1、什么是Fiddler?
Fiddler是一个http协议调试代理工具,它能够记录并检查所有你的电脑和互联网之间的http通讯,设置断点,查看所有的“进出”Fiddler的数据(指cookie,html,js,css等文件)。
Fiddler 要比其他的网络调试器要更加简单,因为它不仅仅暴露http通讯还提供了一个用户友好的格式。同类的工具有: httpwatch, firebug, wireshark。
Fiddler使用,参考:https://www.cnblogs.com/miantest/p/7289694.html
Fiddler下载:https://www.telerik.com/fiddler
傻瓜式安装,一键到底。
2、手机APP抓包设置
2.1 、Fiddler设置
打开Fiddler软件,打开工具的设置。(Fiddler软件菜单栏:Tools->Options)
在HTTPS中设置如下:
在Connections中设置如下,这里使用默认8888端口,当然也可以自己更改,但是注意不要与已经使用的端口冲突:
载后在手机里打开,命名。安装
局域网设置
使用Fiddler进行手机抓包,首先要确保手机和电脑的网络在一个内网中,可以使用让电脑和手机都连接同一个路由器。当然,也可以让电脑开放WIFI热点,手机连入。
这里,我使用的方法是,让手机和电脑同时连入一个路由器中。最后,让手机使用电脑的代理IP进行上网。
首先,查看电脑的IP地址,在cmd中使用命令ipconfig查看电脑IP地址。找到无线局域网WLAN的IPv4地址,记下此地址。
在手机上,点击连接的WIFI进行网络修改,添加代理。进行手动设置,主机名即为上图中找到的IP地址,端口号即为Fiddler设置中的端口号8888:
2.2 、安全证书下载
在手机浏览器中输入地址:http://localhost:8888/,点击FiddlerRoot certificate,下载安全证书:
2.3、 安全证书安装
以华为手机为例:
在手机设置--->高级设置-->安全---->显示受信任的CA证书--->用户
安装成功后,显示如下:
3、Fiddler手机抓包测试
上述步骤都设置完成之后,用手机打开今日头条app,截图如下:
我们再来看fidder抓取的数据情况:
可以复制url和head内容
GET http://cards.iqiyi.com/views_search/3.0/search?card_v=3.0&scrn_res=1080,1788&keyword=%E5%8E%A6%E9%97%A8%E8%A7%86%E9%A2%91%E5%A4%B4%E6%9D%A1&source=suggest&qr=0&mode=1&duration_level=0&publish_date=0&bitrate=0&need_qc=0&s_sr=1&from_rpage=qy_home&origin=0&psp_vip=0&s_token=main%23%E5%8E%A6%E9%97%A8%E8%A7%86%E9%A2%91&app_k=3179f25bc69e815ad828327ccf10c539&app_v=10.3.5&platform_id=10&dev_os=7.0&dev_ua=HUAWEI+CAZ-AL10&net_sts=1&qyid=864590038380239&cupid_v=3.35.002&psp_uid=1732414636&psp_cki=03RdTbm2uf4Km2X6Mvs1lAVDAg4l6om2Uf0HWm32122YH5VCFgxKvr4m2UFiOwCwBuvlcCu9c&imei=c0497fcececef4b5a2a4f4156d6fd726&aid=47628a3804ad50be&mac=14:5F:94:B3:E0:AD&scrn_scale=3&secure_p=GPhone&secure_v=1&core=1&api_v=8.8&profile=%7B%22group%22%3A%221%2C2%22%2C%22counter%22%3A2%7D&province_id=2007&service_filter=&service_sort=&layout_v=44.115&device_type=0&cupid_uid=864590038380239&psp_status=1&app_gv=&gps=116.373202,39.962811&bdgps=116.385157,39.970314&lang=zh_CN&app_lm=cn&req_times=0&req_sn=1556011726525 HTTP/1.1 qyid: 864590038380239_47628a3804ad50be_14Z5FZ94ZB3ZE0ZAD Connection: Keep-Alive t: 512025323 sign: 04876862c652470b54dd1add698631d5
4、python代码测试
有了上面这些信息就可以写代码了
# -*- coding: UTF-8 -*-
import requests
from urllib import request
import time
from selenium.webdriver.chrome.options import Options
from selenium import webdriver
from pyquery import PyQuery as pq
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
import json
class app_data:
def __init__(self):
self.headers = {‘Accept-Charset‘: ‘UTF-8‘,
‘X-Requested-With‘: ‘XMLHttpRequest‘,
‘Host‘: ‘lf-hl.snssdk.com‘,
‘Connection‘: ‘Keep-Alive‘,
‘Accept-Encoding‘: ‘gzip‘,
‘X-SS-REQ-TICKET‘: ‘1544235590880‘,
‘sdk-version‘: ‘1‘,
‘User-Agent‘: ‘Dalvik/2.1.0 (Linux; U; Android 7.0; HUAWEI CAZ-AL10 Build/HUAWEICAZ-AL10) NewsArticle/7.0.1 cronet/TTNetVersion:pre_blink_merge-277498-gd2bb364e 2018-08-24‘,
‘X-SS-TC‘: ‘0‘
}
self.headers2 = {
‘Accept‘: ‘*/*‘,
‘Accept-Encoding‘: ‘gzip,deflate‘,
