[.NET]Fiddler Core实现HTTP HTTPS抓包分析数据篡改全局监听

最新推荐文章于 2024-06-23 03:07:44 发布

xxxvxxv

最新推荐文章于 2024-06-23 03:07:44 发布

阅读量5.5k

点赞数 3

文章标签： FiddlerCore4 Fiddler 抓包分析数据篡改 HTTPS监听

本文链接：https://blog.csdn.net/xxxvxxv/article/details/85259712

版权

附C# VB.NET互转工具 https://download.csdn.net/download/xxxvxxv/10877188
附FiddlerCore4.dll
https://download.csdn.net/download/xxxvxxv/10877493

Imports System.Text
Imports Fiddler
Imports System.Threading

''' <summary>
''' 全局侦听HTTP HTTPS事件
''' </summary>
''' <remark>
''' 需要下载Fiddler core https://www.telerik.com/purchase/fiddlercore
''' 引用 FiddlerCore4.dll
''' https://blog.csdn.net/ruxie8527/article/details/77880133
''' https://blog.csdn.net/zhang116868/article/details/49406599
''' 包括三个方法，每个过程均可搞点事情
''' BeforeRequest               可以篡改请求的参数 如截获请求Cookie
''' BeforeResponse              可以篡改返回的数据
''' AfterSessionComplete        相当于抓包分析
''' </remark>

Class C_Fiddler
    Friend FidderStatus As Boolean                      ' Fiddler开关状态-只读
    Friend RTBox As New RichTextBox                     ' 输出的RichTextbox 可选
    Friend Response As New List(Of String)              ' 返回字符串list
    Private CaptureConfiguration As New CaptureConfig       ' 过滤设置

#Region "开关"
    ''' <summary>
    ''' 关闭Fiddler 不关闭会提示代理服务器异常
    ''' </summary>
    Public Sub FiddlerClose()
        RemoveHandler FiddlerApplication.BeforeRequest, AddressOf FiddlerApplication_BeforeRequest
        RemoveHandler FiddlerApplication.BeforeResponse, AddressOf FiddlerApplication_BeforeResponse
        RemoveHandler FiddlerApplication.AfterSessionComplete, AddressOf FiddlerApplication_AfterSessionComplete

        Application.DoEvents()
        Do
            If FiddlerApplication.IsStarted() Then
                FiddlerApplication.Shutdown()
                FidderStatus = 0
            End If
        Loop While FidderStatus = 1
        Echo("已停止")
    End Sub

    ''' <summary>
    ''' 打开监听
    ''' </summary>
    ''' <param name="CaptureUrl">需要监听的url list</param>
    Public Sub FiddlerOpen(Optional ByVal CaptureUrl As List(Of String) = Nothing)
        CaptureConfiguration.captureUrl = CaptureUrl
        'AddHandler FiddlerApplication.BeforeRequest, AddressOf FiddlerApplication_BeforeRequest
        'AddHandler FiddlerApplication.BeforeResponse, AddressOf FiddlerApplication_BeforeResponse
        AddHandler FiddlerApplication.AfterSessionComplete, AddressOf FiddlerApplication_AfterSessionComplete
        If FidderStatus = 1 Then FiddlerClose()

        ' 端口8987(可以自己定义),是否使用windows系统代理（如果为true，系统所有的http访问都会使用该代理）
        FiddlerApplication.Startup(8987, True, True, True)
        FidderStatus = 1
        Echo("启动成功")
    End Sub
#End Region

#Region "内部方法"
    ''' <summary>
    '''  请求之前 篡改发送的数据
    ''' </summary>
    ''' <param name="oS">os中含有需要的信息</param>
    Private Sub FiddlerApplication_BeforeRequest(oS As Session)
        If CaptureConfigSet(oS) = False Then Return         ' 过滤
        Return
        ' 为了能篡改，必须使用缓冲模式，这样FiddlerCore才允许修改
        ' 在BeforeResponse处理程序中的反应，而不是流

        Dim oAllSessions As New List(Of Fiddler.Session)()
        oS.bBufferResponse = True
        Monitor.Enter(oAllSessions)
        oAllSessions.Add(oS)
        Monitor.[Exit](oAllSessions)
        oS("X-AutoAuth") = "(default)"


        oS.utilCreateResponseAndBypassServer()
        oS.oResponse.headers.SetStatus(200, "Ok")
        Dim Str As String = oS.GetResponseBodyAsString
        oS.utilSetResponseBody(Str + "aaaaaaaaaaaaaaaaaaaaa")

        oS.utilCreateResponseAndBypassServer()
        oS.oResponse.headers.SetStatus(200, "Ok")
        oS.oResponse("Content-Type") = "text/html; charset=UTF-8"
        oS.oResponse("Cache-Control") = "private, max-age=0"

