我有这个测试工具试用Fiddler Core:
static void Main(string[] args)
{
#region AttachEventListeners
//
// It is important to understand that FiddlerCore calls event handlers on the
// session-handling thread. If you need to properly synchronize to the UI-thread
// (say, because you're adding the sessions to a list view) you must call .Invoke
// on a delegate on the window handle.
//
// Simply echo notifications to the console. Because Fiddler.CONFIG.QuietMode=true
// by default, we must handle notifying the user ourselves.
Fiddler.FiddlerApplication.OnNotification += delegate(object sender, NotificationEventArgs oNEA)
{
Console.WriteLine("** NotifyUser: " + oNEA.NotifyString);
};
Fiddler.FiddlerApplication.Log.OnLogString += delegate(object sender, LogEventArgs oLEA)
{
Console.WriteLine("** LogString: " + oLEA.LogString);
};
Fiddler.FiddlerApplication.BeforeRequest += delegate(Fiddler.Session oS)
{
Console.WriteLine("Before request for:\t" + oS.fullUrl);
// In order to enable response tampering, buffering mode must
// be enabled; this allows FiddlerCore to permit modification of
// the response in the BeforeResponse handler rather than streaming
// the response to the client as the response comes in.
oS.bBufferResponse = false;
};
Fiddler.FiddlerApplication.BeforeResponse += delegate(Fiddler.Session oS)
{
Console.WriteLine("{0}:HTTP {1} for {2}", oS.id, oS.responseCode, oS.fullUrl);
// Uncomment the following two statements to decompress/unchunk the
// HTTP response and subsequently modify any HTTP responses to replace
// instances of the word "Microsoft" with "Bayden"
//oS.utilDecodeResponse(); oS.utilReplaceInResponse("Microsoft", "Bayden");
};
Fiddler.FiddlerApplication.AfterSessionComplete += delegate(Fiddler.Session oS)
{
Console.WriteLine("Finished session:\t" + oS.fullUrl);
};
// Tell the system console to handle CTRL+C by calling our method that
// gracefully shuts down the FiddlerCore.
Console.CancelKeyPress += new ConsoleCancelEventHandler(Console_CancelKeyPress);
#endregion AttachEventListeners
Console.WriteLine("Starting FiddlerCore...");
// For the purposes of this demo, we'll forbid connections to HTTPS
// sites that use invalid certificates
Fiddler.CONFIG.IgnoreServerCertErrors = true;
Fiddler.CONFIG.bMITM_HTTPS = true;
Fiddler.CertMaker.removeFiddlerGeneratedCerts();
if (!Fiddler.CertMaker.rootCertExists())
{
if (!Fiddler.CertMaker.createRootCert())
{
throw new Exception("Unable to create cert for FiddlerCore.");
}
}
if (!Fiddler.CertMaker.rootCertIsTrusted())
{
if (!Fiddler.CertMaker.trustRootCert())
{
throw new Exception("Unable to install FiddlerCore's cert.");
}
}
// Because we've chosen to decrypt HTTPS traffic, makecert.exe must
// be present in the Application folder.
Fiddler.FiddlerApplication.Startup(8877, true, true);
Console.WriteLine("Hit CTRL+C to end session.");
// Wait Forever for the user to hit CTRL+C.
// BUG BUG: Doesn't properly handle shutdown of Windows, etc.
Object forever = new Object();
lock (forever)
{
System.Threading.Monitor.Wait(forever);
}
}
/// <summary>
/// When the user hits CTRL+C, this event fires. We use this to shut down and unregister our FiddlerCore.
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
static void Console_CancelKeyPress(object sender, ConsoleCancelEventArgs e)
{
Console.WriteLine("Shutting down...");
Fiddler.FiddlerApplication.Shutdown();
System.Threading.Thread.Sleep(750);
}
这个测试工具有效,我可以捕获HTTPS流量,这是我实际工具所需要的。 但是,每次工具启动时,用户都必须重新安装并重新信任证书。如果我不打电话
Fiddler.CertMaker.removeFiddlerGeneratedCerts();
每次,该工具都不会捕获HTTPS流量,并且我监控的应用程序停止工作,因为很明显,该请求似乎被Fiddler拦截但未被路由到应用程序。
我如何设置它以便每次都不必删除fiddler证书?
答案 0 :(得分:1)
您的应用程序文件夹中有CertMaker.dll,这意味着每次应用程序启动时都会重新生成新的根证书和新的EE证书。
要防止出现这种情况,您需要缓存偏好设置fiddler.certmaker.bc.key和fiddler.certmaker.bc.cert
或删除CertMaker.dll并允许应用默认的makecert.exe证书逻辑。