stackoom
  简体   繁体   中英

intercepting javascript files from a secured server and use local file instead

 原文  2013-04-15 18:00:14       javascript/ fiddler

Question

I am trying to intercept a https request which serves a JS file and use my local file instead. Used fiddler tool and i am able to successfully intercept all the http request served files. But unable to do it for the https files. Note: I have kept my JS file in a local server..I just used the direct path like C:\\test\\test.js

1 answers

solution1
 2 ACCPTED  2013-04-15 18:30:33

Did you enable the Decrypt HTTPS Traffic option?

Fiddler2 includes the ability to decrypt, view, and modify HTTPS-secured traffic for debugging purposes. The decryption feature is disabled by default.
By default, the session list will show only a CONNECT tunnel through which the HTTPS-encrypted bytes flow.

Enable the traffic decryption option by clicking Tools > Fiddler Options > HTTPS and ticking the Decrypt HTTPS Traffic box.

Update:
You might want to send the alternate javascript from your proxy by the way (instead of changing the source to include a script file on the users local computer).

Also, as pointed out by EricLaw in the comment to this answer:
You'd also want to look at Fiddler's AutoResponder tab which allows you to return files from your local disk instead of transmitting the request to the server .
On this tab you can enter a match rule and an action string, and Fiddler will undertake the action if the request URI matches the match rule.

Extra (because of a comment that this can't be done because it would defeat the purpose of https)

Q: The HTTPS protocol was designed to prevent traffic viewing and tampering. Given that, how can Fiddler2 debug HTTPS traffic?

A: Fiddler2 relies on a "man-in-the-middle" approach to HTTPS interception. To your web browser, Fiddler2 claims to be the secure web server, and to the web server, Fiddler2 mimics the web browser. In order to pretend to be the web server, Fiddler2 dynamically generates a HTTPS certificate.

Fiddler's certificate is not trusted by your web browser (since Fiddler is not a Trusted Root Certification authority), and hence while Fiddler2 is intercepting your traffic, you'll see a HTTPS error message in your browser.

It's hardly a new concept by the way, mitmproxy can do it to as far as I can tell.

Hope this helps!

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Is it possible to load in a local version of a JavaScript file instead of the server version? Reading local files from file path in javascript Prevent local PHP/HTML files preview from executing javascript on server configuring to use localStorage as endpoint instead of local server downloading file from server to local machine using javascript and java Why is the browser trying to load a local JavaScript file from a server? Get data ajax from file local to server in pure javascript Post data ajax from file local to server in pure javascript Import local JavaScript Files into Single JavaScript File How to use javascript to manipulate CSS from local file in WebView
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM