Fiddler Everywhere中圖標(biāo)

在這里插入圖片描述

完整版可參考: https://docs.telerik.com/fiddler-everywhere/user-guide/live-traffic/live-traffic

抓包

牛刀小時(shí)

在這里插入圖片描述

Connect

選取公眾號(hào)的一篇文章千古第一駢文進(jìn)行抓包。

在這里插入圖片描述

對(duì)應(yīng)上面的圖標(biāo)，可知The request used the HTTP CONNECT method - establishes a tunnel used for HTTPS traffic.

CONNECT mp.weixin.qq.com:443 HTTP/1.1Host: mp.weixin.qq.com:443Connection: keep-aliveUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.Version: 3.3 (TLS/1.2)Random: 51 77 BE 85 69 6F 64 15 B3 E2 C6 97 1E 91 26 53 5B 63 D6 97 01 C4 91 00 46 2E AB E6 0E 5F 5B EE"Time": 2041/2/7 下午8:15:13SessionID: 01 54 46 DA 04 9B 17 75 6C 56 0F 15 88 6B 6F FA AB EB AD E7 42 6C F3 0B DB C5 B7 C9 CA 11 66 00Extensions:     grease (0x1a1a)    empty    server_name    mp.weixin.qq.com    extended_master_secret    empty    renegotiation_info    00    supported_groups    grease [0xdada], x25519 [0x1d], secp256r1 [0x17], secp384r1 [0x18]    ec_point_formats    uncompressed [0x0]    SessionTicket    empty    ALPN        h2, http/1.1    status_request    OCSP - Implicit Responder    signature_algs    ecdsa_secp256r1_sha256, rsa_pss_rsae_sha256, rsa_pkcs1_sha256, ecdsa_secp384r1_sha384, rsa_pss_rsae_sha384, rsa_pkcs1_sha384, rsa_pss_rsae_sha512, rsa_pkcs1_sha512    SignedCertTimestamp (RFC6962)    empty    key_share    00 29 DA DA 00 01 00 00 1D 00 20 91 C0 DA D8 5E B4 87 6E B4 DC 15 06 F5 CF 07 2E FB 4E DA 86 C2 9F 5D 4D 07 BE 2E BF 48 E5 6D 7A    psk_key_exchange_modes    01 01    supported_versions    grease [0xfafa], Tls1.3, Tls1.2, Tls1.1    0x001b        02 00 02    grease (0x5a5a)    00    padding        204 null bytesCiphers:     [1A1A]    Unrecognized cipher - See https://www.iana.org/assignments/tls-parameters/    [1301]    TLS_AES_128_GCM_SHA256    [1302]    TLS_AES_256_GCM_SHA384    [1303]    TLS_CHACHA20_POLY1305_SHA256    [C02B]    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256    [C02F]    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256    [C02C]    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384    [C030]    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384    [CCA9]    TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256    [CCA8]    TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256    [C013]    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA    [C014]    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA    [009C]    TLS_RSA_WITH_AES_128_GCM_SHA256    [009D]    TLS_RSA_WITH_AES_256_GCM_SHA384    [002F]    TLS_RSA_WITH_AES_128_CBC_SHA    [0035]    TLS_RSA_WITH_AES_256_CBC_SHACompression:     [00]    NO_COMPRESSION

關(guān)于HTTPS，可參考 通過Wireshark分析HTTPS(1)

HTTP的一些狀態(tài)和字段

在這里插入圖片描述

這里可以看出來源是從www.bt4kyy.com過來的^[1].

403: 出現(xiàn)403是因?yàn)榉?wù)器拒絕了你的地址請(qǐng)求，很有可能是你根本就沒權(quán)限訪問網(wǎng)站，就算你提供了身份驗(yàn)證也沒用。講真，很有可能是你被禁止訪問了。 除非你與Web服務(wù)器管理員聯(lián)系，否則一旦遇到403狀態(tài)碼都無法自行解決。

504: 代表網(wǎng)關(guān)超時(shí) （Gateway timeout），是指服務(wù)器作為網(wǎng)關(guān)或代理，但是沒有及時(shí)從上游服務(wù)器收到請(qǐng)求。 204: 空內(nèi)容 服務(wù)器成功執(zhí)行請(qǐng)求，但是沒有返回信息。 0: 當(dāng)rule設(shè)置為reset/drop的時(shí)候，Result是0。 drop: Close the client connection immediately without sending a response. reset: Reset the client connection immediately using a TCP/IP RST to the client. 關(guān)于RST：RST標(biāo)示復(fù)位、用來異常的關(guān)閉連接。

?發(fā)送RST包關(guān)閉連接時(shí)，不必等緩沖區(qū)的包都發(fā)出去，直接就丟棄緩沖區(qū)中的包，發(fā)送RST。?而接收端收到RST包后，也不必發(fā)送ACK包來確認(rèn)。

在這里插入圖片描述

下載文件的js腳本

知道需要下載文件的url，使用下面的腳本就可以實(shí)現(xiàn)下載。

<script type='text/javascript'>top.location='https://down.7yolgame.com/***.apk';</script>

Fiddler Everywhere中的正則表達(dá)式

官網(wǎng)中的String Literals功能感覺用途不太大，很多時(shí)候達(dá)不到要求，不知道什么原因根本沒有作用，推測(cè)這個(gè)功能被廢棄了。

在這里插入圖片描述

這里主要看正則表達(dá)式: regex:(.*)www.ofgksa.com:10443/(.*)^[2] drop掉網(wǎng)站信息。

Meddler

目前只有exe程序，需要windows系統(tǒng)。個(gè)人理解，據(jù)此可以實(shí)現(xiàn)請(qǐng)求的攔截，響應(yīng)的攔截等功能。

Meddler is a HTTP(S) Generation tool based around a simple but powerful JScript.NET event-based scripting subsystem. It's kinda like a basic nodeJS test server, but a little more user-friendly.

