Android利用Fiddler进行网络数据抓包,手机抓包工具汇总,使用mono运行filddler

Fiddler抓包工具

Fiddler抓包工具很好用的,它可以干嘛用呢,举个简单例子,当你浏览网页时,网页中有段视频非常好,但网站又不提供下载,用迅雷下载你又找不到下载地址,这个时候,Fiddler抓包工具就派上用场了,它会记录你发送的每条请求记录,包括每条请求中包含的表单数据,截图示例如下:

Android利用Fiddler进行网络数据抓包,手机抓包工具汇总,使用mono运行filddler

左边是请求的url链接,右边是每个链接请求工程中的一些信息数据,从这里我们可以看到data中的数据。有了它,我们就不需要用F12了。

 
分类: 爬虫
 
 
 
 

Android利用Fiddler进行网络数据抓包

主要介绍Android及IPhone手机上如何利用Fiddler进行网络数据抓包,比如我们想抓某个应用(微博、微信、墨迹天气)的网络通信请求就可以利用这个方法。

Mac 下请使用 Charles 代替 Fiddler。

相对于tcpdump配合wireshark抓包的优势在于:(1)无需root (2)对Android和Iphone同样适用 (3)操作更简单方便(第一次安装配置,第二次只需设置代理即可) (4)数据包的查看更清晰易懂,Fiddler的UI更简单明了 (5) 可以查看https请求。如果你坚持使用tcpdump也可见:利用tcpdump和wireshark抓取网络数据包

PS:需要1台PC做辅助,且PC需要与手机在同一局域网内或有独立公网ip
1、PC端安装Fiddler
下载地址:Fiddler.exe,下面是Fiddler的简单介绍(不感兴趣的可以直接跳过):
Fiddler是强大且好用的Web调试工具之一,它能记录客户端和服务器的http和https请求,允许你监视,设置断点,甚至修改输入输出数据,Fiddler包含了一个强大的基于事件脚本的子系统,并且能使用.net语言进行扩展,在web开发和调优中经常配合firebug使用。
Fiddler的运行机制其实就是本机上监听8888端口的HTTP代理。 对于PC端Fiddler启动的时候默认IE的代理设为了127.0.0.1:8888,而其他浏览器是需要手动设置的,所以如果需要监听PC端Chrome网络请求,将其代理改为127.0.0.1:8888就可以监听数据了,手机端按照下面的设置即可完成整个系统的http代理。

2、 配置PC端Fiddler和手机
(1) 配置Fiddler允许监听https
打开Fiddler菜单项Tools->Fiddler Options,选中decrypt https traffic和ignore server certificate errors两项,如下图:
Android利用Fiddler进行网络数据抓包,手机抓包工具汇总,使用mono运行filddler
第一次会提示是否信任fiddler证书及安全提醒,选择yes,之后也可以在系统的证书管理中进行管理。

(2) 配置Fiddler允许远程连接
如上图的菜单中点击connections,选中allow remote computers to connect,默认监听端口为8888,若被占用也可以设置,配置好后需要重启Fiddler,如下图:
Android利用Fiddler进行网络数据抓包,手机抓包工具汇总,使用mono运行filddler

(3) 配置手机端
Pc端命令行ipconfig查看Fiddler所在机器ip,本机ip为10.0.4.37,如下图
Android利用Fiddler进行网络数据抓包,手机抓包工具汇总,使用mono运行filddler
打开手机连接到同一局域网的wifi,并修改该wifi网络详情(长按wifi选择->修改网络)->显示高级选项,选择手动代理设置,主机名填写Fiddler所在机器ip,端口填写Fiddler端口,默认8888,如下图:
Android利用Fiddler进行网络数据抓包,手机抓包工具汇总,使用mono运行filddler

这时,手机上的网络访问在Fiddler就可以查看了,如下图微博和微信的网络请求:
Android利用Fiddler进行网络数据抓包,手机抓包工具汇总,使用mono运行filddler
可以双击上图某一行网络请求,右侧会显示具体请求内容(Request Header)和返回内容(Response Header and Content),如下图:
Android利用Fiddler进行网络数据抓包,手机抓包工具汇总,使用mono运行filddler
可以发现Fiddler可以以各种格式查看网络请求返回的数据,包括Header, TextView(文字), ImageView(图片), HexView(十六进制),WebView(网页形式), Auth(Proxy-Authenticate Header), Caching(Header cache), Cookies, Raw(原数据格式), JSON(json格式), XML(xml格式)很是方便。

