利用fiddler core api 拦截修改 websocket 数据

一般的中间人攻击基本都是拦截修改普通的http协议里面的内容,而对于怎么拦截修改websocket协议传输的内容好像都没有多少介绍.
talk is cheap show me the code

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using Fiddler;


namespace Intercept_HTTP_requests
{
    public partial class Form1 : Form
    {
        public Form1()
        {

            InitializeComponent();
            SetSSLCer();

            FiddlerApplication.OnNotification += delegate (object sender, NotificationEventArgs oNEA) { Console.WriteLine("** NotifyUser: " + oNEA.NotifyString); };
            FiddlerApplication.Log.OnLogString += delegate (object sender, LogEventArgs oLEA) { Console.WriteLine("** LogString: " + oLEA.LogString); };
            FiddlerApplication.OnWebSocketMessage += FiddlerApplication_OnWebSocketMessage;
            FiddlerApplication.Startup(8877, true, true);

        }

        public static byte[] hexStringToBytes(String hexString)
        {
            hexString = hexString.Replace("-", "");
            int length = hexString.Length / 2;
            char[] hexChars = hexString.ToCharArray();
            byte[] d = new byte[length];
            for (int i = 0; i < length; i++)
            {
                int pos = i * 2;
                d[i] = (byte)(charToByte(hexChars[pos]) << 4 | charToByte(hexChars[pos + 1]));
            }
            return d;
        }
        private static byte charToByte(char c)
        {
            return (byte)"0123456789ABCDEF".IndexOf(c);
        }
        private static void FiddlerApplication_OnWebSocketMessage(object sender, WebSocketMessageEventArgs e)
        {
            if (e.oWSM.PayloadAsString().Contains("77-65-69-6C-69-66-61-67-65") && e.oWSM.MaskingKey == null)
            {

                String payload = e.oWSM.PayloadAsString().Replace("77-65-69-6C-69-66-61-67-65", "79-78-61-73-78-68-61-73-64-68-64-73-61-64-61-73-64-61-73");
                e.oWSM.SetPayload(hexStringToBytes(payload));

            }

        }
        private void button1_Click(object sender, EventArgs e)
        {
            button1.Text = "运行中..";
        }

        private void button2_Click(object sender, EventArgs e)
        {
            FiddlerApplication.Shutdown();
            System.Threading.Thread.Sleep(1000);
            this.Close();
        }

        private bool SetSSLCer()
        {
            if (CertMaker.rootCertIsMachineTrusted())
                return true;
            BCCertMaker.BCCertMaker a = new BCCertMaker.BCCertMaker();
            a.CreateRootCertificate();
            return a.TrustRootCertificate();
        }
    }
}

最重要的问题就是如果你要替换的内容比原本的内容短,必须在前面补零!!!

posted @ 2018-08-05 20:12  mysgk  阅读(3615)  评论(1编辑  收藏  举报