检查来自SWF文件的HTTPS流量
[英]Inspect HTTPS traffic from SWF files
问题描述
Is there a way to inspect HTTPS traffic from Flex applications compiled to SWF files? 
有没有办法检查编译为SWF文件的Flex应用程序的HTTPS流量?
I'm trying to use Fiddler for this, have added DO_NOT_TRUST_FiddlerRoot to my Trusted Root Certification Authorities so my IE now can access other HTML sites that would normally complain about untrusted certificate. 我正在尝试使用Fiddler,已将DO_NOT_TRUST_FiddlerRoot添加到我的受信任的根证书颁发机构,因此我的IE现在可以访问通常会抱怨不受信任的证书的其他HTML网站。 However, the HTTPS traffic from the SWF file still doesn't appear in Fiddler and, in fact, the Flex app wouldn't work (HTTPS with a self-signed certificate is not supported by Flex apps I believe). 但是,来自SWF文件的HTTPS流量仍未出现在Fiddler中,实际上,Flex应用程序无法运行(我相信Flex应用程序不支持带有自签名证书的HTTPS)。 Is there a way around it? 有办法解决吗?
Update : To be clear, I am interested in the traffic between the SWF file running under Flash Player and the server (typically, Flex components like HTTPService will be used for this). 更新 :要明确的是,我对在Flash Player下运行的SWF文件与服务器之间的流量感兴趣(通常,会使用像HTTPService这样的Flex组件)。 The SWF file itself can be served via HTTP or HTTPS, it doesn't really matter. SWF文件本身可以通过HTTP或HTTPS提供,但这并不重要。
Clarification 2 : Don't assume that the source code is available for the SWF file. 澄清2 :不要假设源代码可用于SWF文件。 If it was, Flash Builder 4's Network Monitor could be used. 如果是,可以使用Flash Builder 4的网络监视器。
(I am assessing possible security risks for my client just to be clear about my intentions.) (我正在为我的客户评估可能存在的安全风险,以便明确我的意图。)
3 个解决方案
解决方案1
6 已采纳 2010-02-08 15:38:01
Try Charles Proxy it works with both HTTPS and AMF. 试试Charles Proxy,它适用于HTTPS和AMF。 There's a free version with some minor annoyances. 这是一个带有一些轻微烦恼的免费版本。 To get it working with ssl you need to go to Proxy->Proxy Settings->SSL and add the domain which traffic you want to monitor. 要使其与ssl一起使用,您需要转到代理 - >代理设置 - > SSL并添加要监视的流量的域。
---- From the comment ---- ----来自评论----
If you have the original certificate, you can set it up in Proxy->SSL Certificate, and it will be ued by Charles, which should lead to no more errors (as the proxy will have the proper certificate). 如果你有原始证书,你可以在Proxy-> SSL证书中进行设置,它将由Charles使用,这将导致不再出现错误(因为代理将拥有适当的证书)。
解决方案2
2 2010-02-09 11:49:29
Interestingly, Fiddler started to show HTTPS requests today. 有趣的是,Fiddler今天开始显示HTTPS请求。 The Flex app behaves like it couldn't access the server side (which is probably because the response from Fiddler is signed with a self-signed certificate which Flash Player correctly recognizes as different than the target site certificate) but still, the HTTP request has been sent already and is visible via Fiddler. Flex应用程序的行为就像它无法访问服务器端(这可能是因为Fiddler的响应是使用自签名证书签名的,Flash Player正确识别该证书与目标站点证书不同)但是,HTTP请求仍然存在已经发送,并通过Fiddler可见。
Also, Robert Bak suggested that Charles Proxy can use the target site's certificate which I guess would be by far the best method (I didn't try it as the Fiddler experiment already proved enough for us). 此外,Robert Bak建议Charles Proxy可以使用目标站点的证书 ,我认为这是迄今为止最好的方法(我没有尝试过,因为Fiddler实验已经证明对我们来说足够了)。
解决方案3
1 2010-02-08 19:21:26
Adobe's Flash Builder 4 Beta has a built in Network Monitor. Adobe的Flash Builder 4 Beta具有内置的网络监视器。
Learn more here: Flash Builder 4 beta 在此处了解更多信息: Flash Builder 4 beta
According to the documentation: ( Support for HTTPS protocol ) 根据文档:( 支持HTTPS协议 )
The Network Monitor supports monitoring HTTPS calls to a server certified by a certificate
authority (CA) or that has a self-signed certificate.
To monitor calls over the HTTPS protocol, modify the default preference for the Network Monitor
to ignore SSL security checks. Open the Preferences dialog and navigate to Flash Builder >
Network Monitor.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.