FiddlerCOM

FiddlerCore is written in .Net. Most of the time when we needed to capture the traces using fiddler we had to start it manually. Here is the simple .Net code that you can use to automate this capture.

using System;
using System.Threading;
using System.Collections.Generic;
using Fiddler;
using System.Reflection;
using System.Runtime.InteropServices;

namespace FiddlerCOM
{
    public interface IFiddlerCOMInterface
    {
        void InitFiddlerCore(bool secure);
        void Save(string sFilename);
        void Quit();
    }

    [ComVisible(true), GuidAttribute(“C84A8A5F-5266-4DE1-AFF0-AA730873B7C2”)]
    [ProgId(“FiddlerCOM.FiddlerCOMInterface”)]
    [ClassInterface(ClassInterfaceType.None)]
    public class FiddlerCOMInterface : IFiddlerCOMInterface
    {
        static Proxy oSecureEndpoint;
        static string sSecureEndpointHostname = “localhost”;
        static int iSecureEndpointPort = 7777;
        static int iUnSecureEndpointPort = 8877;
        static List<Fiddler.Session> oAllSessions = new List<Fiddler.Session>();
        static Thread fiddlerCoreThread = new Thread(new ThreadStart(StartFiddler));
        static FiddlerCoreStartupFlags oFCSF = FiddlerCoreStartupFlags.Default;

        //default constructor
        public FiddlerCOMInterface() { }

        private static void WriteCommandResponse(string s)
        {
            ConsoleColor oldColor = Console.ForegroundColor;
            Console.ForegroundColor = ConsoleColor.Yellow;
            Console.WriteLine(s);
            Console.ForegroundColor = oldColor;
        }

        [ComVisible(true)]
        public void Quit()
        {
            WriteCommandResponse(“Shutting down…”);
            if (null != oSecureEndpoint) oSecureEndpoint.Dispose();
            Fiddler.FiddlerApplication.Shutdown();
            Thread.Sleep(500);
        }

        [ComVisible(true)]
        public void InitFiddlerCore(bool secure)
        {
            fiddlerCoreThread.Start();
        }

        private static void StartFiddler()
        {
            Fiddler.CONFIG.IgnoreServerCertErrors = true;

            Fiddler.FiddlerApplication.OnNotification += delegate(object sender, NotificationEventArgs oNEA) { Console.WriteLine(“** NotifyUser: ” + oNEA.NotifyString); };
            Fiddler.FiddlerApplication.Log.OnLogString += delegate(object sender, LogEventArgs oLEA) { Console.WriteLine(“** LogString: ” + oLEA.LogString); };

            Fiddler.FiddlerApplication.BeforeRequest += delegate(Fiddler.Session oS)
            {
                Monitor.Enter(oAllSessions);
                oAllSessions.Add(oS);
                Monitor.Exit(oAllSessions);
            };

            FiddlerApplication.Prefs.SetBoolPref(“fiddler.network.streaming.abortifclientaborts”, true);

            Fiddler.FiddlerApplication.Startup(iUnSecureEndpointPort, oFCSF);

            FiddlerApplication.Log.LogFormat(“Starting with settings: [{0}]”, oFCSF);
            FiddlerApplication.Log.LogFormat(“Gateway: {0}”, CONFIG.UpstreamGateway.ToString());

            oSecureEndpoint = FiddlerApplication.CreateProxyEndpoint(iSecureEndpointPort, true, sSecureEndpointHostname);
            if (null != oSecureEndpoint)
            {
                FiddlerApplication.Log.LogFormat(“Created secure end point listening on port {0}, using a HTTPS certificate for ‘{1}'”, iSecureEndpointPort, sSecureEndpointHostname);
            }
        }

        [ComVisible(true)]
        public void Save(string sFilename)
        {
            bool bSuccess = false;
            if (!FiddlerApplication.oTranscoders.ImportTranscoders(Assembly.GetExecutingAssembly()))
            {
                Console.WriteLine(“This assembly was not compiled with a SAZ-exporter”);
            }
            else
            {
                string sSAZInfo = SAZFormat.GetZipLibraryInfo();
                Console.WriteLine(String.Format(“Starting {0} ({1})…”, Fiddler.FiddlerApplication.GetVersionString(), sSAZInfo));
            }
           
            try
            {
                try
                {
                    Monitor.Enter(oAllSessions);
                    TranscoderTuple oExporter = FiddlerApplication.oTranscoders.GetExporter(“SAZ”);
                    if (null != oExporter)
                    {
                        Dictionary<string, object> dictOptions = new Dictionary<string, object>();
                        dictOptions.Add(“Filename”, sFilename);
                        bSuccess = FiddlerApplication.DoExport(“SAZ”, oAllSessions.ToArray(), dictOptions, null);
                    }
                    else
                    {
                        Console.WriteLine(“Save failed because the SAZ Format Exporter was not available.”);
                    }
                }
                finally
                {
                    Monitor.Exit(oAllSessions);
                }

                WriteCommandResponse(bSuccess ? (“Wrote: ” + sFilename) : (“Failed to save: ” + sFilename));
            }
            catch (Exception eX)
            {
                Console.WriteLine(“Save failed: ” + eX.Message);
            }
        }
    }
}

Once compiled it, sign it and copy it into the GAC. You need codes from the FiddlerCore bundle and the FiddlerCore library to compile this.

Now you can automate the capture using COM client:

import win32com.client
import time

o = win32com.client.Dispatch(“FiddlerCOM.FiddlerCOMInterface”)
o.InitializeFiddler(1)

time.sleep(30)

o.SaveSessionsToDisk(“c:\\tmp\\frompython.saz”)
o.DoQuit()

Advertisements
This entry was posted in Fuzzing, IE, Web and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s