下面的代碼是通過Fiddler Everywhere導(dǎo)出的Meddler script，運(yùn)行的話需要windows安裝meddler工具。

簡單解釋下代碼，當(dāng)又請(qǐng)求http://localhost:8088shakespeare/notes/29e0ba31fb8d/recommendations的時(shí)候，響應(yīng)頭和響應(yīng)體會(huì)被設(shè)置。

import Meddler;import System;import System.Net.Sockets;import System.Windows.Forms;// Script generated by Fiddler2 export.// You can set options for this script using the format://     ScriptOptions("StartURL" (where {$PORT} is autoreplaced by the Meddler port number), "Optional HTTPS Certificate Thumbprint", "Random # Seed")public ScriptOptions("http://localhost:{$PORT}/shakespeare/notes/29e0ba31fb8d/recommendations")class Handlers{    static function OnConnection(oSession: Session)    {    try {        if (oSession.ReadRequest())        {            var oHeaders: ResponseHeaders = new ResponseHeaders();            if (oSession.requestHeaders.Path == '/shakespeare/notes/29e0ba31fb8d/recommendations')            {                oHeaders.Version='HTTP/1.1';                oHeaders.Status='200 OK';                oHeaders.Add('Server', 'Tengine');                oHeaders.Add('Date', 'Sun, 14 Mar 2021 11:06:42 GMT');                oHeaders.Add('Content-Type', 'application/json; charset=utf-8');                oHeaders.Add('Transfer-Encoding', 'chunked');                oHeaders.Add('Connection', 'keep-alive');                oHeaders.Add('Vary', 'Accept-Encoding');                oHeaders.Add('X-Frame-Options', 'DENY');                oHeaders.Add('X-XSS-Protection', '1; mode=block');                oHeaders.Add('X-Content-Type-Options', 'nosniff');                oHeaders.Add('ETag', 'W/"2ef5130a02844285dd24b1944b547bfb"');                oHeaders.Add('Cache-Control', 'max-age=0, private, must-revalidate');                oHeaders.Add('Set-Cookie', 'locale=zh-CN; path=/');                oHeaders.Add('Set-Cookie', '_m7e_session_core=31e97c979dd3afee7d6cb2e17c9bc8ec; domain=.jianshu.com; path=/; expires=Sun, 14 Mar 2021 17:06:42 -0000; secure; HttpOnly');                oHeaders.Add('X-Request-Id', 'be8871a7-fe3d-43e8-a4dd-93b527b8e3f0');                oHeaders.Add('X-Runtime', '0.089191');                oHeaders.Add('Strict-Transport-Security', 'max-age=31536000; includeSubDomains; preload');                oHeaders.Add('Content-Encoding', 'gzip');                oSession.WriteString(oHeaders);                oSession.WriteBytes(Convert.FromBase64String('MjAxDQofiwgAAAAAAAADrdJNaxNBGAfwr7LsOS/zPrM56kW8KGygB5Ew2Z1Np1l3l85GD1LQgjEiLYVSsfQQREQvIuLBFqP9MJrd9JSv4NRKEre9CD3tMg8z/H/P89x77OrQbXGBGOMU1FwTD3puywVR6KEgCAClyq25sTZ5Rz+QPdUZbMa2vp7nmWk1m4MsTmVY/1MyjQ0tE7M+aOj0b+HijmlCT3iUQFEHoUBRSAjnQcRBROzbuc5jZZ+cnb6ejoa/jneK42fOzTTta/XzyVNfGaPTxP610746/95ea88nY3vxoVaPTCdIB0nutiDEwMaPdV8tz4jYql0ABcSMQ4QWQC4FUgxCIrB3HUCCiAcBqSsiCMMM2MYxjhVqZElvBVmOP57t/yh23013x+XesKogFFcNCwEBAgAPLgQQQ8EBQop2wbUIMLAAXIdddp6dcmU7xhlqbGSrglvt9l1/9ulr8Xl7dvq8/PCyaoDQdvnfOSynADyAOV8aFLQHgYwwplcZVjo33Tkot0/Kw2/T7wfzycjXSS9Wjq97iXMnmU9ezN6/nQ6/FK9OijejS5EAJ9VMcBEKIE49QhehSGiHJykMwm54Vaj/3H2BIPCY7StFEYuwlF0lhZTVzfCzTUtybqRp7iDn7GhYjPacNdU1adBX+SWR3bCKCKGt+78BXVuLgs8DAAANCjANCg0K'));                oSession.CloseSocket(); return;            }        }        oSession.CloseSocket();        }        catch(e) {MeddlerObject.Log.LogString("Script threw exception\n"+e);}    }}

更多內(nèi)容， 歡迎關(guān)注我的微信公眾號(hào): 無情劍客。