利用fiddler core api 拦截修改 websocket 数据
一般的中间人攻击基本都是拦截修改普通的http协议里面的内容,而对于怎么拦截修改websocket协议传输的内容好像都没有多少介绍.
talk is cheap show me the code
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using Fiddler;
namespace Intercept_HTTP_requests
{
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
SetSSLCer();
FiddlerApplication.OnNotification += delegate (object sender, NotificationEventArgs oNEA) { Console.WriteLine("** NotifyUser: " + oNEA.NotifyString); };
FiddlerApplication.Log.OnLogString += delegate (object sender, LogEventArgs oLEA) { Console.WriteLine("** LogString: " + oLEA.LogString); };
FiddlerApplication.OnWebSocketMessage += FiddlerApplication_OnWebSocketMessage;
FiddlerApplication.Startup(8877, true, true);
}
public static byte[] hexStringToBytes(String hexString)
{
hexString = hexString.Replace("-", "");
int length = hexString.Length / 2;
char[] hexChars = hexString.ToCharArray();
byte[] d = new byte[length];
for (int i = 0; i < length; i++)
{
int pos = i * 2;
d[i] = (byte)(charToByte(hexChars[pos]) << 4 | charToByte(hexChars[pos + 1]));
}
return d;
}
private static byte charToByte(char c)
{
return (byte)"0123456789ABCDEF".IndexOf(c);
}
private static void FiddlerApplication_OnWebSocketMessage(object sender, WebSocketMessageEventArgs e)
{
if (e.oWSM.PayloadAsString().Contains("77-65-69-6C-69-66-61-67-65") && e.oWSM.MaskingKey == null)
{
String payload = e.oWSM.PayloadAsString().Replace("77-65-69-6C-69-66-61-67-65", "79-78-61-73-78-68-61-73-64-68-64-73-61-64-61-73-64-61-73");
e.oWSM.SetPayload(hexStringToBytes(payload));
}
}
private void button1_Click(object sender, EventArgs e)
{
button1.Text = "运行中..";
}
private void button2_Click(object sender, EventArgs e)
{
FiddlerApplication.Shutdown();
System.Threading.Thread.Sleep(1000);
this.Close();
}
private bool SetSSLCer()
{
if (CertMaker.rootCertIsMachineTrusted())
return true;
BCCertMaker.BCCertMaker a = new BCCertMaker.BCCertMaker();
a.CreateRootCertificate();
return a.TrustRootCertificate();
}
}
}
最重要的问题就是如果你要替换的内容比原本的内容短,必须在前面补零!!!
有问题请联系hudcan@sina.com
个人网站:http://ext.123cc.cc