Besides Fiddler, wireshark, Burp Suite, etc. The principle is that an HTTP proxy server is enabled on the local machine, which then forwards all HTTP requests and responses.
1. Install the fiddler
2. Configure Fiddler to grab mobile devices (including HTTPS)
-
Open apps ->Tools->Fiddler Options…
-
Under the HTTPS TAB, check Capture HTTPS CONNECTs, check Decrypt HTTPS Traffic, check Ignore Server Certificate Errors (unsafe)
-
Under the Connections TAB check ->Allow Remote Computers to connect
3. Configure the mobile terminal and use the Fiddler agent to access the Internet
- First, you need to know the IP address of your computer, shortcut WIN+R, enter CMD, press Enter, and enter ipconfig in the command window
- The mobile phone and PC must be in the same network segment, modify the proxy information of mobile phone WIFI. Proxy: manual, proxy server host name: 192.168.2.33 (PC IP address), proxy server port: 8888
4. Download the certificate from Fiddler so that Fiddler can grab the MOBILE HTTPS.
Enter 192.168.2.33:8888 in your mobile browser (preferably a native one) and select the blue hyperlink at the bottom of the page to download the FiddlerRoot Certificate and name it Fiddler. (If the phone lock has not been set, it will prompt the phone to set the unlock password)
5. Fiddler uses a request list on the left, request information on the upper right, and response information on the lower right.
6. Intercept requests and responses through breakpoints
-
Rules->Automatic Breakpoints
-
Before Request is intercepted Before the user Request is sent to the server
-
An After Request is intercepted before the server response is returned to the user
Example: New Year activities. Transfer unwanted cards to other users’ active wechat accounts by modifying the request.
Enabling speed limits: Rules → Legends → Simulate Modem Speeds