我写了一个小程序来捕获 https 流量。我想使用该软件捕获DECODED获取和发布数据。
如您所知,Fiddler 应用程序可以像魅力一样做到这一点,现在我正在寻找一种在我的程序中做到这一点的方法。
例如,这是我的代码:
void FiddlerApplication_AfterSessionComplete(Fiddler.Session oSession)
{
this.Invoke(new MethodInvoker(delegate
{
oSession.bBufferResponse = true;
txtLog.Text += "full-url : \r\n" + oSession.fullUrl.ToString() + "\r\n-----------------------------------------------\r\n";
txtLog.Text += "method : \r\n" + oSession.oRequest.headers.HTTPMethod + "\r\n-----------------------------------------------\r\n";
txtLog.Text += "request headers : \r\n" + oSession.oRequest.headers + "\r\n-----------------------------------------------\r\n";
txtLog.Text += "responce headers : \r\n" + oSession.oResponse.headers + "\r\n-----------------------------------------------\r\n";
txtLog.Text += "get request body as string : \r\n" + oSession.GetRequestBodyAsString() + "\r\n-----------------------------------------------\r\n";
txtLog.Text += "request body bytes : \r\n" + oSession.requestBodyBytes + "\r\n>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\r\n";
txtLog.SelectionStart = txtLog.Text.Length;
txtLog.ScrollToCaret();
}));
}
和 get request body as string in txtLog 对于 https 网页如下:
get request body as string :
A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.
Major Version: 3
Minor Version: 1
Random: 52 02 18 75 64 2D 8D 65 75 B9 C4 1B 58 76 92 3E 6B C5 BF 1D 3B D4 53 5D D2 FA CA D8 BF CE 02 5D
SessionID: empty
Ciphers:
[002F] TLS_RSA_AES_128_SHA
这个握手部分是什么,我该如何解码?
如您所知,已安装的 fiddler 应用程序中有两个文件(TrustCert.exe 和 makecert.exe)。
这些文件是什么?我可以在我的小应用程序中使用它们来解码数据吗?如何?
提前致谢
最佳答案
FiddlerCore类库使用中间人方法解密 HTTPS 流量。
正如在 Fiddler book 中讨论的那样:
The HTTPS protocol sandwiches an encrypted (SSL or TLS) connection between HTTP requests and the underlying TCP/IP network connection upon which those requests are sent. Network intermediaries or observers are thus prevented from viewing or modifying the HTTP traffic thanks to the use of the cryptographic protocols. You might then be surprised to learn that Fiddler can both view and modify HTTPS traffic if configured appropriately. Fiddler achieves this by using a “man-in-the-middle” approach to HTTPS, which means that when talking to the client, it pretends to be the server, and when talking to the server, it pretends to be the client.
The HTTPS protocol is explicitly designed to block this attack by using digital certificates to authenticate the identity of a HTTPS server (and optionally the client). When a client receives a certificate from the server, it validates that the certificate itself is trustworthy by determining whether it is chained to a Root Certification Authority that is trusted by the client or the operating system. Since you are typically running Fiddler on your own computer, you can reconfigure your browser or operating system to trust Fiddler’s root certificate. After you do so, the client application will not complain when it detects that traffic is being protected by Fiddler-generated certificates.
如果您的目标是将此功能嵌入到您的应用程序中,您应该在您的应用程序中简单地使用 FiddlerCore——这就是它存在的原因!
关于您关于“握手”的问题——握手是客户端和服务器如何就 HTTPS 通信的参数达成一致(例如,使用什么密码和 key )。您无需“解码”握手本身——FiddlerCore 会为您处理。
您可能会感到困惑,因为 HTTPS 流量在 HTTP CONNECT 隧道内运行,并且该隧道在 FiddlerCore 中也是可见的。为确保您的 HTTPS session 也被捕获,请务必在调用 Startup 方法时传递 FiddlerCoreStartupFlags.DecryptSSL 标志。此外,请确保 makecert.exe 与程序的可执行文件位于同一文件夹中。
此外,请记住,在 Session 已经完成处理后设置bBufferResponse 属性没有任何效果;你应该删除它。
关于c# - FiddlerCore如何解密HTTPS流量,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/18099240/