fiddler 二次开发 之解密
前置环境
- fiddler 版本:5.0.20204.45441
- 集成开发环境:Visual Studio 2019
1、首先在vs中创建项目sms
2、创建DecryptionUtil类,,该文件主要用于加密、解密算法的实现。
using System;
using System.Text;
using System.Security.Cryptography;
using System.IO;
using System.Threading.Tasks;
//加密类
namespace Util
{
class DecryptionUtil
{
public static byte[] AES_IV = Encoding.UTF8.GetBytes("xxxxxxx");
// 加密
public static string Encrypt(string data)
{
using (AesCryptoServiceProvider aesAlg = new AesCryptoServiceProvider())
{
aesAlg.Key = Encoding.UTF8.GetBytes("yyyyyyyyyyy");
aesAlg.IV = AES_IV;
ICryptoTransform encryptor = aesAlg.CreateEncryptor(aesAlg.Key, aesAlg.IV);
using (MemoryStream msEncrypt = new MemoryStream())
{
using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
{
using (StreamWriter swEncrypt = new StreamWriter(csEncrypt))
{
swEncrypt.Write(data);
}
byte[] bytes = msEncrypt.ToArray();
return Convert.ToBase64String(bytes);
}
}
}
}
//解密
public static string Decrypt(string data)
{
string dummyData = data.Trim().Replace("%", "").Replace(",", "").Replace(" ", "+");
if (dummyData.Length % 4 > 0)
{
dummyData = dummyData.PadRight(dummyData.Length + 4 - dummyData.Length % 4, '=');
}
{
byte[] inputBytes = Convert.FromBase64String(dummyData);
using (AesCryptoServiceProvider aesAlg = new AesCryptoServiceProvider())
{
aesAlg.Key = Encoding.UTF8.GetBytes("yyyyyyyyyyy");
aesAlg.IV = AES_IV;
ICryptoTransform decryptor = aesAlg.CreateDecryptor(aesAlg.Key, aesAlg.IV);
using (MemoryStream msEncrypt = new MemoryStream(inputBytes))
{
using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, decryptor, CryptoStreamMode.Read))
{
using (StreamReader srEncrypt = new StreamReader(csEncrypt))
{
return srEncrypt.ReadToEnd();
}
}
}
}
}
}
}
}
2、然后创建ResponseDecryption类
using System;
using System.Windows.Forms;
using Standard;
using Util;
using Fiddler;
using Newtonsoft.Json.Linq;
using System.Net;
using Newtonsoft.Json;
using Newtonsoft.Json.Serialization;
using System.Collections.Generic;
using System.Text;
namespace Response
{
public class ResponseDecryption : Inspector2, IResponseInspector2, IBaseInspector2
{
private bool mBDirty;
private bool mBReadOnly;
private byte[] mBody;
private HTTPResponseHeaders mResponseHeaders;
private ResponseTextViewer mResponseTextViewer;
private string mystring;
public ResponseDecryption()
{
mResponseTextViewer = new ResponseTextViewer();
}
public bool bDirty
{
get
{
return this.mBDirty;
}
}
public byte[] body
{
get
{
return this.mBody;
}
set
{
mBody = value;
try
{
byte[] decodedBody = this.DoDecryption();
if (decodedBody != null)
{
mResponseTextViewer.body = decodedBody;
}
else
{
mResponseTextViewer.body = value;
}
}
catch (Newtonsoft.Json.JsonReaderException e)
{
FiddlerApplication.Log.LogString("未解密情况下读取json响应 : " + e);
}
}
}
public byte[] DoDecryption()
{
// 将 byte[] 转成字符串才能调用/
String rawBody = System.Text.Encoding.Default.GetString(mBody);
//判断body中是否存在result,如果存在则提取result,即密文
if (rawBody.Contains("result"))
{
dynamic data = JObject.Parse(rawBody);
string re = data.result;
//提取status字段并进行utf8转码,不转码会乱码
string status = data.resStatus.ToString();
byte[] bytes = Encoding.Default.GetBytes(status);
mystring = Encoding.UTF8.GetString(bytes);
//调用解密类进行解密并赋值给text
string text = DecryptionUtil.Decrypt(re);
//将解密的值和status重新进行拼接成json格式
string res = "{" + '"' + "resStatus" + '"' + ":" + mystring + '"' + "result" + '"' + ":" + text + "}";
