This is a migrated thread and some comments may be shown as answers.

Fiddler debug and change response but it didn't work

4 Answers 44 Views
Extensions and Customization
This is a migrated thread and some comments may be shown as answers.
chen
Top achievements
Rank 1
chen asked on 26 Apr 2020, 05:23 AM

         I developed a fiddler extensions to decrypt the response,but if i changed a response when in the process of debugging,clicked the  button of "run to Completion",the app client still received the unchanged response.

         In the code ,I implemented three Interceptors, Inspector2, IResponseInspector2 and  IBaseInspector2,but I found that when I click the "run to Completion",my program still on the breakpoint and the App has received the response.

         I also fund a problem,when  i return a fixed response in the code,and debug it in fiddler  ,if i didn't change the response ,the app received the fixed return.but if I changed the response ,the APP received the original response.

         So how to catch the response before the app received it after clicked the button of "run to Completion" and make it works.hope somebody can help me,thanks very much.

4 Answers, 1 is accepted

Sort by
0
chen
Top achievements
Rank 1
answered on 26 Apr 2020, 06:02 AM
using Fiddler;
using System;
using Standard;
using System.Windows.Forms;
using Util;
using Newtonsoft.Json.Linq;

namespace Response
{
    public sealed class ResponseDecryption : Inspector2, IResponseInspector2, IBaseInspector2
    {
        private bool mBDirty;
        private bool mBReadOnly;
        private byte[] mBody;
        private HTTPResponseHeaders mResponseHeaders;
        private ResponseTextViewer mResponseTextViewer;
        public static String Akey = "";

        public ResponseDecryption()
        {
            mResponseTextViewer = new ResponseTextViewer();
        }

        public bool bDirty
        {
            get
            {
                return mBDirty= mResponseTextViewer.bDirty;
            }
        }

        public byte[] body
        {
            get
            {
                return mBody;
            }

            set
            {
                mBody = value;
                byte[] decodedBody = DoDecryption2();
                if (decodedBody != null)
                {
                    mResponseTextViewer.body = decodedBody;
                }
                else
                {
                    mResponseTextViewer.body = value;
                }
            }
        }
        public byte[] DoDecryption2()
        {
            Session session = FiddlerApplication.UI.GetFirstSelectedSession();
            byte[] textBody = mResponseTextViewer.body;

            String rawTextBody = System.Text.Encoding.UTF8.GetString(textBody);
            FiddlerApplication.Log.LogString("rawTextBody1-----: "+ rawTextBody);
            if (session.url.Contains("Card") && true== mResponseTextViewer.bReadOnly)
            { 
            String res = "{\"_ReturnCode\":\"TS0000\",\"_ReturnData\":{\"_CustLV\":\"B\",\"_Guid\":\"5ad5d73045890dd3fa69688010149dda\",\"CardList\":[{\"CardId\":\"481446789\",\"BkMobile\":\"18210291922\",\"BankCode\":\"105\",\"LogoName\":\"0004\",\"AccountNo\":\"6227003814240797333\",\"BankName\":\"center bank\",\"CustomerName\":\"chen\",\"SignFlag\":\"1\",\"AccountType\":\"1\"}]},\"_ServerId\":\"mts-vsit\",\"_ReturnMsg\":\"SUCCESS\"}";
                FiddlerApplication.Log.LogString("session-----: " + session);
                session.utilSetResponseBody(res);
                mResponseTextViewer.CommitAnyChanges(session);
                mResponseTextViewer.bReadOnly = false;
              return session.ResponseBody;
              }

            return mBody;
        }

        public bool bReadOnly
        {
            get
            {
                return mBReadOnly;
            }

            set
            {
                mBReadOnly = value;
                mResponseTextViewer.bReadOnly = mBReadOnly;
            }
        }