‘Accept-Language‘: ‘zh-CN,en-US;q=0.8‘,
‘User-Agent‘: ‘Mozilla/5.0 (Linux; Android 7.0; HUAWEI CAZ-AL10 Build/HUAWEICAZ-AL10; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 JsSdk/2 NewsArticle/7.0.1 NetType/wifi‘,
‘X-Requested-With‘: ‘com.ss.android.article.news‘
}
def catch_app_data(self,link):
if not link:
link=self.heros_url1
req = requests.get(url=link, headers=self.headers,verify=False).json()
data = req.get("data")
name = data.get("name")
print(‘账号:‘, name)
verified_content = data.get("verified_content")
print(‘认证:‘, verified_content)
area = data.get("area")
print(‘位置:‘, area)
description = data.get("description")
print(‘简介:‘, description)
user_id = data.get("user_id")
print(‘user_id:‘, user_id)
def cat_app_list(self,keyword=‘中餐厅‘):
url = ‘https://lf-hl.snssdk.com/api/search/content/?from=search_tab‘ ‘&keyword=‘+keyword+‘‘ ‘&cur_tab_title=search_tab‘ ‘&plugin_enable=3‘ ‘&iid=53115531269‘ ‘&device_id=52727404130‘ ‘&ac=wifi‘ ‘&channel=huawei&aid=13‘ ‘&app_name=news_article‘ ‘&version_code=701‘ ‘&version_name=7.0.1‘ ‘&device_platform=android‘ ‘&ab_group=94567‘ ‘%252C102749%252C181430‘ ‘&abflag=3‘ ‘&device_type=HUAWEI%2BCAZ-AL10‘ ‘&device_brand=HUAWEI‘ ‘&language=zh‘ ‘&os_api=24‘ ‘&os_version=7.0‘ ‘&uuid=864590038380239‘ ‘&openudid=47628a3804ad50be‘ ‘&manifest_version_code=701‘ ‘&resolution=1080*1788‘ ‘&dpi=480‘ ‘&update_version_code=70108‘ ‘&_rticket=1544497762334‘ ‘&fp=DrT_L2w1cST5FlT_F2U1FYK7FrxO‘ ‘&tma_jssdk_version=1.5.4.2‘ ‘&rom_version=emotionui_5.0.4_caz-al10c00b386‘ ‘&plugin=26958&search_sug=1‘ ‘&forum=1&count=10‘ ‘&format=json‘ ‘&source=input‘ ‘&pd=synthesis‘ ‘&keyword_type=‘ ‘&action_type=input_keyword_search‘ ‘&search_position=search_tab‘ ‘&from_search_subtab=‘ ‘&offset=0‘ ‘&search_id=‘ ‘&has_count=0&qc_query=‘
head = {
‘Accept‘: ‘*/*‘,
‘Accept-Encoding‘: ‘gzip,deflate‘,
‘Accept-Language‘: ‘zh-CN,en-US;q=0.8‘,
‘User-Agent‘: ‘Mozilla/5.0 (Linux; Android 7.0; HUAWEI CAZ-AL10 Build/HUAWEICAZ-AL10; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 JsSdk/2 NewsArticle/7.0.1 NetType/wifi‘,
‘X-Requested-With‘: ‘com.ss.android.article.news‘
}
req = requests.get(url=url, headers=head,verify=False).json()
data = req.get("data")
url_list = []
for item in data:
display_list = item.get(‘display‘)
if display_list:
album_group_dict = display_list.get(‘album_group‘)
if album_group_dict:
extra = str(album_group_dict.get(‘extra‘))
item_list = extra.split(‘,‘)
for e in item_list:
if e.find("album_group_url") > -1:
url = e[e.find(":") + 1:]
url = url.replace("\"", "")
url_list.append(url)
break
else:
url = display_list.get(‘url‘)
if url:
url_list.append(url)
print(url_list)
def catchdata_sogo(self,url):
chrome_options = Options()
chrome_options.add_argument(‘--headless‘)
chrome_options.add_argument(‘--disable-gpu‘)
self.driver = webdriver.Chrome(chrome_options=chrome_options)
self.driver.set_page_load_timeout(10)
self.driver.maximize_window()