byte[] decodeBody = System.Text.Encoding.UTF8.GetBytes(res);
return decodeBody;
}
else
{
this.Clear();
return null;
}
}
public bool bReadOnly
{
get
{
return mBReadOnly;
}
set
{
mBReadOnly = value;
}
}
public HTTPResponseHeaders headers
{
get
{
return this.mResponseHeaders;
}
set
{
mResponseHeaders = value;
}
}
public override void AddToTab(System.Windows.Forms.TabPage o)
{
mResponseTextViewer.AddToTab(o);
o.Text = "Decryptiontext";
}
public void Clear()
{
mBody = null;
mResponseTextViewer.Clear();
}
// 在 Tab 上的摆放位置
public override int GetOrder() => 100;
}
}
3、创建ResponseDecryptionFormat类
using System;
using System.Windows.Forms;
using Standard;
using Util;
using Fiddler;
using Newtonsoft.Json.Linq;
using System.Net;
using Newtonsoft.Json;
using Newtonsoft.Json.Serialization;
using System.Collections.Generic;
using System.Text;
namespace Response
{
public class ResponseDecryption : Inspector2, IResponseInspector2, IBaseInspector2
{
private bool mBDirty;
private bool mBReadOnly;
private byte[] mBody;
private HTTPResponseHeaders mResponseHeaders;
private ResponseTextViewer mResponseTextViewer;
private string mystring;
public ResponseDecryption()
{
mResponseTextViewer = new ResponseTextViewer();
}
public bool bDirty
{
get
{
return this.mBDirty;
}
}
public byte[] body
{
get
{
return this.mBody;
}
set
{
mBody = value;
try
{
byte[] decodedBody = this.DoDecryption();
if (decodedBody != null)
{
mResponseTextViewer.body = decodedBody;
}
else
{
mResponseTextViewer.body = value;
}
}
catch (Newtonsoft.Json.JsonReaderException e)
{
FiddlerApplication.Log.LogString("未解密情况下读取json响应 : " + e);
}
}
}
public byte[] DoDecryption()
{
// 将 byte[] 转成字符串才能调用/
String rawBody = System.Text.Encoding.Default.GetString(mBody);
if (rawBody.Contains("result"))
{
dynamic data = JObject.Parse(rawBody);
string re = data.result;
string status = data.resStatus.ToString();
byte[] bytes = Encoding.Default.GetBytes(status);
mystring = Encoding.UTF8.GetString(bytes);
string text = DecryptionUtil.Decrypt(re);
//FiddlerApplication.Log.LogString("status : " + status);
//FiddlerApplication.Log.LogString("text : " + text);
string res = "{" + '"' + "resStatus" + '"' + ":" + mystring + '"' + "result" + '"' + ":" + text + "}";
byte[] decodeBody = System.Text.Encoding.UTF8.GetBytes(res);
return decodeBody;
}
else
{
this.Clear();
return null;
}
}
public bool bReadOnly
{
get
{
return mBReadOnly;
}
set
{
mBReadOnly = value;
}
}
public HTTPResponseHeaders headers
{
get
{
return this.mResponseHeaders;
}
set
{
mResponseHeaders = value;
}
}
public override void AddToTab(System.Windows.Forms.TabPage o)
{
mResponseTextViewer.AddToTab(o);
o.Text = "Decryptiontext";
}
public void Clear()
{
mBody = null;
mResponseTextViewer.Clear();
}
// 在 Tab 上的摆放位置
public override int GetOrder() => 100;
}
}
这里说明下,ResponseDecryptionFormat主要是作为json格式化输出,以便于查看,ResponseDecryption 主要是作为text文本格式输出,可以轻松复制想要的内容,本质上,它们代码逻辑是相同的,只是输出方式不一样而已。
创建的项目结构是这样
添加项目版本号在AssemblyInfo中
然后选择项目-属性,在生成事件中添加 copy "$(TargetPath)" "D:\Fiddler\Inspectors$(TargetFilename)"
然后选择生成-生成解决方案
这样后缀为.dll文件的就会copy到fiddler文件夹下,启动fiddler即可查看结果
json选项卡是加密的
DecryptionFormatJson 选项卡已经是解密了,而且以json格式化的方式展示
Decryptiontext 选项卡是以文本的方式展示的,方便复制想要的内容,内容和DecryptionFormatJson 选项卡一样。只是以文本的方式展示。
至此,fiddler 响应数据解密就完成了。这样在测试过程中就不用为解密数据而苦恼了。
浙公网安备 33010602011771号