Common tools for packet capture:
Fiddler: The most popular package capture tool on Windows, free and easy to use
Charles: The best package capture tool on the Mac platform, easy to use, paid software, you can always use
WireShark: a cross-platform, fully functional and powerful tool for capturing packets
Tcpdump: a command line program applicable to mobile phone systems and background systems
– light feather
Caught artifact
caught
packet capture
As an Internet person, no matter in the normal development or testing process, we are inevitably involved in network security. How to monitor network requests and ensure data security to the greatest extent requires us to understand and master the skills of packet capture. So what is a bag grab? Packet capture is to intercept, resend, edit, and save packets sent and received on the network to check whether the network is secure. At the same time, it is often used by hackers to intercept data. By using some packet capture software, you can easily obtain some data that you have not encrypted, and then attack your behavior after analysis. Therefore, packet capture is very important for us to maintain the security of information.
Fiddler
1 TOOL Fiddler
Fiddler is a Windows application that handles HTTP and HTTPS protocols. Common in our work is mainly for our mobile development is completed, debug or test, need to check the server and the client’s data interaction have achieved, and whether it is right, we will use some virtual data, false data, setting the scene, to our software, you need to use Fiddler caught tools.
Handling HTTP protocol:
1. First of all, it should be noted that our mobile app must be on the same network as Fiddler’s host
2.Fiddler Select enable remote connection and check the IP address and port number of the Fiddler proxy host
Go to Tools–>Options–>Connections–> select Allow remote Computers to connect
Default listening port 8888()
3. On the mobile end, set the Fiddler proxy to the IP address and port number of the Fiddler proxy host
Select the wireless connection name of the network and hold down –> Modify Network –> Advanced Options –> Proxy Manual — Enter the proxy IP address and port number — save
4. Network address for accessing HTTP
Handling HTTPS:
1. First, ensure that the mobile terminal and Fiddler’s host are on the same network and can capture the HTTP protocol
2. Enable Fiddler to capture THE HTTPS protocol
Go to Tools >Options >HTTPS > Select Capture HTTPS CONNECTS > select Decrypt HTTPS traffic > Ignore Server certificate errors
3. Uninstall the configuration certificate on the mobile terminal
4. Access the HTTPS network address
Charles
2 TOOL Charles
**Charles is a packet interception tool running on the Mac system. It sets up a proxy server and processes network requests to intercept and analyze network packets. However, due to the limitation of the Mac system, it is a paid software, which can be used for free for 30 days. After the expiration, you can only use it for 30 minutes at a time. Overall, it’s user friendly, and even if you don’t have to pay, you can still use the full functionality.
Local packet capture:
HTTP:
1. Set Proxy > MacOS X Proxy to enable packet capture
2. Set the proxy of the browser (set in network Settings), localhost:8888 (Charles default 8888, can be modified);
3. If the browser uses the proxy management plug-in, create a proxy server and run localhost:8888
HTTPS:
1. Install SSL certificates: help -> SSL proxying -> Install Charles root Certification
2. After installation, it will automatically jump to the key chain management interface of the system and see Charles’ certificate. At this time, double click him and select “Trust” in trust.
Proxying -> SSL proxy setting first TAB (SSL proxying) add rule ‘host:*; port: 443’
Remote packet capture:
1. The mobile phone and the computer are in the same LAN. Set the proxy on the mobile phone to the IP address and port ‘9999’ of the computer, and Charles will prompt you whether to allow it
2. Download the Certificate through Charles Web Debugging Proxy SSL CA Certificate instal-lation and open the file. The message “Please check the description file in the Settings application first if you want to install it” is displayed.
3. Settings -> General: Look for the ‘Description File’ option (under VPN options) -> Top right install
4. Settings -> General -> About This machine -> Bottom: Certificate Trust Settings -> Enable certificate ‘Charles Proxy CA’ installed in previous step
5. Charles on your computer can view HTTPS
wireShark
3 TOOL WireShark
WireShark is a popular tool for analyzing network packets. WireShark is used to capture network packets and display information about network packets. It is also open source software that is safe to use and runs on Windows and MacOS.
Use steps:
1. Go to “Capture” -> “Options…” The crawl configuration screen opens
2. In Capture, select a network adapter that connects to the External network. You can select all network adapters if you do not know which one to select
3. Enter the Filter criteria in Capture Filter. This filter is used to filter captured packets. For AS2 ports, you can enter Port 8080 to capture only all communication packets whose Port number is 8080. You can also select this parameter based on the actual Port number
4. Then, click the “Start” button. The captured packets are displayed on the WireShark main screen. If you don’t have any data, check that your configuration is correct
5. After capturing data, you can use the menu “Capture” -> “Stop” to Stop capturing data, and then use “File” -> “Save” to Save the captured content to the disk. The File name extension is generally “PCAPng” File. This file can be used to analyze the underlying network communication problems.
tcpdump
4 TOOL**《tcpdump》**
** Tcpdump is a powerful network packet capture Sniffer tool. It is commonly used in Linux and Windows operating systems. It is the command-line version of the WireShark. Originally designed to observe TCP/IP performance problems, the tcdpump command is a tool to intercept network packets and output their contents. Tcpdump intercepts the headers of packets sent on the network for analysis. It filters packets at the network layer, protocol, host, network, or port, and provides logical statements such as AND, OR, and NOT to remove unnecessary information.
Operation command:
-
Tcpdump -i wlan0 -s 0 -w a.cap // listens for all traffic on the wlan0 nic. -s indicates the size of captured packets. The default value is 64. -w: captures the file and saves it as a.cap
-
tcpdump -r a.cpa
-
Tcpdump -a -r a.cap // displays the package file with Ascall
-
Tcpdump -x -r a.cap // Displays the package file in hexadecimal format
-
Tcpdump -i eth0 TCP port 22 // Listen for TCP port 22
Tcpdump – screening
-
Tcpdump – n – r HTTP. Cap | awk ‘{print $3}’ | sort – u / / – n said only displayed in the form of IP address, does not display the domain name. The awk parameter indicates that only the third column information is displayed. Sort means to remove duplicate
-
Tcpdump -n SRC host 145.254.160.237 -r http.cap //source
-
Tcpdump -n DST host 145.254.160.237 -r http.cap //destination
-
Tcpdump -n udp port 53 -r http.cap // Use udp port 53 to display all domain name query packets
-
Tcpdump -nx port 80 -r http.cap // hexadecimal
Tcpdump -a -n ‘TCP [13] = 24’ -r http.cap // Filter ACK and PSH packets in TCP packets
The above is the introduction of the four current mainstream package capture tools I introduced in this period, and will be introduced in detail in the follow-up. If there is any deficiency, we hope you can exchange and discuss more.
If you feel light feather articles are helpful to you, please in WeChat search and focus on “light feather IT hut” * * * * WeChat public, I will be here to share the computer information technology knowledge, theory, tools, resources, development of software is introduced, the back-end, interview, work feeling, and some thoughts of life and a series of articles. All you see and see is life. Take it slow, work hard, you and I grow together…
