1. Preface
Today's rational understanding is mainly to explain and share Fiddler Some basic theoretical knowledge . In fact, there is nothing in this part , It's mainly about telling kids or children's shoes about some scenes in actual work , Then grandly launch our pig feet ( Lead )-Fiddler.
1.1 Work scenario
do app test , Have you ever had such an experience ?
1. Back end development colleagues are debugging and solving bug when , Always looking for you to hold your cell phone a little , Then he looks backstage to see if the data is abnormal .( One morning , Accidentally passed )
2. Front end development colleagues are debugging and solving bug when , I also asked you to help me create some data , So you worked hard to create a data , He clicked , The data is used up ,bug It's not solved . So I asked you to make data .( One afternoon , Another careless past )
3. Have you ever encountered such a situation , When you find a bug When submitted to front-end development , He said it was the problem of the data returned from the back end . So you find back-end development , He said it was the problem of front-end data submission , Let you find front-end development .( One night passed ,bug It's not solved ...)
At this time, please welcome our protagonist -Fiddler Start shining . He can solve all the above .
reminder : The whole process is dry 、 More content , It is suggested that novice friends can like it first + Collect and watch slowly !
2. brief introduction
In this network information age , Computer security is always a worrying problem , Network security is better than . Many computer Masters Frequent use Fiddler You can use this function as a proxy to grab the session and modify it to achieve your desired purpose .Fiddler Is a powerful and cross platform HTTP(S) Bag grabbing artifact , Don't take it to do bad things . Its English name is :Fiddler, Chinese name : The violin .Fiddler It's a HTTP Protocol debugging agent tool . It can record and check everything between your computer and the Internet HTTP、FTP、HTTPS Data packets of . By setting breakpoints , Users can also modify “ In and out ”Fiddler The data of . because Fiddler It has powerful data capture and modification functions , therefore Fiddler extensive use Web Penetration testing field .
Fiddler It's the most powerful and useful Web One of the debugging tools , It can record all client and server's http and https request . Allow you to monitor 、 To set breakpoints 、 Even modify input and output data .Fiddler Contains a powerful event script based subsystem , And can use .net Language extension . In other words , You are right about HTTP More understanding of the agreement , The more you can master Fiddler How to use . The more you use it Fiddler, The more it helps you understand HTTP agreement .Fiddler Whether for developers or testers , Are very useful tools .
Fiddler In order to web proxy Work in the form of a proxy server , It's also a http Protocol data capture and debugging agent tool , It can record and check the current connection between your computer and the Internet http news , That is to say, the data packets sent and received by the network transmission can be intercepted 、 retransmission 、 edit 、 Transfer and deposit, etc It can also be used to detect network security .
3. Grab the bag
Grab the bag (packet capture): Use specific tools to get the data packets sent and returned by the client and server . The purpose is to analyze the content and protocol of the packet , So as to judge whether it meets the design requirements . In fact, it is to intercept the data packets sent and received by network transmission 、 retransmission 、 edit 、 Transfer and deposit, etc , Also used to check Network security .
4. When do I need to grab a bag ?
1. Development wants you to reproduce bug, Intercept data , When positioning problems
2. One problem is the front end bug Or the back end bug When
3. Development requires you to do interface testing , But I don't give you the interface document --》 Method , Address of the interface , Pass parameters , Head , Return content
4. Without modifying any environment , Modify the returned results , That is to say mock--》 Analog interface
5. Why study Fiddler?
Brother Hong dissects for his friends or children's shoes from three angles :
5.1Fiddler Own advantages
1、 Powerful , It also has the functions of other workers , It also has functions that other tools do not have , Support http,https,ftp Such agreement ;
2、 Completely free , Long term free .
3、 All browsers can use , All platforms can be used . Just aim at these three points , It's worth having .
5.2 Comparison of similar products
except Fiddler What else can you grab ?
Caught tools :wireshark、fiddler、httpwatch、charles、chrome Developer tools (F12), Comparison of tools ,
Speaking of bag grabbing tools , Yes Fiddler、Charles、HttpWatch、WIRESHARK Known as 、 Unknown ...... Of course, there is no difference between strong and weak tools , It just depends on which scenario is more suitable !Fiddler Compared with the same type of packet capturing tools , As shown in the figure below :
As can be seen from the figure above : Why do we choose Fiddler Carry out the bag , Take a look at the comparison .
First, first Fiddler Its advantages , Independent operation , The second one supports mobile devices ( If you can grab and move APP My bag ,) In this area wireshark、httpwatch I don't support , Therefore, the previous one can be excluded in this section , Because sometimes when we do tests , In addition to the test web End , I'm going to test it, too app End , What we often do in the enterprise .
then Fiddler It's free. ,charles Is the charge . Of course, I know that everyone can show their magic power , When you do something bad , Remember to take your guilt with you .