# self.driver = webdriver.PhantomJS(service_args=[‘--load-images=false‘])
# self.driver.set_page_load_timeout(20)
# self.driver.maximize_window()
try:
self.driver.get(url)
print(url)
# handles = self.driver.window_handles # 获取当前窗口句柄集合(列表类型)
# self.driver.switch_to.window(handles[2 - 1])
time.sleep(2)
selenium_html = self.driver.execute_script("return document.documentElement.outerHTML")
doc = pq(selenium_html)
elements = doc("div[class=‘content-txt‘]").find("p")
for element in elements.items():
print(element.text())
elements = doc("p[class=‘mod-base-item‘]").find("span")
for element in elements.items():
print(element.text())
except Exception as ex:
print(ex)
def catchdata_so(self, url):
chrome_options = Options()
chrome_options.add_argument(‘--headless‘)
chrome_options.add_argument(‘--disable-gpu‘)
self.driver = webdriver.Chrome(chrome_options=chrome_options)
self.driver.set_page_load_timeout(10)
self.driver.maximize_window()
# self.driver = webdriver.PhantomJS(service_args=[‘--load-images=false‘])
# self.driver.set_page_load_timeout(20)
# self.driver.maximize_window()
try:
self.driver.get(url)
print(url)
# handles = self.driver.window_handles # 获取当前窗口句柄集合(列表类型)
# self.driver.switch_to.window(handles[2 - 1])
time.sleep(2)
selenium_html = self.driver.execute_script("return document.documentElement.outerHTML")
doc = pq(selenium_html)
elements = doc("div[class=‘cp-info-main‘]")
for element in elements.items():
print(element(‘h3‘).text())
# print(element("p[class=‘js-info-upinfo‘]").text())
print(element(‘p‘).text())
except Exception as ex:
print(ex)
def test(self,link):
req = requests.get(url=link, headers=self.headers2, verify=False)
json_str = req.content.decode()
print(json_str)
if __name__ == ‘__main__‘:
obj = app_data()
# http://m.video.so.com/android/va/Zs5sb3Ny7JA4DT.html
# https://m.douguo.com/search/trecipe/%E4%B8%AD%E9%A4%90%E5%8E%85/0?f=tt
# https://baike.sogou.com/m/fullLemma?ch=jrtt.search.item&cid=xm.click&lid=167408303
# obj.catch_app_data(‘‘)
# 湖南卫视中餐厅
# keywords = [‘湖南卫视中餐厅‘,‘农广天地‘,‘看台‘,‘十年‘,‘CCTV-4远方的家‘,‘CCTV热线12‘]
# for keyword in keywords:
# obj.cat_app_list(keyword)
# print(‘\n‘)
obj.cat_app_list(‘CCTV热线12‘)
# obj.catchdata_sogo(‘https://baike.sogou.com/m/fullLemma?ch=jrtt.search.item&cid=xm.click&lid=167408303#lemmaHome‘)
# obj.catchdata_so(‘http://m.video.so.com/android/va/Zs5sb3Ny7JA4DT.html‘)
# obj.catchdata_so(‘http://m.video.so.com/android/va/YcMpcKVv82YBDz.html‘)
# obj.parserurl()
# obj.test(‘http://m.video.so.com/android/va/Zs5sb3Ny7JA4DT.html‘)
输出结果如下:
5、总结
需要注意的是,必须先运行Fidder,然后再在手机上进行相关的操作,顺序不能乱,如果在不运行fidder的情况下,操作手机,将无法联网
抓不到https包,fiddler并不是支持全部协议
fiddler并不支持全部协议,目前已知的有http2、tcp、udp、websocket等,如果应用走了以上协议,那么fiddler肯定是抓不到的。
http2:因为fiddler是基于.net framework实现的,因为.net framework不支持http2,所以fiddler无法抓取http2
证书写死在app中,fiddler不能抓取
fiddler抓包的原理是中间人攻击,也就是说,两头瞒,欺骗客户端&&欺骗服务器端,如果https证书写死在app里,也就是说,app不信任fiddler颁发给它的证书,
app只信任自己的证书,fiddler没法瞒客户端了,因此fiddler也就抓取不到包了。
再多说几句,如果是自己开发的app,开发调试方便起见,可以使用类似wireshark的工具导入服务器证书,抓包解密。