    End Sub

    ''' <summary>
    ''' 发送请求后 收到请求前,可以篡改返回的数据
    ''' </summary>
    ''' <param name="oS"></param>
    Private Sub FiddlerApplication_BeforeResponse(oS As Session)
        If CaptureConfigSet(oS) = False Then Return         ' 过滤
        Return
        ' 返回的数据 oS.GetResponseBodyAsString()
        ' 执行篡改    
        ' oS.utilReplaceInResponse("1.欢迎使用！", "aaaaaaaaaaaaaaaaaaaaaa");
        ' oS.utilDecodeResponse()
    End Sub

    ''' <summary>
    ''' 请求完成后返回数据
    ''' </summary>
    ''' <param name="oS"></param>
    Private Sub FiddlerApplication_AfterSessionComplete(oS As Session)
        If CaptureConfigSet(oS) = False Then Return         ' 过滤

        Dim reqheaders As String = oS.oRequest.headers.ToString()
        Dim reqBody As String = Encoding.UTF8.GetString(oS.RequestBody)

        Dim respHeaders As String = oS.oResponse.headers.ToString()
        Dim respBody As String = Encoding.UTF8.GetString(oS.ResponseBody)

        Response = New List(Of String)
        If reqheaders Is Nothing Then reqheaders = ""
        If respHeaders Is Nothing Then respHeaders = ""

        Response.Add(oS.fullUrl & vbCrLf)
        Response.Add(reqheaders & vbCrLf)
        Response.Add(respHeaders & vbCrLf)
        Response.Add(respBody & vbCrLf)

        ' 打印结果到UI
        Dim output As String = oS.fullUrl & vbCrLf & vbCrLf & reqheaders & vbCrLf & vbCrLf & respHeaders & vbCrLf & "-----------------------------------" & vbCrLf
        Echo(output)
    End Sub
#End Region

#Region "其他"
    Private Function CaptureConfigSet(ByVal oS As Session) As Boolean
        If oS Is Nothing Then Return False
        If oS.RequestMethod = "CONNECT" Then Return False

        CaptureConfiguration.IgnoreResources = True     ' 忽略图片资源文件
        CaptureConfiguration.ProcessId = 0              ' 指定进程ID
        CaptureConfiguration.CaptureDomain = ""         ' 指定HOST

        If CaptureConfiguration.ProcessId > 0 Then
            If oS.LocalProcessID <> 0 AndAlso oS.LocalProcessID <> CaptureConfiguration.ProcessId Then
                Return False
            End If
        End If

        If Not String.IsNullOrEmpty(CaptureConfiguration.CaptureDomain) Then
            If oS.hostname.ToLower() <> CaptureConfiguration.CaptureDomain.Trim().ToLower() Then
                Return False
            End If
        End If

        If CaptureConfiguration.IgnoreResources Then
            Dim url As String = oS.fullUrl.ToLower()
            ' 排除文件后缀名为。。。的资源文件
            Dim extensions As New List(Of String) From {".jpg", ".png", ".jpeg", ".css", ".zip", ".rar", ".7z", ".exe"}
            For Each ext In extensions
                If url.Contains(ext) Then Return False
            Next
        End If

        If CaptureConfiguration.captureUrl.Count > 0 Then
            For Each surl In CaptureConfiguration.captureUrl
                If surl <> oS.fullUrl Then
                    Return False
                Else
                    Return True
                End If
            Next
        End If
        Return True
    End Function


    Private Structure CaptureConfig
        Dim IgnoreResources As Boolean      ' 是否忽略图片资源文件
        Dim ProcessId As Integer            ' 指定进程ID
        Dim CaptureDomain As String         ' 指定HOST
        Dim captureUrl As List(Of String)   ' 指定url
    End Structure
#End Region

#Region "UI输出"
    Public Sub Echo(ByVal ErrorMsg As String)
        Try
            RTBox.Invoke(New EventHandler(AddressOf RTref), ErrorMsg)
        Catch ex As Exception
        End Try
    End Sub

    Private Sub RTref(ByVal sender As System.Object, ByVal e As System.EventArgs)
        Try
            If sender.ToString.ToLower.Contains("error") Then
                RTBox.SelectionColor = Color.Red
            Else
                RTBox.SelectionColor = Color.Black
            End If
            RTBox.AppendText(sender.ToString & vbCrLf)
            RTBox.ScrollToCaret()
        Catch ex As Exception
            MsgBox(ex.Message, vbInformation)
        End Try
    End Sub
#End Region
End Class