码:
public class ProxyConfig
{
private readonly string _secureEndpointHostname = IPAddress.Any.ToString();
private readonly int _secureEndpointPort = 4555;
private readonly int _port = 18882;
private static readonly ICollection<Session> AllSessions = new List<Session>();
private static Fiddler.Proxy _secureEndpoint;
private static readonly LoggerCnx Logger = new LoggerCnx();
private Action<string> onRequest;
public ProxyConfig()
{
}
public ProxyConfig(Action<string> onRequest)
{
this.onRequest = onRequest;
}
public void SetupProxyListener()
{
FiddlerApplication.SetAppDisplayName("FiddlerCoreProxyApp");
// This is a workaround for known issue in .NET Core - https://github.com/dotnet/coreclr/issues/12668
CultureInfo.DefaultThreadCurrentUICulture = new CultureInfo("en-US");
// Simply echo notifications to the console. Because Fiddler.CONFIG.QuietMode=true
// by default,we must handle notifying the user ourselves.
//Fiddler.FiddlerApplication.OnNotification += delegate (object sender,NotificationEventArgs oNEA) { System.Diagnostics.Debug.WriteLine("** NotifyUser: " + oNEA.NotifyString); };
FiddlerApplication.Log.OnLogString += delegate (object sender,LogEventArgs oLEA) { Logger.Info("** LogString: " + oLEA.LogString); };
FiddlerApplication.BeforeRequest += delegate (Session session)
{
if (!CertMaker.rootCertIsTrusted())
{
CertMaker.trustRootCert();
}
if (onRequest != null)
{
onRequest(session.fullUrl);
}
// In order to enable response tampering,buffering mode MUST
// be enabled; this allows FiddlerCore to permit modification of
// the response in the BeforeResponse handler rather than streaming
// the response to the client as the response comes in.
session.bBufferResponse = false;
lock (AllSessions)
{
AllSessions.Add(session);
Logger.Info("Session: " + session.fullUrl);
}
session["X-AutoAuth"] = "(default)";
if ((session.oRequest.pipeClient.LocalPort == _secureEndpointPort) && (session.hostname == _secureEndpointHostname))
{
session.utilCreateResponseAndBypassServer();
session.oResponse.headers.SetStatus(200,"OK");
session.oResponse["Content-Type"] = "text/html; charset=UTF-8";
session.oResponse["Cache-Control"] = "private,max-age=0";
session.utilSetResponseBody("<html><body>Request for httpS://" + _secureEndpointHostname + ":" + _secureEndpointPort.ToString() + " received. Your request was:<br /><plaintext>" + session.oRequest.headers.ToString());
}
};
Logger.Info($"Starting {FiddlerApplication.GetVersionString()}...");
CONFIG.IgnoreServerCertErrors = true;
CONFIG.bCaptureCONNECT = true;
FiddlerApplication.Prefs.SetBoolPref("fiddler.network.streaming.abortifclientaborts",true);
FiddlerCoreStartupFlags startupFlags = FiddlerCoreStartupFlags.Default;
startupFlags = (startupFlags | FiddlerCoreStartupFlags.DecryptSSL);
startupFlags = (startupFlags | FiddlerCoreStartupFlags.AllowRemoteClients);
startupFlags = (startupFlags & ~FiddlerCoreStartupFlags.MonitorAllConnections);
startupFlags = (startupFlags & ~FiddlerCoreStartupFlags.CaptureLocalhostTraffic);
FiddlerApplication.Startup(_port,startupFlags);
Logger.Info("Created endpoint listening on port {0}",_port);
Logger.Info("Starting with settings: [{0}]",startupFlags);
Logger.Info("Gateway: {0}",CONFIG.UpstreamGateway.ToString());
// Create a HTTPS listener,useful for when FiddlerCore is masquerading as a HTTPS server
// instead of acting as a normal CERN-style proxy server.
_secureEndpoint = FiddlerApplication.CreateProxyEndpoint(_secureEndpointPort,true,_secureEndpointHostname);
if (null != _secureEndpoint)
{
Logger.Info("Created secure endpoint listening on port {0},using a HTTPS certificate for '{1}'",_secureEndpointPort,_secureEndpointHostname);
}
}
}
其目的是捕获和分析来自Windows,Mac OS X,Android和iOS浏览器(主要是桌面和移动设备上的Chrome,Firefox和Safari)的流量.
到目前为止,它似乎正在努力:
> Windows浏览器:Chrome,Firefox.不适用于IE和Edge@H_404_11@> Android:Chrome@H_404_11@> Mac OS:Chrome,Firefox. Safari无法正常工作@H_404_11@> iOS:没有
在我的日志文件中,我看到Fiddler在浏览器无法正常工作时记录以下错误(适用于所有设备). HTTPS请求的示例:
2018-02-14 17:25:50.3860 | INFO | ** LogString:@H_404_11@ !SecureClientPipeDirect Failed: System.IO.IOException Authentication@H_404_11@ Failed because the remote party has closed the transport stream. for@H_404_11@ pipe (CN=*.optimizely.com,O=DO_NOT_TRUST_BC,OU=Created by@H_404_11@ 07001)
从我在过去几天读到的试图为此找到解决方案的内容来看,原因是设备上不信任的证书.
这些测试使用他们提供的名为BrowserStack Local的功能在BrowserStack上运行.有关它的详细信息是here和here.
现在我的问题可以分为桌面和移动:
>为什么Chrome和Firefox能够发出HTTPS请求,而IE,Edge和Safari却无法做到这一点?@H_404_11@>对于iOS,特别是有一个Fiddler for iOS文档here,指定了配置设备所需的步骤.但是,正如我已经提到的,我不使用内部iOS设备,而是使用BrowserStack提供的物理设备.有没有办法以编程方式信任iOS设备(iOS 9.x,iOS 10.x,iOS 11.x)上的证书?
我可以使用任何变通方法吗?
编辑:@H_404_11@FiddlerCore and BrowserStack Local logs are here.
解决方法
SSL2 shouldn’t ever be enabled,and it isn’t enabled in Fiddler unless@H_404_11@ you go out of the way to shoot yourself in the foot.
If you’ve properly configured your iOS device to trust Fiddler’s root@H_404_11@ certificate,then HTTPS interception will work properly in clients@H_404_11@ except where certificate pinning is in use. While Certificate Pinning@H_404_11@ in Chrome won’t matter on the Desktop,on iOS they ignore the Trusted@H_404_11@ Certificates store and as a consequence Fiddler interception will not@H_404_11@ work. But most sites and apps do not use pinning. If a site or app@H_404_11@ uses pinning,there’s no workaround short of jailbreaking the device.@H_404_11@ This isn’t a limitation unique to Fiddler– every HTTPS-decrypting@H_404_11@ proxy has exactly the same limitation.
我想这将回答你的第一个答案以及IE正在使用证书固定以及我记得很多.
