Common packet capturing tools include Fiddler, Wireshark, HTTPWatch, Firebug, and F12. These tools capture various protocols: Fiddler is used for HTTP and HTTPS protocols, while Wireshark captures a broader range of protocols. Both Fiddler and Wireshark allow modification of interface parameters and return values, whereas typical F12 debugging tools are limited to viewing interface parameters and response values.
- Fiddler is most suitable for packet capturing during APP testing;
- Wireshark is suitable for capturing entire traffic;
- Burpsuiteâs biggest feature is capturing and modifying packets.
0x01 Fiddler Principle
Fiddler works as a proxy web server. The browser communicates with the server by establishing a TCP connection using the HTTP protocol. By default, the browser sends HTTP requests to the server itself, using the proxy address: 127.0.0.1, port: 8888. When Fiddler is enabled, it automatically sets the proxy, and it automatically deregisters the proxy upon exit, thus not affecting other programs. However, if Fiddler exits abnormally, it might cause web pages to be inaccessible since Fiddler hasnât automatically deregistered; restarting Fiddler can resolve this issue.
> >
0X02 Install Application
1. Download the latest version of Fiddler, it is strongly recommended to download from the official website:https://www.telerik.com/download/fiddler
2. Proceed with the standard installation,
Click next, next, and after the installation is complete, there is no need to open the software immediately.
3. Download and install Fiddler Certificate Generator:
http://www.telerik.com/docs/default-source/fiddler/addons/fiddlercertmaker.exe?sfvrsn=2
4. Open Fiddler for settings
Click Tools on the toolbarâ>Options
5. Click on HTTPS, check Decrypt HTTPS traffic and Ignore server certificate (unsafe)
6. Click Actions, click Export Root Certificate to Desktop
[Note] This will generate a certificate on your computer
7. Configure HTTPS settings and connections, check the options
8. Install the Thunderbolt Simulator https://www.ldmnq.com/
9. After installation, double click on the desktop to open the Thunderbolt Simulator, click settings
10. After installation, double click on the desktop to open the Thunderbolt Simulator, click settings
11. Select network settings, check bridge mode, click Install Driver, click OK, click Save Settings
12. Open the simulator, set up the proxy. Find system apps, click Settings, click Wi-Fi WLANâ>right-click the connected networkâ>modify the network
13. Import the certificate file FiddlerRoot.cer exported in Step 6 into the simulator
Click to complete import
14. Open system apps in the simulatorâ>Settingsâ>Securityâ>Install from SD card. Locate the FiddlerRoot.cer file, follow the prompts to import; note that this process requires a name and unlock pattern, etc.
Settings â Security â Name the certificate
Or another method to install certificate:
Open the browser in the Thunderbolt Simulator, visit the previously set local IP and port, you can automatically download the certificate for installation
Process as follows
Mobile (Client) Settings
Ensure Fiddler and the phone are on the same local area network, set the phoneâs proxy server address to the Fiddler server address.
Set the proxy server
When using the https protocol, you need to download the certificate (as needed)
Visit the Fiddler server on the phone browserâdownload the certificateâinstall the certificate (SettingsâSecurityâCredential storageâInstall from SD card)
Download certificate
15. Open Fiddler, restart the simulator, enter the set password, press enter, open the application that requires packet capturing, and you can start capturing packets of the app on the computer.
Common icon meanings