停止网络监控的话去掉wifi的代理设置即可,否则Fiddler退出后手机就上不网了哦。

如果需要恢复手机无密码状态,Android端之后可以通过系统设置-安全-受信任的凭据-用户,点击证书进行删除或清除凭据删除所有用户证书,再设置密码为无。

如果只需要监控一个软件,可结合系统流量监控,关闭其他应用网络访问的权限。

VPNService

如果有更复杂的需求,当然还是 Fiddler / Charles 比较好

kotlin大法好 看来是到学习的时候了

使用 tPacketCapture [0] ,无需 root,可以保存下 pcap 格式的流量捕获,然后在电脑上打开分析。

Packet Capture 功能更强些,

第一种 Fiddler
利用 Fiddler 抓包,适合大多数走代理的应用,优点 (1) 无需 root (2) 对 Android 和 Iphone 同样适用 (3) 操作更简单方便(第一次安装配置,第二次只需设置代理即可) (4) 数据包的查看更清晰易懂,Fiddler 的 UI 更简单明了 。可见
Fiddler无疑是最好的抓包软件,在windowsphone,安卓,IOS上完美抓包,无需安装软件和root,只需要一个代理IP就能抓包(安装证书后能抓取https数据),还能断点和修改Request和Respons数据,对于一个程序员来说,Fiddler是在PC和手机端最好用的抓包软件,也是功能最强大的抓包软件。

第二种 Tcpdump
对于不走代理的 App 可以利用 tcpdump 抓取 andorid 手机上网络数据请求,利用 Wireshark 查看,可见:如何利用Tcpdump抓取andorid网络数据请求,Wireshark查看

windows下也可以使用charles

电脑上安装个Charles,然后在Android手机上设置下代理,就可以在Charles上监听到了。想看https的请求就稍微麻烦一些些,手机上得先安装下证书,

协议+目标地址,或者仅仅目标地址都可以,wireshark过滤规则很强大的

先下载安装wireshark和360Wi-Fi,用360Wi-Fi建立热点,手机无线连接这个热点,然后用wireshark抓取流量包。

kali, Burpsuite

mac 上面使用charles
Windows上使用fiddler
服务器上可以使用mitmproxy
以上三者都可以做到https的解析

wifikill,能够抓整个局域网的包,不过完整版要收费. 路由器没开 AP 隔离的情况下只要网卡设为 Promiscuous 模式(某些系统需要 root 权限,以及驱动程序支持)就可以抓到当前局域网所有传输的数据,对任何设备都如此。

如果知道对方目标服务器的域名,直接修改host + wireshark非常好用。如果是http服务,那么host + mitmproxy。
对于走3g的数据也可以这么处理,只是需要一台公网ip的服务器。

使用 tPacketCapture,
无需 root,可以保存下 pcap 格式的流量捕获,然后在电脑上打开分析。 它的原理是建立一个虚拟的 VPN 连接,
让所有的流量都通过它。
因此它捕获不到二层的信息,但这对于基本参考需求来说已经足够了。
说一个不用电脑开热点,手机不用root的在电脑上抓手机所有流量的方法:
手机连接无线路由器,把网关修改成同路由器电脑的IP;在电脑上打开路由转发功能: echo 1 > /proc/sys/net/ipv4/ip_forward
就可以用电脑上的wireshark或者其他软件抓包了。

ps:电脑得是linux类操作系统。windows的我知道怎么打开那个功能。

买个路由器,刷个openwrt,装tcpdump,
随便抓

 
 
以前做过Android 手机抓包,分享一下,方法一:首先得有无线网卡,大家都用过电脑给手机做热点把,用批命令创建wifi热点,会新建一个无线网卡出来,再用wireshark或其他工具对wifi热点的那个无线网卡进行监听,就可以啦~我认为这是最简单对我了
 

