利用fiddler core api 拦截修改 websocket 数据

Posted mysgk

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了利用fiddler core api 拦截修改 websocket 数据相关的知识,希望对你有一定的参考价值。

一般的中间人攻击基本都是拦截修改普通的http协议里面的内容,而对于怎么拦截修改websocket协议传输的内容好像都没有多少介绍.
talk is cheap show me the code

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using Fiddler;


namespace Intercept_HTTP_requests
{
    public partial class Form1 : Form
    {
        public Form1()
        {

            InitializeComponent();
            SetSSLCer();

            FiddlerApplication.OnNotification += delegate (object sender, NotificationEventArgs oNEA) { Console.WriteLine("** NotifyUser: " + oNEA.NotifyString); };
            FiddlerApplication.Log.OnLogString += delegate (object sender, LogEventArgs oLEA) { Console.WriteLine("** LogString: " + oLEA.LogString); };
            FiddlerApplication.OnWebSocketMessage += FiddlerApplication_OnWebSocketMessage;
            FiddlerApplication.Startup(8877, true, true);

        }

        public static byte[] hexStringToBytes(String hexString)
        {
            hexString = hexString.Replace("-", "");
            int length = hexString.Length / 2;
            char[] hexChars = hexString.ToCharArray();
            byte[] d = new byte[length];
            for (int i = 0; i < length; i++)
            {
                int pos = i * 2;
                d[i] = (byte)(charToByte(hexChars[pos]) << 4 | charToByte(hexChars[pos + 1]));
            }
            return d;
        }
        private static byte charToByte(char c)
        {
            return (byte)"0123456789ABCDEF".IndexOf(c);
        }
        private static void FiddlerApplication_OnWebSocketMessage(object sender, WebSocketMessageEventArgs e)
        {
            if (e.oWSM.PayloadAsString().Contains("77-65-69-6C-69-66-61-67-65") && e.oWSM.MaskingKey == null)
            {

                String payload = e.oWSM.PayloadAsString().Replace("77-65-69-6C-69-66-61-67-65", "79-78-61-73-78-68-61-73-64-68-64-73-61-64-61-73-64-61-73");
                e.oWSM.SetPayload(hexStringToBytes(payload));

            }

        }
        private void button1_Click(object sender, EventArgs e)
        {
            button1.Text = "运行中..";
        }

        private void button2_Click(object sender, EventArgs e)
        {
            FiddlerApplication.Shutdown();
            System.Threading.Thread.Sleep(1000);
            this.Close();
        }

        private bool SetSSLCer()
        {
            if (CertMaker.rootCertIsMachineTrusted())
                return true;
            BCCertMaker.BCCertMaker a = new BCCertMaker.BCCertMaker();
            a.CreateRootCertificate();
            return a.TrustRootCertificate();
        }
    }
}

最重要的问题就是如果你要替换的内容比原本的内容短,必须在前面补零!!!


以上是关于利用fiddler core api 拦截修改 websocket 数据的主要内容,如果未能解决你的问题,请参考以下文章

通过fiddler拦截请求去修改提交参数

fiddler怎么拦截修改数据

利用Fiddler修改请求信息通过Web API执行Dynamics 365操作(Action)实例

Fiddler拦截http请求修改数据

转 fiddler拦截请求响应并修改(使用命令)

如何让 Fiddler\其他应用程序自动拦截和修改 HTTP 请求参数?