        HTTPResponseHeaders IResponseInspector2.headers
        {
            get
            {
                FiddlerApplication.Log.LogString("headers get function.");
                return mResponseHeaders;
            }
            set
            {
                FiddlerApplication.Log.LogString("headers set function.");
                mResponseHeaders = value;
            }
        }

        public override void AddToTab(TabPage o)
        {
            mResponseTextViewer.AddToTab(o);
            o.Text = "Decryption";
        }

        public void Clear()
        {
            mBody = null;
            mResponseTextViewer.Clear();
        }

        // 在 Tab 上的摆放位置
        public override int GetOrder() => 100;

    }
}

0
Eric R | Senior Technical Support Engineer
Telerik team
answered on 29 Apr 2020, 02:55 PM

Hi Chen,

Unless I am missing something, this doesn't appear to implement the IAutoTamper interface. After implementing this interface, the extension will be able to receive callbacks as each Session is processed, enabling modifications, logging, or other operations. Note that in order to update the UI use the Invoke or BeginInvoke Windows Forms methods.

For more information, see the Implement Fiddler Interfaces documentation. Also, I recommend purchasing the Debugging with Fiddler book by Eric Lawrence which has a wealth of information.

I hope this helps, please let me know if you need any additional information. Thank you for using Fiddler.

Regards,


Eric R | Senior Technical Support Engineer
Progress Telerik

Progress is here for your business, like always. Read more about the measures we are taking to ensure business continuity and help fight the COVID-19 pandemic.
Our thoughts here at Progress are with those affected by the outbreak.
0
chen
Top achievements
Rank 1
answered on 02 May 2020, 08:25 AM
    Thanks very much for your reply but it still exist some questions .
    Take your advice ,the extension could receive callbacks as Session is processed before the APP client receive the changed response. but the program can't get the changed response in the method because the ResponseTextViewer object is null。and the other question is the ResponseTextViewer belongs to Standard Method and didn't have the methods Invoke or BeginInvoke,so I have to change the ResponseTextViewer to other UserControl?
    Wish to get your advices again and thanks for your reply again.

0
Eric R | Senior Technical Support Engineer
Telerik team
answered on 05 May 2020, 02:51 PM

Hi Chen,

When extending Fiddler, it is best to use the format shown in the Create Fiddler Extension documentation. For additional reference, below is an example of a simple extension.

using System;
using System.Windows.Forms;
using Fiddler;

[assembly: Fiddler.RequiredVersion("2.3.5.0")]

public class Violin : IAutoTamper    // Ensure class is public, or Fiddler won't see it!
{
  string sUserAgent = "";

  public Violin(){
  /* NOTE: It's possible that Fiddler UI isn't fully loaded yet, so don't add any UI in the constructor.

     But it's also possible that AutoTamper* methods are called before OnLoad (below), so be
     sure any needed data structures are initialized to safe values here in this constructor */

     sUserAgent = "Violin";
  }

  public void OnLoad(){ /* Load your UI here */ }
  public void OnBeforeUnload() { }

  public void AutoTamperRequestBefore(Session oSession){
    oSession.oRequest["User-Agent"] = sUserAgent;
  }
  public void AutoTamperRequestAfter(Session oSession){}
  public void AutoTamperResponseBefore(Session oSession){}
  public void AutoTamperResponseAfter(Session oSession){}
  public void OnBeforeReturningError(Session oSession){}
}

As for the ResponseTextViewer being null, this is likely because in the provided code, it is instantiated in the Constructor and the Fiddler UI hasn't loaded yet. See the note in the above code snippet as well.

For a great resource, I highly recommend purchasing Eric Lawrence's book Debugging with Fiddler. Many of these scenarios are covered in the Extend Fiddler with .NET Code section.

Please let me know if you need any additional information. Thank you.

Regards,


Eric R | Senior Technical Support Engineer
Progress Telerik

Progress is here for your business, like always. Read more about the measures we are taking to ensure business continuity and help fight the COVID-19 pandemic.
Our thoughts here at Progress are with those affected by the outbreak.
Tags
Extensions and Customization
Asked by
chen
Top achievements
Rank 1
Answers by
chen
Top achievements
Rank 1
Eric R | Senior Technical Support Engineer
Telerik team
Share this question
or