c# - FiddlerCore如何解密HTTPS流量

Question

我写了一个小程序来捕获 https 流量。我想使用该软件捕获DECODED获取和发布数据。
如您所知，Fiddler 应用程序可以像魅力一样做到这一点，现在我正在寻找一种在我的程序中做到这一点的方法。

例如，这是我的代码:

   void FiddlerApplication_AfterSessionComplete(Fiddler.Session oSession)
        {
            this.Invoke(new MethodInvoker(delegate
            {
                oSession.bBufferResponse = true;
                txtLog.Text += "full-url : \r\n" + oSession.fullUrl.ToString() + "\r\n-----------------------------------------------\r\n";
                txtLog.Text += "method : \r\n" + oSession.oRequest.headers.HTTPMethod + "\r\n-----------------------------------------------\r\n";
                txtLog.Text += "request headers : \r\n" + oSession.oRequest.headers + "\r\n-----------------------------------------------\r\n";
                txtLog.Text += "responce headers : \r\n" + oSession.oResponse.headers + "\r\n-----------------------------------------------\r\n";
                txtLog.Text += "get request body as string : \r\n" + oSession.GetRequestBodyAsString() + "\r\n-----------------------------------------------\r\n";
                txtLog.Text += "request body bytes : \r\n" + oSession.requestBodyBytes + "\r\n>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\r\n";

                txtLog.SelectionStart = txtLog.Text.Length;
                txtLog.ScrollToCaret();
            }));
        }

和 get request body as string in txtLog 对于 https 网页如下:

get request body as string : 
A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

Major Version: 3
Minor Version: 1
Random: 52 02 18 75 64 2D 8D 65 75 B9 C4 1B 58 76 92 3E 6B C5 BF 1D 3B D4 53 5D D2 FA CA D8 BF CE 02 5D
SessionID: empty
Ciphers: 
    [002F]  TLS_RSA_AES_128_SHA

这个握手部分是什么，我该如何解码？
如您所知，已安装的 fiddler 应用程序中有两个文件(TrustCert.exe 和 makecert.exe)。
这些文件是什么？我可以在我的小应用程序中使用它们来解码数据吗？如何？

提前致谢

Answer 1

FiddlerCore类库使用中间人方法解密 HTTPS 流量。

正如在 Fiddler book 中讨论的那样:

The HTTPS protocol sandwiches an encrypted (SSL or TLS) connectionbetween HTTP requests and the underlying TCP/IP network connectionupon which those requests are sent. Network intermediaries orobservers are thus prevented from viewing or modifying the HTTPtraffic thanks to the use of the cryptographic protocols. You mightthen be surprised to learn that Fiddler can both view and modify HTTPStraffic if configured appropriately. Fiddler achieves this by using a“man-in-the-middle” approach to HTTPS, which means that when talkingto the client, it pretends to be the server, and when talking to theserver, it pretends to be the client.

The HTTPS protocol is explicitly designed to block this attack by using digital certificatesto authenticate the identity of a HTTPS server (and optionally theclient). When a client receives a certificate from the server, itvalidates that the certificate itself is trustworthy by determiningwhether it is chained to a Root Certification Authority that istrusted by the client or the operating system. Since you are typicallyrunning Fiddler on your own computer, you can reconfigure your browseror operating system to trust Fiddler’s root certificate. After you doso, the client application will not complain when it detects thattraffic is being protected by Fiddler-generated certificates.

如果您的目标是将此功能嵌入到您的应用程序中，您应该在您的应用程序中简单地使用 FiddlerCore——这就是它存在的原因!

关于您关于“握手”的问题——握手是客户端和服务器如何就 HTTPS 通信的参数达成一致(例如，使用什么密码和 key )。您无需“解码”握手本身——FiddlerCore 会为您处理。

您可能会感到困惑，因为 HTTPS 流量在 HTTP CONNECT 隧道内运行，并且该隧道在 FiddlerCore 中也是可见的。为确保您的 HTTPS session 也被捕获，请务必在调用 Startup 方法时传递 FiddlerCoreStartupFlags.DecryptSSL 标志。此外，请确保 makecert.exe 与程序的可执行文件位于同一文件夹中。

此外，请记住，在 Session 已经完成处理后设置bBufferResponse 属性没有任何效果；你应该删除它。