Of course, the premise for you to choose this free tool is , It meets your needs , Can solve your problems , It's not that I'm just looking for a tool that can't solve my problem , This must not work , As for that, I want to use it here wireshark、httpwatch You can download and use it yourself , Today we mainly share Fiddler.( Software testing related installation package is required , You can click on the official account of WeChat public to receive information , Installation package , The tutorials are ready for you , free )
5.3 user
In the test , Whether doing manual tests , Or interface testing , We all need to check the data returned by the backend . sometimes , We also need to debug , perhaps mock Check the back-end return , To verify whether the front end meets expectations . To capture these requests , Bag grabbing tools are indispensable . Master some bag grabbing tools , It is convenient for us to test , debugging , To analyze problems .
Whether it's developing 、 Still in the testing phase ,“ Grab the bag ” It's all about positioning bug One of the main methods . Especially when you submit bug To the corresponding development students , without “ Hard evidence ”, They usually refuse to modify . Even proudly say to you “ You grab a bag and have a look , Is it a background or interface problem , If you have nothing to do, please mention it to me bug~”. This is the time ,Fiddler It can help you go back quickly ~ Of course , Hitting the face is not the goal , Help develop students' rapid and accurate positioning bug reason , Is king !
6.Fiddler What is it? ?
that Fiddler What is it ? What can I do ?
《 Dueniang classic 》 said :
Fiddler It's a http Protocol debugging agent tool , It can record and check everything between your computer and the Internet http Communications , To set breakpoints , View all “ In and out ”Fiddler The data of ( finger cookie,html,js,css Wait for the documents , All of these can make you modify the meaning of ). Fiddler It's simpler than other network debuggers , Because it's not just exposed http The newsletter also provides a user-friendly format .
6.1 The reason why brother Hong recommended
1. Simple installation and configuration , Quick start ( Don't talk about salted fish , Rookie metropolis ~); Powerful basic functions , It's a must for beginners ( It's not easy to use ~);
2. It can record all clients (PC Client and mobile client ) And server Http and Https request , Can be monitored 、 To set breakpoints 、 modify response and request, Simulate low-speed network environment , Can also use .net Framework language extension )
7.Fiddler Supported and unsupported features
Brother Hong often encounters some private messages or messages from friends or children's shoes, which are similar to :“ Macro brother , I can use Fiddler To complete XXX Do you ?Fiddler Applicable to many scenarios . however , For some scenes ,Fiddler It's not appropriate . In most cases , What people use is Fiddler A few functions of . The following will briefly explain Fiddler Applicable scenarios .
7.1Fiddler An incomplete list of supported functions
1. View almost all browsers 、 Between client applications or services web Data flow . Monitor all of our browsers http/https Information and traffic , That is, all requests or responses , All traffic can be monitored .
2. Modify any request or response manually or automatically . When the listener intercepts http After the request , You can do some checking Analyze the content details requested by the browser , You can forge some requests It's OK to forge a server's response !
3. Decrypt HTTPS Data flow for viewing and modifying
4. Archive captured data streams , Support loading these data on different computers
5. For client applications “ The playback (play back)” Previously captured responses , Even if the current server is offline .
6. most PC And various devices Web Debugging of data flow , Include Mac/Linux System 、 Smartphones and tablets .
7. Hang on to (chain to) Upstream proxy server , Include TOR The Internet (TOR It is a software project specially designed to prevent sniffing and analysis of traffic . It forwards communications through a distributed network of relays all over the world , It can realize anonymous access to the network .)
8. You can also test the performance of the website
9. Run as a reverse proxy , Without configuring the client computer or device , The data stream captured on the server .
10. overall situation 、 Local breakpoint function !
11. Third party plug-ins
7.2Fiddler Incomplete list of unsupported functions
Fiddler It is a very flexible and powerful tool , But some functions are not supported yet .
1. Debug non network protocol data flow
(1)Fiddler Support HTTP、HTTPS and FTP Data flow and related protocols , Such as HTML5 WebSockets and ICY flow .
(2)Fiddler Data based on other protocols cannot be monitored or modified , Such as SMTP、POP3、Telnet、IRC etc. .
2. Handle oversized requests and responses
(1) exceed 2GB Request ,Fiddler Unable to deal with
(2) exceed 2GB Response ,Fiddler Limited processing capacity
(3)Fiddler Use system memory and page files (pagefile) To save session data . Saving a large number of sessions or oversized requests and responses will lead to a sharp decline in performance .
3.“ magical ” Fix the mistakes of the website (bug)
(1)Fiddler It can be used to help identify network problems , But usually you can't fix these independently bug.
8.Fiddler Application scenarios
Fiddler The application scenarios are also very wide , The specific application scenario is as follows :
1. Interface debugging
2. The interface test
3. Online environment debugging
4.web Performance analysis
5. Before and after judgment bug
6. development environment hosts To configure
7.mock Simulation test
8. Weak network disconnection test
Need to know Fiddler As a system agent , All from Internet services http(Https) The request is on its way to the goal Web The server will pass before Fiddler, alike , be-all Http(Https) The response will also go through before returning to the client Fiddler.
