Use Fiddler to capture and manipulate WebSocket data. Find only one method that works. Windows 7 + Fiddler 5.0
Fiddler grabs WebSocket data
Double-click the WebSocket Session in Fiddler to see the data sent and received for this connection. Unfortunately, this TAB doesn’t have the ability to send data (an input field (HEX text) + a button), which would be almost perfect.
Enabling HTTPS support
To grab HTTPS and WSS requests, go to Tools > Options > HTTPS on the Fiddler menu and enable HTTPS. In the Actions menu, set the root certificate that your computer system trusts Fiddler.
Simple phone support
To capture data from your phone, go to Tools > Options > Connections and set the IP address of your phone and the port that Fiddler listens to as a proxy.
The mobile browser then accesses the PC’s IP + port to go to the Fiddler page to download the root certificate and trust (install) it.
If this is done, it is possible to monitor HTTPS and WSS requests, and most of them are.
Modify WebSocket data
The Fiddler interface doesn’t show any modifications to the WebSocket data, and a search doesn’t show much direct information, but there is plenty of information on how to print WebSocket data logs (starting with Fiddler 4.5, this is no longer necessary). I also saw an article that uses the Fiddler Core API to intercept and modify WebSocket data. Put the two together and you’re done.
Implement the Handlers class’s OnWebSocketMessage method in the Fiddler menu, Rules > Customize Rules. This method gets the data that WebSocket sends and receives and can be modified. In addition, the FildderScript in the Fildder home screen can also directly modify the script code.
Script syntax
Fiddler uses JScript.Net syntax. Isn’t that familiar? It doesn’t matter, I’m not familiar with it either, but I’m familiar with either JavaScript or C#.
Classic ASP users may be familiar with JScript and its good gay friend VBScript, which in addition to writing ASP, Windows VBS JS script code is also the main direction of use.
Simple point, JScript as IE 6 to write ojbK, absolutely original, anyway, the following example in the JS code is mostly. Refer to the test code at the end of this article, and don’t worry about the odd variable names in pinyin or abbreviated form.
Echo Test results
Test the complete code at the end of the article.
Echo test edit: DDD
echo
Fiddler
WebSocket
WebSocket sends data
Don’t know how to use itFiddlerTo send theWebSocketFor data, see regret in section 1.
Attached: test code
class Handlers
{
// Implement this method to intercept processing data
static function OnWebSocketMessage(oMsg: WebSocketMessage) {
var arr=oMsg.PayloadAsBytes();
var bs=Utilities.ByteArrayToString(arr);
var txt=bytesToViewText(arr);// This text is in English, readable text information, unreadable garbled characters, Chinese are filtered out
var newTxt="";
// Assume the modification scenario, as long as the data sent or received contains test Edit: do it
var edit=false;
if(txt.indexOf("test edit:") +1) {var nbs=bs;
var m1=/(test edit:)(.*)/.exec(txt)||[];
nbs=nbs.Replace(strToHex(m1[0] | |""),strToHex(m1[1]+(oMsg.IsOutbound?"send":"onmessage") +" change:"+m1[2]));
edit=true;
oMsg.SetPayload(hexToBytes(nbs));
newTxt=bytesToViewText(oMsg.PayloadAsBytes());
}
// a method to obtain the SessionID is not provided directly
var all=oMsg.ToString();
var m1=/#(\d+)/.exec(all)||[];
var sessionID=m1[1] | |- 1;
FiddlerApplication.Log.LogString(
sessionID+": ["+oMsg.ID+"]"
+"["+(oMsg.IsOutbound?"出":"Into") +"]"
+"["+(edit?"Change."+newTxt:"") +"]"
+txt+"\n");
}
// Here are some functions
static function bytesToViewText(arr:byte[]){
var s="";
for(var i=0; i<arr.length; i++){if(arr[i]>=32 && arr[i]<=126){
s+=String.fromCharCode(arr[i]); }}return s;
}
static function strToHex(str:String){
var byts=new byte[str.Length];
for(var i=0; i<str.Length; i++){ byts[i]=(byte)(str.charCodeAt(i)); }return Utilities.ByteArrayToString(byts);
}
static function hexToBytes(hexString:String)
{
hexString = hexString.Replace(""."");
var length = hexString.Length / 2;
var hexChars = hexString.ToCharArray();
var d = new byte[length];
for (var i = 0; i < length; i++)
{
var pos = i * 2;
d[i] = (byte)(charToByte(hexChars[pos]) << 4 | charToByte(hexChars[pos + 1]));
}
return d;
}
static function charToByte(c:String)
{
return "0123456789ABCDEF".indexOf(c); }...Copy the codeOnly to find such a method for WebSocket packet capture analysis and tamper data, compare soil, the end.