Fiddler抓包工具原理,软件使用介绍
Fiddler acts as a proxy between client applicaGons (such as a web browser) and the websites they are connecGng too.
All HTTP(S) requests and responses transit through the Proxy, giving you the ability to see exactly what is going on between your browser and the servers it is connecGng to.
Analyzing web traf0ic: Every Gme you navigate to a website, your browser sends out a Request for a parGcular URL. The web server will reply with a Response containing the page you asked for (or a not found 404 error if that document did not exist). This Request-Response workflow is known as a Web Session in Fiddler. Each Session is represented by a row in the Web Sessions List:
Fiddler uses standard columns (you can add more or customize your own) that display certain properGes for each Web Session: #: A number that sorts each Session by chronological order
Result: The HTTP response code indicaGng whether the server was able to fulfill the request or not.
Protocol: Fiddler only works for HTTP(S) and FTP protocols. Host: The website’s domain name.
URL: The full path of the URL requested.
Body: The size of the response Caching: Caching, as supported by client applicaGons.
Content-Type: As described, the type of content returned (html, JavaScript, image…)
Process: The client applicaGon making the request (i.e. Internet Explorer, Firefox, Adobe Reader, etc) Most people only use Fiddler to view web traffic or find which URLs are being requested and its simple interface does the job quite well. But there’s a whole new world beyond that if you are interested in learning more about the code that goes through your browser.
By default, Fiddler’s Tab secGon is on the right hand side and gives you more informaGon on each Web Session. We will focus on the Inspectors tab as it is the most relevant to our needs. When you highlight a parGcular Web Session, the Inspectors tab is divided into the Request at the top and the Response at the boDom.
Figure 3: The Request headers window The Request view (Figure 3) gives you informaGon about the client (through its User-Agent), its Request type (GET, POST, etc…) as well as other parameters such as compression (Encoding), cookies, etc.
还有如何在工具里模拟请求,包括抓取手机app的http请求包, 本来是要摘要一下然后翻译的, 不过因为最近实在是太忙....
References:
https://support.panopto.com/PDFView?id=kA039000000HEdZCAW