Advanced Web Debugging with Fiddler
On this post, I will introduce a penetration of the web test development industry. It is more popular a web traffic capture package analysis tool. Fiddler’s function here is not to say, a simple summary is to capture the package, change the package, replay. The focus of this article is not to introduce the basic usage of Fiddler, but to introduce how to build their own custom programming Fiddler. Most of the contents of this article from the Internet, such as the contents of the old can be self-bypass, all when the personal inquiries, can be sprayed.
Modify the rules file CustomRules.js
CustomRules.js is written in Jscript.NET and has a syntax similar to C #. By modifying the CustomRules.js can modify the http request and response, without interrupting the program, you can also do a special treatment for different url.
CustomRules.js file location
Fiddler Tools Menu Bar:
First share a common content:
As shown above, modify the code under the OnBeforeRequest function to automatically modify some of the parameters in the request packet before sending the request. Such as can be added to change the cookie, headers header parameters, you can modify the type of request package, the main role is to achieve a specific role in the penetration test, such as bypassing the firewall.
Http request function: that is, modify the contents of the function, you can send http request packet before modifying some parameters.
Http response function: that is, modify the contents of the function, you can receive http response packet before modifying some parameters
The method properties in the function
Filter an url
Modify the display style in the session
Remove a field from the http header
Modify the contents of a field in the http header
Modify the Origin field
Gets the body string in the Request
Use regular expressions or replace methods to modify string
Play a dialog box to check the modified body
Will modify the body, re-write back to the Request
Modify request url
For example: Replace the http protocol in the request URI with the https protocol.
Network speed limit
1000/download speed = time to be delayed (milliseconds), such as 20kB/s delay50 milliseconds to receive data.