turned into “www.haosou.com/?src=baidu.com”. As for the use scenario , Imagine the following for yourself .

  • select MIME

choice Content-Type Containing the specified string in the header session, This command can be used to select the file format , Such as :

select image

This command highlights all images session;

select js

This command highlights all js Request and response .

(4) Simulate slow network speed

occasionally , We want to take a look at the slow speed of the Internet , our web How exactly does the page behave , How about a rendering of the page , But the company network is too fast , What do I do ? Now ,fiddler It can definitely meet your needs . because fiddler It's an agent , We introduced fiddler Can intercept requests and return , That can definitely delay the upload of requested data or the download of returned data , So as to limit the network speed . Let's take a step-by-step look at how to limit the network speed .

First click on Rules->Customize Rules, Search for “m_SimulateModem” This place , The code is as follows :

if (m_SimulateModem) {
    // Delay sends by 300ms per KB uploaded.
    oSession["request-trickle-delay"] = "300"; 
    // Delay receives by 150ms per KB downloaded.
    oSession["response-trickle-delay"] = "150"; 
}
 Copy code 

The first value sets the delay in the request upload process ; The second value is the delay in the return download process , such as , I put the first number of 300( In milliseconds ) Switch to 2000, Then save , After the save , Click on Rules->Performance->Simulate Modem Speeds Check , Then you can open a web page at will to test whether it slows down . Is it really slowing down , ha-ha .

(5) As an interface testing tool

fiddler The other powerful function of is , It can be used as an interface testing tool , To send any form of request . Let's take the simplest GET Ask for an example to see .

fiddler There's one on the right Composer tab , This function can be used to send http request . Here's the picture :

We send a GET request ,url yes https://api.github.com/events, And sending header Input in

User-Agent: Fiddler Then click on the one on the right Execute, You can send it successfully . After sending , On the left side. session The list will have the request we just sent , Double click on the session after , On the lower right response You can see the returned content in the window !

(6) session filter :Filters

occasionally , We just need to focus on a domain name , Or the request and response of a software , however fiddler If you don't make any settings , By default, it captures all the interaction between the software and the server , In order not to let irrelevant session Distract our attention , We can set fiddler Just grab a particular session

First we click fiddler On the right side of the window “Filters”, Tick the mark 2 Positional “Use Filters”, And then mark 3 Position in the drop-down list “Show only the following Hosts” And enter the “*.360.cn;”, We only want to pay attention to the suffix of domain name 360.cn Of session, After the save , We can test it , Open the baidu , Find out fiddler There is no record of any session, But turn it on 360.com, Find out session It's coming out. .

Filter It's very powerful , Just for a small example through the domain name , It can also be done such as showing only the intranet ip Request response 、 Show only the request response of a specific software 、header Request response matching arbitrary rules, etc , Waiting for you to explore .

(7) Customize session Column

fiddler Left side session Listed Result、Protocol、Host、URL、Content-Type wait , But sometimes we may come across situations like this : I need to know the current request and response server's ip, that , If fiddler Add a column “ServerIP”, every last session Will show ip, Of course, it would be better . just fiddler This function is provided :

open Rules->Customize Rules, And then look up the string static function Main(), Add the following line at the end of its method body :

FiddlerObject.UI.lvSessions.AddBoundColumn("ServerIP", 120, "X-HostIP");
 Copy code 

The code for the entire method is as follows :

static function Main() {
        var today: Date = new Date();
        FiddlerObject.StatusText = " CustomRules.js was loaded at: " + today;

        // Uncomment to add a "Server" column containing the response "Server" header, if present
        // UI.lvSessions.AddBoundColumn("Server", 50, "@response.server");

        // Uncomment to add a global hotkey (Win+G) that invokes the ExecAction method below...
        // UI.RegisterCustomHotkey(HotkeyModifiers.Windows, Keys.G, "screenshot"); 
        FiddlerObject.UI.lvSessions.AddBoundColumn("ServerIP", 120, "X-HostIP");
}
 Copy code 

Setup complete , restart fiddler, Visit any website to see the effect !

(8) Text encoding transcoding tool TextWizard

occasionally , We want to know something like “\u5317\u4eac” In this way unicode What does a string mean , It can also be used. fiddler Translate them : open Tools->TextWizard, The input box will appear , as follows :

textwizard.png

The translator learned that , This is a “ Beijing ” Two words .

You can do it URLEncode And Decode, for example “https://www.baidu.com/s?wd=%E4%BD%A0%E5%A5%BD” Can be URLDecode by “https://www.baidu.com/s?wd= Hello ”.

Of course , You can do it Base64 And other encryption and decryption algorithms .

(9) AutoResponder Replace response

occasionally , We may have such a need : Something on the line js There is a problem , It needs to be fixed , So after the repair , I need to verify it before I can go online , How to verify ? I can use fiddler Set a rule , When online requests a.js When , I put a.js Use locally repaired b.js Instead of , See if it's fixed correctly , After the test is correct , I can directly repair the js Just push it online ; Maybe , You may also have problems like this : A cell phone app There's a button in , Click the button to jump to “http://www.baidu.com”, But when I tested , You may need to change the jump address to “http://www.haosou.com”, What shall I do? ? It can also be used fiddler Of AutoResponder Function to visit the link can be replaced .

Next , I want to visit 360 Easy to search url, Then let it open is Baidu .

First , We are fiddler On the right “AutoResponder” tab , Make the following settings :

You can see , We are AutoResponder A rule has been added to the interface of the tab (Rules), This is how the interface shows :

If request matches “http://www.haosou.com” , then respond with “http://www.baidu.com”, As long as it matches a good search url, Then replace it with Baidu in response . Next , You can visit haosou and try it , It's Baidu .

5、 ... and 、 Reference material

[ 1 ] www.cnblogs.com/chaseHard/a…

版权声明
本文为[Yushia]所创,转载请带上原文链接,感谢
https://chowdera.com/2020/12/20201208115218990j.html