cool hit counter [Handbook] Let Fiddler crawl inbound requests, or call using Fiddler as a reverse proxy_Intefrankly

[Handbook] Let Fiddler crawl inbound requests, or call using Fiddler as a reverse proxy

Note: This article does not cover HTTPS scenarios

Recently in getting public development, in addition to actively to adjust the public interface, there is also a public backend to adjust your situation in turn, between the attack and conversion of a line. In the case of callbacks, it is necessary to want to know how the other side came to the request. I've used Fiddler a lot previously to grab requests going out from this machine, and it works very well, so now I'm wondering if I can reverse the process and have it grab incoming requests. Doing a search, the answer is yes, and there is documentation on the official website saying this.

This article is actually based on the instructions in the above document.

As you can see from the title of the documentation, the principle of implementing anti-catch is essentially configuring Fiddler as a reverse proxy service (Reverse Proxy). About the reverse proxy is how a thing please readers to understand their own, this article will not repeat, simple understanding is to let the real provide services of the site to hide behind the proxy service, the request is first to the proxy, and then by the proxy forwarded to the site behind, and then the site's response back out. Based on this principle, of course Fiddler, acting as a proxy, gets the round-trip data.

The documentation says three approaches to configuring reverse proxies, but there's really no difference in the way the last two are done, it's just a matter of choosing who uses the port ~ which will be covered below, so there are really only two approaches.

I. Registry specified port method (not recommended, has disadvantages)

1, in HKEY_CURRENT_USERSOFTWAREMicrosoftFiddler2 under the new DWORD-type key value ReverseProxyForPort, decimal way to enter the port of the site to capture the packet, such as the site port is 80, get done as shown in Figure.

2、turnFiddler, menuTool > Options,Connections leaf, assureAllow remote computers to connect Option Check。 as shown:

That 8888 above is Fiddler's web service port. Restart Fiddler and keep the capture state, at this point access will be able to access the port80 That site. from the local machine and you can also see that Fiddler has captured the request to site 80 just now. As for Allow... This option, is to allow other computers to access the local port 8888, if you don't check it, the external cannot access in through [http:// local area networkor extranetIPor domain name:8888] ~ of course, you have to remember to map out the 8888 at the gateway before that.

Note: This method has a limitation that it can only be done with perhapslocalhost or the local networkIP or computer name:8888 Initiation of requests, not a public IP or domain name, otherwise it will cause a circular capture that will never return a response and can only be eliminated by closing Fiddler.

II. Script rewriting port method

The method is via the menuRules > Customize Rules Open custom script, Find in itOnBeforeRequest approach, Add the following logic to it:

if (oSession.port == 8888) {
    oSession.port = 80;

The modified script looks like this.

The class library used for the script is . Net no doubt, but the syntax is like C# and not exactly, there should be a name for it, and I would appreciate guidance from those passing by. Note that the above logic is not a copy of the official documentation, the logic in the documentation is relevant to the domain name, I changed it to focus only on the port, in short the purpose is to modify the original request for port 8888 to a request for the target site, this example assumes that the target site's port is 80.

Also make sure that method one of the Allow... option is checked. Reopen Fiddler and keep capturing, at this point you will be able to access http://*:8888 without restriction, and you can see the results of the capture.

The third approach listed in the official documentation, in fact, is just to replace the port, the above examples are asking the requesting party to change the request address from the original port to 8888, but there are times when the requesting party is what you call immovable, such as the WeChat public page authorization callback url, it is required not to bring the port number, you can not fill a http://xxx:8888 go up, so this is to let Fiddler to occupy port 80, while changing the site's port to something else, and finally still use the script method to rewrite the port.


1、Selfdriving cars are so hot Apple is back in the pit
2、Seminar on Optical Communication and Digital Test Technology Latest Test Solutions for Signal Integrity Coherent Optical Communication 400G Data Center Silicon Optical Parameters etc
3、Tech Yuen Everyone loves to talk about artificial intelligence so lets get serious
4、2017 furniture industry retail data analysis furniture retail sales exceeded 280 billion
5、Meituan takeaway information leak More information to protect in the Internet age below

    已推荐到看一看 和朋友分享想法
    最多200字,当前共 发送