Hypertext Transfer Protocol (HTTP) is a simple request response protocol, which is mainly implemented based on TCP. It can capture packets through chrome developer tools or Wireshark or Fiddler to analyze the details of HTTP request / response. This blog mainly discusses how to use Fiddler to capture HTTP and HTTPS
I Download and install fiddler
We strongly recommend that you download and install it on the official website, and attach a link here https://www.telerik.com/fiddler , installing in other places is likely to give you another pile of unnecessary software (garbage can). After downloading and installing, the page is like this:
After downloading and installing, the HTTPS protocol is not supported by default. To grab HTTPS,
First click Tools Options HTTPS in the upper left corner
Then select these three options,
Then click actions export root certificate to desktop, and the file will appear on the desktop:
We close fiddler, and then we need to import the certificate (the above file) into the browser. Take Google browser as an example: click Settings – Security and privacy settings – Security – manage certificate:
Import the certificate generated on the desktop from the trusted root certification authority. Finally, we reopen Fiddler to grab the HTTPS protocol
III Trying to grab http / HTTPS protocol
HTTPS is also an application layer protocol based on HTTP. It is only encrypted on the basis of HTTP. Fiddler will automatically help us decrypt and restore it to the original http
Let’s open a page at random (take Sogou as an example). At this time, we will see the following information on the left page of fiddler:
In the list on the left, each item is the captured http / HTTPS request + corresponding. In most cases, there is a request + corresponding (unless the other server hangs up). Select any item, You can observe the detailed format and specific information of the request and related responses (if you think there are too many contents, you can select any one, press Ctrl + A to select all, and then press Delete to delete all)
The content displayed in blue is the request + response of the obtained Sogou search page
Let’s double-click inspectors:
The top right corner is the detailed format of HTTP request (as shown in the figure above)
The bottom right corner shows the detailed format of HTTP response (as shown in the figure above)
Finally, click raw at the top to see the original data of the request and response:
However, it should be noted that the original data of the request is used to write directly to the TCP socket to form an HTTP request.
However, the original data of the response we see is actually compressed data (network bandwidth is a high-cost resource. Compressing and transmitting the data can save network bandwidth, improve efficiency and reduce costs). Therefore, we need to click the above decompression before we can see the HTTP response data read from the TCP socket.
Fiddler is equivalent to a “proxy”. When the browser accesses the browser page, it will send the HTTP request to Fiddler first, and fiddler then forwards the request to the browser server. When the browser server returns data, Fiddler gets the returned data, and then gives the data to the browser.
Therefore, Fiddler is very clear about the data details of the interaction between the browser and the browser server, which can help us complete the corresponding packet capturing work.