Fiddler Captures packets

The client (browser) communicates with the server through THE TCP connection and HTTP protocol. The browser sends HTTP requests to the server by default. Fiddler is an HTTP proxy server developed in c#Seven layersIn theThe application layer, can capture the HTTP (s) requests that pass. When fiddler starts, it automatically sets the proxy server to port 8888. After startup, you will see:

Packet capture involves three roles: client, agent, and target server

The original normal access to the web page or App path is:

  • Client –> Target server
  • Packet capture, in fact, to join a proxy, namely: client -> matchmaker (proxy) -> target server
  • Only when the three have a certain connection can something be intercepted/captured. The client first visits the matchmaker, and the matchmaker records the information of the client, and then the matchmaker contacts the target server and returns it to the client.

Fiddler Fetches HTTPS messages:

Detailed process analysis:

+ The client requests to establish an HTTPS connection and sends information such as the encryption protocol and version list supported by the client to the server. + Fiddler accepts the client request and sends the same request to the Web server disguised as the client; + The Web server receives a request from Fiddler, filters the appropriate encryption protocol from the request, and returns the server CA certificate, which contains the public key information. + Fiddler After receiving a response from the server, saves the server certificate, self-signs a certificate, and sends it to the client pretending to be the server. The client validates the validity of the certificate (whether Fiddler can capture HTTPS messages) (the certificate is issued by the Root certificate approved by the CA organization); + The client generates a symmetric key, encrypts it using the public key of the self-signed certificate, and sends it to the server. + Fiddler intercepts the client's request, decrypts the packet using the private key, obtains the symmetric key, encrypts it using the CA certificate's public key, and sends it to the Web server. + The Web server receives the symmetric key encrypted by the client, uses the private key to decrypt the test data, and uses the symmetric key to decrypt the test data to the client. + Fiddler decrypts the message using the symmetric key obtained earlier; + After the client verifies that the data is correct, the HTTPS connection is established, and the client sends the service data encrypted with symmetric keys to the server. + Fiddler uses the symmetric key obtained earlier to decrypt and re-encrypt the data sent by the client and forward it to the client.Copy the code

In HTTPS, asymmetric keys are used to negotiate symmetric keys, and then symmetric keys are used to encrypt service data.

This chapter describes the key negotiation and handshake procedure.

  • The client requests to connect to the server and sends the encryption protocol and version list supported by the client to the server
  • The server confirms the encryption method and sends the CA certificate (including the public key) to the client
  • The client verifies the reliability of the certificate (Is it valid? Is it legal?) , and take out the public key from the CA certificate, and then generate a random key K, and use the public key encryption to get K’ to send to the server.
  • The server receives k prime and decrypts it with its private key to get k.
  • At this point, both parties have obtained key K, and then data transmission with key K is completed.

Software download:

Fiddler Installation package → fiddlersetup.exe

Willow plug-in installation package → Willowsetup-1.5.2.zip

The nGINx forward proxy and reverse proxy are explained

The biggest characteristics of forward proxy:

  • The client knows exactly which server address to access
  • The server only knows which proxy the request is coming from, not from which specific client
  • The forward proxy mode masks or hides real client information

The reverse proxy is used when server clusters are deployed in distributed mode. The reverse proxy hides server information.

Once you understand how Fiddler works, it’s clear.

Tips: When node is used as an intermediate proxy server, it will not be caught by fiddler, Whistle, Charles, etc.

Fiddler sets a breakpoint

Attach a larger version