无论是在windows操作系统下还是在linux操作系统下,要想捕获网络上的数据包,必须要对网卡进行控制,因为本机的数据报从网络上来到本机是通过网卡然后再保存到本地缓冲区上的,所以要抓获网包就必须调用网卡驱动中的对外函数,在linux系统中有net.h文件,可以调用net.h文件中的函数来操作网卡,可以直接编程实现,但为了更方便的使用,可以安装一个叫libpcap的软件,这样调用函数更好用,www .ijiami .cn

而在windows系统中,因为源代码不对外公开,所以要安装一个叫winpcap的软件,这样用C或VC++

就可以实现了,但因为我用的是java语言来实现的,所以无论是在哪个系统都要安装一个叫jpcap

的软件,它本身就把底层的函数又封装了一下,这样就可以让java来使用了。

bitshatk

botbrew

the Fiddler Alpha for Mono.

Fiddler for Mono

Current Linux build: 4.4.8.4 Built: June 13 2014
Old Linux build: 4.4.5.2 Built: August 28th 2013

Please report any issues (especially blockers) you discover to fiddler@telerik.com. Please be sure to include your OS, Mono, and Fiddler version information.

We've run this code (more or less) successfully on Ubuntu 12+, Linux Mint 15+, and OSX 10.8+.

FiddlerCore for Mono

Mono FiddlerCore 4.4.5.3 Built: Sept 13 2013

Note: FiddlerCore for Mono does not automatically change the system proxy settings for Mac or Linux. Your application's code will need to do this itself. You can look at the Proxy Configuration section below for details on how you might go about doing this.


MONO CONFIGURATION

Fiddler requires that you have the latest Mono package installed for your platform of choice. That means 3.1.2 for OSX or 2.10.8 for Linux.

On Mac: Visit http://www.mono-project.com/download/ and install the MRE package.

On Linux, if you run

sudo apt-get install mono-complete

You'll probably get everything you need.

If you want to install Mono piecemeal, beyond the base Mono, you must install the Winforms packages.

For Ubuntu 13 / Linux Mint 15 / Elementary OS Luna, run:

sudo apt-get install mono-winforms*

For Ubuntu 12.04, run:

sudo apt-get install libmono-system-windows-forms4.0-cil
sudo apt-get install libmono-windowsbase4.0-cil

Some places in Fiddler use a URLDecode function from System.Web; this will be removed in the future, but for now, consider running

sudo apt-get install libmono-system-web4.0-cil

NEW MonoFiddler v4.4.8.3 includes a new FiddlerScript engine (based on C#). That means you'll also now need

sudo apt-get install mono-mcs


Launching Fiddler on Linux

From the console, run

mono Fiddler.exe


PROXY CONFIGURATION

SYSTEM PROXY CONFIGURATION

When Fiddler starts or "attaches" as the system proxy, it runs {bash attach.script} which contains calls to the {gsettings} command to point the system proxy at Fiddler. When Fiddler closes or "detaches" as the system proxy, it runs {bash detach.script} which uses {gsettings} to disable the system proxy. If you don't like this, or want something else to happen, simply edit that script file.

Using Config scripts for MacOSX
The {attach.script} and {detach.script} set the proxy only for HTTP, not HTTPS. If you want to capture HTTPS traffic, you will need to update the scripts as follows:

attach.script should contain:
networksetup -setwebproxy Wi-Fi 127.0.0.1 8888
networksetup -setsecurewebproxy Wi-Fi 127.0.0.1 8888

detach.script should contain:
networksetup -setwebproxystate Wi-Fi off
networksetup -setsecurewebproxystate Wi-Fi off

Note: If you want to configure Fiddler to watch for traffic on a different adapter, you will need to change the *Wi-Fi* token to the name of the adapter.

Using Config scripts for Linux
Both Firefox and Chromium running on Mint and Ubuntu respect the "system proxy setting."

For Firefox, you must manually choose Edit > Preferences > Advanced > Network > Settings and select *Use System Proxy*. Chromium uses this proxy by default.