9.Fiddler Deploy
9.1Fiddler The deployment environment
1. download Fiddler, Official download address :https://www.telerik.com/download/fiddler Fill in the email address and country Click on Download for windows You can download . As shown in the figure below :
2. install : Fool installation , Keep going , Until it's finished . After successful installation, the following interface will be displayed , As shown in the figure below :
9.2Fiddler to update
1.Fiddler When it starts , It will automatically query whether there is a new version . When a new version is found , There will be an update prompt . As shown in the figure below :
2. Click on “Yes” Button ,Fiddler The browser starts , Download the latest installer . When the download is complete , Close running Fiddler, Manually install the newly downloaded program . If I click on a “Next Time” Next time install this button , Next start up Fiddler when , It will automatically download and install the latest version . If you click “No”, The pop-up dialog box will close , No new version will be installed , Next start up Fiddler when , This prompt will pop up .
3.Fiddler Prompt update , Fool update , Keep going , Until it's finished . If the update is successful, the following interface will be displayed , As shown in the figure below :
9.3Fiddler sign out
Some friends may feel that there is no need to introduce Fiddler sign out , It's so simple that I just shut down and quit , But sometimes your exit operation is an abnormal exit operation , This will cause a series of problems . When Fiddler It works as a proxy server , Default ip The address is 127.0.0.1:8888, If Fiddler Abnormal exit , Then the port will still be occupied , Cause other web pages to fail , So everyone quit Fiddler When , To click File, Click on Exit, The normal exit Fiddler, Instead of directly clicking the cross in the upper right corner to close . As shown in the figure below :
9.4Fiddler uninstall
You can use “ add to / Delete ” To uninstall Fiddler. After uninstalling , The system will not be cleaned up , Therefore, uninstallation cannot solve the configuration problem .
10.Fiddler working principle
Introducing fiddler Before using the method , I'd like to introduce fiddler principle , After understanding the principle , It will be more handy to use .
Fiddler It's between the client and the server HTTP agent , It can record everything between the client and the server HTTP(S) request , It can be specific HTTP(S) request , Analyze the data transmitted over the network , You can also set breakpoints 、 Modify the requested data and the data returned by the server .
Fiddler Establish a proxy server between the client and the server ,Fiddler The application layer working in the seven layers , Able to capture through HTTP(S) request .Fiddler After startup, the proxy server will be set up automatically , The default port is 8888.Fiddler Not only can you record PC Web request data on Browser , You can also record... Of other devices in the same network HTTP(S) Request data . The data transmission process is roughly shown in the figure below :
As can be seen from the figure above ,Fiddler Use proxy mode , Let the client send all data streams to it , Then from fiddler Forward to target server, The goal is server Send a packet back to fiddler, Again by fiddler Forward to the client . So whether it's Request still Respone The packets have passed fiddler,fiddler Can intercept and analyze . It is his structural advantage , It has powerful functions that other tools cannot do , It is not only to support these IE, Chrome, Safari, and Opera Browser capture , It also supports some clients http(s) Grab the bag , The premise is that these client Support http Agent configuration .
10.1 The illustration
1) The client sends to the server HTTP(S) When asked , The request will go through the agent first Fiddler proxy server .
2) Fiddler The proxy server intercepts the request message from the client , Then forward to the server , Before forwarding, you can do some operations to modify the parameters of the message .
3) The server returns the response message after processing the request ,Fiddler The proxy server will intercept the server's response message .
4) Fiddler After processing the response message, it is returned to the client .
Fiddler The principle is simply to rewrite HTTP The agent then sends the network data from Fiddler This way through In this way, we can monitor and intercept the network information data . When you open Fiddler When , The browser proxy has been set up . When you close , It will automatically help you restore the agent . What's more clear here is The browser defaults to our system agent , In fact, the agent here listens Is in the There is a gap between request and response , Give Way fiddler Become a system agent .
1. After you install Fiddler After the start , And you can open... In the menu bar Tools--->options--->Connections , As shown in the figure below :
2. You can see from the above picture that : There is a sentence. Act as system proxy on startup It means ( Act as a system agent at startup ), And the default listening port is set to 8888.Fiddler It's a middle proxy( proxy server ), As shown in the figure below :
3. Check whether your computer system is starting Fiddler after , Opened the agent , As shown in the figure below :
4. When normal exit fiddler When , If you check the system again and manually set the proxy option, it will be cleared and closed , As shown in the figure below :
11. Summary
Be careful : This Fiddler Tools are based on .NET Framework Of , because Fiddler yes c# Developed , If it's older windows The system should ensure the operating environment !️Fiddler The installation method of is also very simple After getting the installation package , Choose the installation path directly or No brain, the next step is OK !️
Fiddler Acting as agent WEB Working as a server , Browser and server through the establishment of TCP Connect with HTTP Protocol to communicate , The browser sends it by default HTTP Request to server , Local use proxy address :127.0.0.1, port :8888. And when Fiddler When enabled, the system agent will be automatically set , When it exits normally, it will automatically log off the agent , So it doesn't affect other programs . But if Fiddler Abnormal exit , This may be because Fiddler No automatic logout , It will make the web page inaccessible .
The solution is to restart Fiddler, Then exit normally , This is also installed by many novices Fiddler Then one of the reasons why some networks are inaccessible .