[.NET]Fiddler Core实现HTTP HTTPS抓包分析 数据篡改 全局监听

附C# VB.NET互转工具 https://download.csdn.net/download/xxxvxxv/10877188
附FiddlerCore4.dll
https://download.csdn.net/download/xxxvxxv/10877493

Imports System.Text
Imports Fiddler
Imports System.Threading

''' <summary>
''' 全局侦听HTTP HTTPS事件
''' </summary>
''' <remark>
''' 需要下载Fiddler core https://www.telerik.com/purchase/fiddlercore
''' 引用 FiddlerCore4.dll
''' https://blog.csdn.net/ruxie8527/article/details/77880133
''' https://blog.csdn.net/zhang116868/article/details/49406599
''' 包括三个方法，每个过程均可搞点事情
''' BeforeRequest               可以篡改请求的参数 如截获请求Cookie
''' BeforeResponse              可以篡改返回的数据
''' AfterSessionComplete        相当于抓包分析
''' </remark>

Class C_Fiddler
Friend FidderStatus As Boolean                      ' Fiddler开关状态-只读
Friend RTBox As New RichTextBox                     ' 输出的RichTextbox 可选
Friend Response As New List(Of String)              ' 返回字符串list
Private CaptureConfiguration As New CaptureConfig       ' 过滤设置

#Region "开关"
''' <summary>
''' 关闭Fiddler 不关闭会提示代理服务器异常
''' </summary>
Public Sub FiddlerClose()
RemoveHandler FiddlerApplication.BeforeRequest, AddressOf FiddlerApplication_BeforeRequest
RemoveHandler FiddlerApplication.BeforeResponse, AddressOf FiddlerApplication_BeforeResponse
RemoveHandler FiddlerApplication.AfterSessionComplete, AddressOf FiddlerApplication_AfterSessionComplete

Application.DoEvents()
Do
If FiddlerApplication.IsStarted() Then
FiddlerApplication.Shutdown()
FidderStatus = 0
End If
Loop While FidderStatus = 1
Echo("已停止")
End Sub

''' <summary>
''' 打开监听
''' </summary>
''' <param name="CaptureUrl">需要监听的url list</param>
Public Sub FiddlerOpen(Optional ByVal CaptureUrl As List(Of String) = Nothing)
CaptureConfiguration.captureUrl = CaptureUrl
'AddHandler FiddlerApplication.BeforeRequest, AddressOf FiddlerApplication_BeforeRequest
'AddHandler FiddlerApplication.BeforeResponse, AddressOf FiddlerApplication_BeforeResponse
AddHandler FiddlerApplication.AfterSessionComplete, AddressOf FiddlerApplication_AfterSessionComplete
If FidderStatus = 1 Then FiddlerClose()

' 端口8987(可以自己定义),是否使用windows系统代理（如果为true，系统所有的http访问都会使用该代理）
FiddlerApplication.Startup(8987, True, True, True)
FidderStatus = 1
Echo("启动成功")
End Sub
#End Region

#Region "内部方法"
''' <summary>
'''  请求之前 篡改发送的数据
''' </summary>
''' <param name="oS">os中含有需要的信息</param>
Private Sub FiddlerApplication_BeforeRequest(oS As Session)
If CaptureConfigSet(oS) = False Then Return         ' 过滤
Return
' 为了能篡改，必须使用缓冲模式，这样FiddlerCore才允许修改
' 在BeforeResponse处理程序中的反应，而不是流

Dim oAllSessions As New List(Of Fiddler.Session)()
oS.bBufferResponse = True
Monitor.Enter(oAllSessions)
oAllSessions.Add(oS)
Monitor.[Exit](oAllSessions)
oS("X-AutoAuth") = "(default)"

oS.utilCreateResponseAndBypassServer()
oS.oResponse.headers.SetStatus(200, "Ok")
Dim Str As String = oS.GetResponseBodyAsString
oS.utilSetResponseBody(Str + "aaaaaaaaaaaaaaaaaaaaa")

oS.utilCreateResponseAndBypassServer()
oS.oResponse.headers.SetStatus(200, "Ok")
oS.oResponse("Content-Type") = "text/html; charset=UTF-8"
oS.oResponse("Cache-Control") = "private, max-age=0"

