The world rises and falls. The left side of the Hua Deng is on the right hand side. On the right hand side is the bustling star point
This article, as the second part of the Infiltration Artifact series, will introduce a web traffic capture analysis tool, Fiddler, which is popular in the web test development community. The function of Fiddler is not to be mentioned here. The simple summary is to capture, change, and replay. The focus of this article is not on the basic usage of Fiddler, but on how to program your own custom Fiddler. Most of the content recorded in this article comes from the Internet. If you feel that the old content can be detoured by yourself, it can be used for personal inquiry.
CustomRules.js is written in Jscript.NET and has a syntax similar to C#. By modifying CustomRules.js, you can modify the http request and response, without interrupting the program, you can also do special processing for different urls.
Fiddler Tools menu bar:
Local computer disk storage address:
Share a common content first:
As shown above, modifying the code under the OnBeforeRequest function can automatically modify some of the parameters in the request packet before sending the request. If you can add or delete cookies, headers parameters, you can modify the type of request packets, etc., the main role is to achieve a special role in penetration testing, such as bypassing the firewall.
Http request function: Modify the function content, you can modify some parameters before sending the http request packet.
Http response function: modify the content of the function, you can modify some parameters before receiving the http response packet
Method property in #### function
For example, replace the http protocol in the request URI with the https protocol.
1000/download speed = time required for delay (milliseconds), such as 20kB/s requires delay 50ms to receive data.
Fiddler can customize a lot of functions. These are some of the things that I usually use. For more usage, please refer to the official documentation: [Fiddler Documentation] (http://docs.telerik.com/fiddler/Configure-Fiddler/Tasks /ConfigureFiddler)
[[Infiltration Artifact Series] Metasploit] (http://thief.one/2017/08/01/1/)
[[Infiltration Artifact Series] DNS Information Query] (http://thief.one/2017/07/12/1/)
[[Infiltration artifact series] nc] (http://thief.one/2017/04/10/1/)
[Infiltration artifact series] nmap
[Infiltration Artifact Series] Search Engine
[[Infiltration Artifact Series] WireShark] (http://thief.one/2017/02/09/WireShark%E8%BF%87%E6%BB%A4%E8%A7%84%E5%88%99/)