Manual Proxy Configuration for Firefox
Click Edit > Preferences > Advanced > Network > Settings and choose "Manual Proxy Configuration", Proxy 127.0.0.1, Port 8888, and tick the "Use this proxy server for all protocols" box.

Manual Proxy Configuration for Chromium
Set your shortcut to launch Chromium like so:

/usr/bin/chromium-browser %U —proxy-server=http=127.0.0.1:8888;https=127.0.0.1:8888


HTTPS CONFIGURATION

Validating Server Certificates
To enable Fiddler/Mono to validate that remote certificates chain to a "legitimate" root, use mozroots to import the set of root certificates vetted/trusted by Mozilla.

From the console, run:

mozroots —import —sync

Note: mozroots can be installed by running sudo apt-get install mono-runtime. See also: mozroots man page.

Alternatively, you can disable certificate validation using the checkbox inside Fiddler's Tools > Fiddler Options > HTTPS tab.

TLS Version
If all HTTPS connections to Fiddler fail in Firefox with a "The connection was interrupted" message in Firefox and a note about "Unsupported security protocol" in Fiddler's Log tab, you may need to navigate to about:config inside Firefox and edit the security.tls.version.max preference. Set it to 1. This is a bug in older versions of Mono (e.g. 3.x); if you install Mono 4.0.5 directly from Xamarin, this problem will go away.

Trusting Fiddler's Certificate
If you enable HTTPS decryption in Fiddler, you must configure your browser to trust Fiddler's root certificate.

In Fiddler, click Tools > Fiddler Options > HTTPS and click the "Export Root certificate to desktop" button.

Trusting the Root in Firefox
Click Edit > Preferences > Advanced > Encryption > View Certificates. Click the Authorities tab. Click the Import button. Select the FiddlerRoot.cer file from your desktop. Tick the "Trust this CA to identify websites" box and click Ok.

Trusting the Root in Chromium
Navigate to chrome://settings/ and click the "Show advanced settings…" link. In the HTTPS/SSL section, click the "Manage certificates…" button. Click the Authorities tab. Click the Import button. Select the FiddlerRoot.cer file from your desktop (use the "All files" view in the File Picker dialog). Tick the "Trust this CA to identify websites" box and click Ok.


Notable Bugs

  1. Deleting multiple sessions at once in the Web Sessions list may crash Fiddler. Likely a Mono WinForms issue: https://bugzilla.novell.com/show_bug.cgi?id=684773 Should be fixed now

Troubleshooting

If Fiddler does not start properly, please try running it with tracing enabled: mono —trace=all Fiddler.exe and then email the output to us so we can have a look.


Limitations

  1. NEW FiddlerScript added to build 4.4.8.3 FiddlerScript is not available. It (or more likely, a variant based on C#) may arrive in a future build.
  2. Remote Certificate processing on HTTPS connections seems a bit wonky; Mono *always* throws RemoteCertificateNotAvailable exception but this seems to be a false positive. You can disable certificate validation if you like.
  3. Automatic Proxy chaining not yet supported; Fiddler currently overwrites system proxy settings without looking at them first or restoring them later. Will be fixed later. You can set the upstream proxy manually inside Tools > Fiddler Options > Gateway.
  4. WPAD and Proxy Configuration scripts are not supported for upstream gateways.
  5. X-AutoAuth and other techniques based on Windows Authentication probably do not work. Channel-Binding-Tokens definitely won't work.
  6. On Mac, Mono (and thus Fiddler) runs in 32bit only.

TODO List

List of upcoming work for MonoFiddler MonoTodo


Outdated notes:

  1. Note: Mono 3.10 was broken by Bug #23553 which prevents Fiddler from launching on Mac.

Mac Note: The WinForms framework on Mac is almost unusably buggy. Your best bet is to run Fiddler inside a Linux or Windows Virtual Machine and point the Mac's proxy settings at that.

Mac Note: To avoid OSX Gatekeeper's security block, you will need to launch the Mac version by holding the Control key while clicking on the application icon, and choosing Open on the menu. If the splashscreen/window does not appear, try CMD+Tabbing to flip between windows and/or close one or more Finder windows.

上一篇:LTM设备上ping不通网关


下一篇:安卓开发环境配置之Windows+ADT+eclipse