我需要自动启动 fiddler 来解析 https 请求。
如何强制提琴手在没有 GUI 的情况下生成和使用 ssl 证书?有谁知道 fiddler 在哪里存储其证书?我可以生成自己的服务器证书并将其设置为没有 GUI 的 fiddler 吗?
我可以在退出模式下启动提琴手。我可以通过注册表项启用 https,但 fiddler 启动时没有 ssl 证书。我可以使用 makecert.exe 创建证书,但我不知道如何将其设置为没有 UI 的 fiddler 的活动证书。
如果有人帮助我解决它,我会非常感激。
没有人帮助我,但我找到了解决方案。
解决方案:
要启用捕获 https 流量更新寄存器的值:
reg.exe add "HKEY_LOCAL_MACHINE\Software\Microsoft\Fiddler2" /v CaptureCONNECT /t REG_SZ /d True /f
reg.exe add "HKEY_LOCAL_MACHINE\Software\Microsoft\Fiddler2" /v CaptureHTTPS /t REG_SZ /d True /f
reg.exe add "HKEY_LOCAL_MACHINE\Software\Microsoft\Fiddler2" /v IgnoreServerCertErrors /t REG_SZ /d True /f
reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Fiddler2" /v CaptureCONNECT /t REG_SZ /d True /f
reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Fiddler2" /v CaptureHTTPS /t REG_SZ /d True /f
reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Fiddler2" /v IgnoreServerCertErrors /t REG_SZ /d True /f
您需要使用自定义提琴手的脚本。它强制 fiddler 生成 ssl 证书(请参阅下面脚本 CustomRules.js 中的主要部分)。如果您不添加它,fiddler 将在没有 ssl 证书的情况下启动。
copy /Y /V "<path to file>\CustomRules.js" "%userprofile%\Documents\Fiddler2\Scripts\CustomRules.js"
注意:不要更改目标文件名。
当 fiddler 启动时自动附加到套接字 127.0.0.1:8888
start "" "%programfiles(x86)%\fiddler2\fiddler.exe" -quiet
fiddler 会自动创建一个新的 ssl 证书。它可以下载:
curl.exe -s -k -o <dst file path> "http://127.0.0.1:8888/FiddlerRoot.cer"
然后你需要把它添加到 Trusted Root Certificates
certutil -addstore -f "Root" <path to certificate>
现在 fiddelr 已启动并且可以使用 CustomRules.js 捕获 https 流量。
提琴手.bat:
@ECHO OFF
set currentDir=%~dp0
cd "%currentDir%"
set log="%currentDir%\fiddler.log"
set fiddler_custom_script_dir="%userprofile%\Documents\Fiddler2\Scripts\"
set fiddler_result_dir="C:\fiddler\"
echo "Start Fiddler Script" > "%log%"
echo "Current Dir: %currentDir%" >> "%log%"
echo "Update values in the register" >> "%log%"
reg.exe add "HKEY_LOCAL_MACHINE\Software\Microsoft\Fiddler2" /v CaptureCONNECT /t REG_SZ /d True /f >> "%log%"
reg.exe add "HKEY_LOCAL_MACHINE\Software\Microsoft\Fiddler2" /v CaptureHTTPS /t REG_SZ /d True /f >> "%log%"
reg.exe add "HKEY_LOCAL_MACHINE\Software\Microsoft\Fiddler2" /v IgnoreServerCertErrors /t REG_SZ /d True /f >> "%log%"
reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Fiddler2" /v CaptureCONNECT /t REG_SZ /d True /f >> "%log%"
reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Fiddler2" /v CaptureHTTPS /t REG_SZ /d True /f >> "%log%"
reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Fiddler2" /v IgnoreServerCertErrors /t REG_SZ /d True /f >> "%log%"
echo "Create folder for results: %fiddler_result_dir%" >> "%log%"
mkdir "%fiddler_result_dir%" >> "%log%"
echo "Create folder for the custom fiddler's script: %fiddler_custom_script_dir%" >> "%log%"
mkdir "%fiddler_custom_script_dir%" >> "%log%"
echo "Copy fiddler script to %fiddler_custom_script_dir%" >> "%log%"
copy /Y /V "%currentDir%\CustomRules.js" "%fiddler_custom_script_dir%\CustomRules.js" >> "%log%"
echo "Start fiddler" >> "%log%"
start "" "%programfiles(x86)%\fiddler2\fiddler.exe" -quiet
set cert_path="%currentDir%\FiddlerRoot.cer"
set /a attempt=0
timeout 10 > nul
:get_cert
set /a attempt+=1
timeout 1 > nul
echo "Attempt #%attempt% to download fiddeler's certificate" >> "%log%"
curl.exe -s -k -o "%cert_path%" "http://127.0.0.1:8888/FiddlerRoot.cer" >> "%log%"
if not exist "%cert_path%" if %attempt% LSS 300 goto get_cert
if not exist "%cert_path%" (
echo "FAIL. Certificate "%cert_path%" doesn't exist. Cannot set trusted certificate" >> "%log%"
exit /b -100
)
set /a attempt=0
echo "Try to add certificate to trusted" >> "%log%"
echo certutil -addstore -f "Root" %cert_path% >> "%log%"
:import_cert
set /a attempt+=1
timeout 1 > nul
echo "Attempt #%attempt% to download fiddeler's certificate" >> "%log%"
certutil -addstore -f "Root" %cert_path% >> "%log%"
if "%errorlevel%" LSS 0 if %attempt% LSS 3 goto import_cert
echo "End..." >> "%log%"
exit /b 0
自定义规则.js
import System;
import System.Windows.Forms;
import Fiddler;
/**
This script must be in the folder C:\Users\<USER>\Documents\Fiddler2\Scripts\CustomRules.js
*/
class Handlers
{
// The Main() function runs everytime your FiddlerScript compiles
static function Main() {
var today: Date = new Date();
FiddlerObject.StatusText = " CustomRules.js was loaded at: " + today;
CertMaker.createRootCert();
//CertMaker.GetRootCertificate().GetPublicKeyString()
}
}