#Fiddler配置与使用
Fiddler是最常用的HTTP调试代理工具,特别适合移动端抓包。
#Fiddler基础配置
# Fiddler配置要点
1. 确保勾选 "Capture HTTPS CONNECTs" - 捕获HTTPS连接
2. 勾选 "Decrypt HTTPS traffic" - 解密HTTPS流量
3. 忽略服务器证书错误 - Tools > Options > HTTPS > Ignore server certificate errors
4. 设置监听端口(默认8888)- Tools > Options > Connections
# FiddlerScript自定义规则
static function OnBeforeRequest(oS: Session) {
// 过滤特定域名
if (oS.HostnameIs("api.example.com")) {
oS.bBufferResponse = true;
}
// 修改请求头
if (oS.uriContains("/api/")) {
oS.oRequest["X-Custom-Header"] = "AppCrawler";
}
}
static function OnBeforeResponse(oS: Session) {
// 修改响应内容
if (oS.oResponse.MIMEType == "application/json") {
oS.utilDecodeResponse();
var body = oS.GetResponseBodyAsString();
// 处理响应数据
oS.utilSetResponseBody(body);
}
}#Python集成Fiddler
import requests
import json
from typing import Dict, List, Optional
import time
class FiddlerProxy:
"""Fiddler代理控制类"""
def __init__(self, proxy_host='127.0.0.1', proxy_port=8888):
self.proxy_host = proxy_host
self.proxy_port = proxy_port
self.proxies = {
'http': f'http://{proxy_host}:{proxy_port}',
'https': f'http://{proxy_host}:{proxy_port}'
}
self.session = requests.Session()
self.session.proxies.update(self.proxies)
print(f"Fiddler代理配置完成: {proxy_host}:{proxy_port}")
def test_proxy_connection(self) -> bool:
"""测试代理连接"""
try:
response = self.session.get('http://www.baidu.com', timeout=10)
success = response.status_code == 200
print(f"代理连接测试: {'成功' if success else '失败'}")
return success
except Exception as e:
print(f"代理连接测试失败: {e}")
return False
def capture_traffic(self, target_url: str, method='GET', **kwargs) -> Dict:
"""捕获流量详细信息"""
try:
start_time = time.time()
if method.upper() == 'GET':
response = self.session.get(target_url, **kwargs)
elif method.upper() == 'POST':
response = self.session.post(target_url, **kwargs)
elif method.upper() == 'PUT':
response = self.session.put(target_url, **kwargs)
elif method.upper() == 'DELETE':
response = self.session.delete(target_url, **kwargs)
else:
raise ValueError(f"不支持的HTTP方法: {method}")
end_time = time.time()
duration = end_time - start_time
return {
'status_code': response.status_code,
'headers': dict(response.headers),
'body': response.text,
'url': response.url,
'method': method.upper(),
'duration': duration,
'content_length': len(response.content),
'request_headers': dict(kwargs.get('headers', {})),
'request_data': kwargs.get('data', kwargs.get('json', ''))
}
except Exception as e:
return {'error': str(e), 'url': target_url, 'method': method.upper()}
def monitor_app_traffic(self, app_domains: List[str], duration: int = 300) -> List[Dict]:
"""监控特定App的流量"""
print(f"开始监控App流量,目标域名: {app_domains},持续时间: {duration}秒")
captured_data = []
start_time = time.time()
# 这里实际应该通过Fiddler的API或日志来监控流量
# 由于无法直接控制Fiddler,我们模拟监控过程
import threading
import time as thread_time
def capture_loop():
counter = 0
while thread_time.time() - start_time < duration:
# 模拟捕获到的请求
for domain in app_domains:
import random
if random.random() > 0.7: # 30%概率捕获请求
captured_data.append({
'timestamp': thread_time.time(),
'url': f'https://{domain}/api/v1/data',
'method': random.choice(['GET', 'POST']),
'status': random.choice([200, 201, 404, 500]),
'size': random.randint(100, 10000)
})
thread_time.sleep(1) # 每秒检查一次
monitor_thread = threading.Thread(target=capture_loop)
monitor_thread.daemon = True
monitor_thread.start()
monitor_thread.join(timeout=duration)
print(f"流量监控完成,共捕获 {len(captured_data)} 条请求")
return captured_data
# 配置移动设备使用Fiddler代理
def configure_mobile_proxy_setup():
"""配置移动设备代理详细指南"""
config_guide = """
=== 移动设备代理配置详细指南 ===
1. 确保手机和电脑在同一WiFi网络
2. 在电脑上启动Fiddler并确认代理服务运行
3. 记录电脑IP地址(cmd: ipconfig 或 ifconfig)
4. 在手机WiFi设置中找到当前连接
5. 配置代理为手动
6. 服务器地址:电脑IP地址(如:192.168.1.100)
7. 端口号:8888(Fiddler默认端口)
8. 保存设置
=== 证书安装步骤 ===
1. 在手机浏览器访问:http://<电脑IP>:8888
2. 点击"FiddlerRoot certificate"下载证书
3. 根据Android版本安装证书到受信任凭据
4. Android 7+ 需要将证书安装到系统区(需要ROOT)
"""
print(config_guide)
return config_guide
def fiddler_demo():
"""Fiddler使用演示"""
proxy = FiddlerProxy()
if proxy.test_proxy_connection():
print("✓ Fiddler代理连接成功")
# 捕获示例流量
result = proxy.capture_traffic('http://httpbin.org/get', method='GET')
print(f"捕获结果状态: {result.get('status_code', 'Error')}")
else:
print("✗ Fiddler代理连接失败")