End Sub

''' <summary>
''' 发送请求后 收到请求前,可以篡改返回的数据
''' </summary>
''' <param name="oS"></param>
Private Sub FiddlerApplication_BeforeResponse(oS As Session)
If CaptureConfigSet(oS) = False Then Return         ' 过滤
Return
' 返回的数据 oS.GetResponseBodyAsString()
' 执行篡改
' oS.utilReplaceInResponse("1.欢迎使用！", "aaaaaaaaaaaaaaaaaaaaaa");
' oS.utilDecodeResponse()
End Sub

''' <summary>
''' 请求完成后返回数据
''' </summary>
''' <param name="oS"></param>
Private Sub FiddlerApplication_AfterSessionComplete(oS As Session)
If CaptureConfigSet(oS) = False Then Return         ' 过滤

Dim reqheaders As String = oS.oRequest.headers.ToString()
Dim reqBody As String = Encoding.UTF8.GetString(oS.RequestBody)

Dim respHeaders As String = oS.oResponse.headers.ToString()
Dim respBody As String = Encoding.UTF8.GetString(oS.ResponseBody)

Response = New List(Of String)
If reqheaders Is Nothing Then reqheaders = ""
If respHeaders Is Nothing Then respHeaders = ""

Response.Add(oS.fullUrl & vbCrLf)
Response.Add(reqheaders & vbCrLf)
Response.Add(respHeaders & vbCrLf)
Response.Add(respBody & vbCrLf)

' 打印结果到UI
Dim output As String = oS.fullUrl & vbCrLf & vbCrLf & reqheaders & vbCrLf & vbCrLf & respHeaders & vbCrLf & "-----------------------------------" & vbCrLf
Echo(output)
End Sub
#End Region

#Region "其他"
Private Function CaptureConfigSet(ByVal oS As Session) As Boolean
If oS Is Nothing Then Return False
If oS.RequestMethod = "CONNECT" Then Return False

CaptureConfiguration.IgnoreResources = True     ' 忽略图片资源文件
CaptureConfiguration.ProcessId = 0              ' 指定进程ID
CaptureConfiguration.CaptureDomain = ""         ' 指定HOST

If CaptureConfiguration.ProcessId > 0 Then
If oS.LocalProcessID <> 0 AndAlso oS.LocalProcessID <> CaptureConfiguration.ProcessId Then
Return False
End If
End If

If Not String.IsNullOrEmpty(CaptureConfiguration.CaptureDomain) Then
If oS.hostname.ToLower() <> CaptureConfiguration.CaptureDomain.Trim().ToLower() Then
Return False
End If
End If

If CaptureConfiguration.IgnoreResources Then
Dim url As String = oS.fullUrl.ToLower()
' 排除文件后缀名为。。。的资源文件
Dim extensions As New List(Of String) From {".jpg", ".png", ".jpeg", ".css", ".zip", ".rar", ".7z", ".exe"}
For Each ext In extensions
If url.Contains(ext) Then Return False
Next
End If

If CaptureConfiguration.captureUrl.Count > 0 Then
For Each surl In CaptureConfiguration.captureUrl
If surl <> oS.fullUrl Then
Return False
Else
Return True
End If
Next
End If
Return True
End Function

Private Structure CaptureConfig
Dim IgnoreResources As Boolean      ' 是否忽略图片资源文件
Dim ProcessId As Integer            ' 指定进程ID
Dim CaptureDomain As String         ' 指定HOST
Dim captureUrl As List(Of String)   ' 指定url
End Structure
#End Region

#Region "UI输出"
Public Sub Echo(ByVal ErrorMsg As String)
Try
RTBox.Invoke(New EventHandler(AddressOf RTref), ErrorMsg)
Catch ex As Exception
End Try
End Sub

Private Sub RTref(ByVal sender As System.Object, ByVal e As System.EventArgs)
Try
If sender.ToString.ToLower.Contains("error") Then
RTBox.SelectionColor = Color.Red
Else
RTBox.SelectionColor = Color.Black
End If
RTBox.AppendText(sender.ToString & vbCrLf)
RTBox.ScrollToCaret()
Catch ex As Exception
MsgBox(ex.Message, vbInformation)
End Try
End Sub
#End Region
End Class