Infiltration Artifact Series Fiddler

The world rises and falls. The left side of the Hua Deng is on the right hand side. On the right hand side is the bustling star point

This article, as the second part of the Infiltration Artifact series, will introduce a web traffic capture analysis tool, Fiddler, which is popular in the web test development community. The function of Fiddler is not to be mentioned here. The simple summary is to capture, change, and replay. The focus of this article is not on the basic usage of Fiddler, but on how to program your own custom Fiddler. Most of the content recorded in this article comes from the Internet. If you feel that the old content can be detoured by yourself, it can be used for personal inquiry.

Modify the rules file CustomRules.js

CustomRules.js is written in Jscript.NET and has a syntax similar to C#. By modifying CustomRules.js, you can modify the http request and response, without interrupting the program, you can also do special processing for different urls.

CustomRules.js file location

Fiddler Tools menu bar:

1
rules->CustomRules

Local computer disk storage address:

1
C:\Documents and Settings\[your user]\MyDocuments\Fiddler2\Scripts\CustomRules.js

Common Content

Share a common content first:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
static function OnBeforeRequest(oSession: Session) {
// oSession.oRequest.headers.Remove("Cookie"); //Remove cookies from the request package
// oSession.oRequest["Referer"]="http://www.baidu.com"; //Set referer to baidu
// if (oSession.HTTPMethodIs("POST")){ //POST is changed to GET
// oSession.RequestMethod="GET";
// }
// var strBody=oSession.GetRequestBodyAsString(); //Get the body content in the request package and modify its contents.
// // // strBody=strBody.replace("111","222"); //Replace string
// strBody="11111111111111111111111111111111111"+strBody; //Add garbage data in front of the sent packet
// // // strBody=strBody.ToUpper(); //all converted to uppercase
// // // strBody=strBody.ToLower(); //all converted to lowercase
// oSession.utilSetRequestBody(strBody);
}

As shown above, modifying the code under the OnBeforeRequest function can automatically modify some of the parameters in the request packet before sending the request. If you can add or delete cookies, headers parameters, you can modify the type of request packets, etc., the main role is to achieve a special role in penetration testing, such as bypassing the firewall.

Common Functions

Http request function: Modify the function content, you can modify some parameters before sending the http request packet.

1
static function OnBeforeRequest(oSession: Session)

Http response function: modify the content of the function, you can modify some parameters before receiving the http response packet

1
static function OnBeforeResponse(oSession: Session)

Method property in #### function

Filtering a url
1
if (oSession.host.indexOf("thief.one") > -1) {}
Modify the display style in the session
1
oSession["ui-color"] = "orange"; # is the color of the record display
Remove a field from the http header
1
oSession.oRequest.headers.Remove("");
Modify the contents of a field in the http header
1
oSession.oRequest["Referer"] = "http://thief.one";
Modify host
1
oSession.host = "thief.one";
Modifying the Origin field
1
oSession.oRequest["Origin"] = "http://thief.one";
Remove all cookies
1
oSession.oRequest.headers.Remove("Cookie");
1
oSession.oRequest.headers.Add("Cookie", "username=nMask;");
Get the body string in the Request
1
var strBody=oSession.GetRequestBodyAsString();
Use regular expression or replace method to modify string
1
strBody=strBody.replace("thief","nmask");
Play a dialog box to check the modified body
1
FiddlerObject.alert(strBody);
Rewrite the modified body to the Request
1
oSession.utilSetRequestBody(strBody);
Modify request url

For example, replace the http protocol in the request URI with the https protocol.

1
oSession.fullUrl = "https" + oSession.fullUrl.Substring(oSession.fullUrl.IndexOf(':'));

Network speed limit

1000/download speed = time required for delay (milliseconds), such as 20kB/s requires delay 50ms to receive data.

1
2
3
4
5
6
if (m_SimulateModem) {
// Delay sends by 300ms per KB uploaded.
oSession["request-trickle-delay"] = "300";
// Delay receives by 150ms per KB downloaded.
oSession["response-trickle-delay"] = "150";
}

Fiddler can customize a lot of functions. These are some of the things that I usually use. For more usage, please refer to the official documentation: [Fiddler Documentation] (http://docs.telerik.com/fiddler/Configure-Fiddler/Tasks /ConfigureFiddler)

Portal

[[Infiltration Artifact Series] Metasploit] (http://thief.one/2017/08/01/1/)
[[Infiltration Artifact Series] DNS Information Query] (http://thief.one/2017/07/12/1/)
[[Infiltration artifact series] nc] (http://thief.one/2017/04/10/1/)
[Infiltration artifact series] nmap
[Infiltration Artifact Series] Search Engine
[[Infiltration Artifact Series] WireShark] (http://thief.one/2017/02/09/WireShark%E8%BF%87%E6%BB%A4%E8%A7%84%E5%88%99/)

Reference: http://www.open-open.com/lib/view/open1429059806736.html

本文标题:Infiltration Artifact Series Fiddler

文章作者:nmask

发布时间:2017年04月27日 - 09:04

最后更新:2019年08月16日 - 15:08

原始链接:https://thief.one/2017/04/27/01/en/

许可协议: 署名-非商业性使用-禁止演绎 4.0 国际 转载请保留原文链接及作者。

nmask wechat
欢迎您扫一扫上面的微信公众号,订阅我的博客!
坚持原创技术分享,您的支持将鼓励我继续创作!

热门文章推荐: