如何使用 fiddler 捕获 https，在 Java 中 [英] how to Capture https with fiddler, in java

问题描述

我在 Eclipse IDE 中运行以下 java 程序:

I am running the following java program in the Eclipse IDE:

import java.net.*;
import java.io.*;

public class HH
{
    public static void main(String[] args) throws Exception
    {
        //if i comment out the system properties, and don't set any jvm arguments, the program runs and prints out the html fine.
        System.setProperty("http.proxyHost", "localhost"); 
        System.setProperty("http.proxyPort", "8888"); 
        System.setProperty("https.proxyHost", "localhost"); 
        System.setProperty("https.proxyPort", "8888"); 

        URL x = new URL("https://www.google.com");
        HttpURLConnection hc = (HttpURLConnection)x.openConnection();

        hc.setRequestProperty("User-Agent","Mozilla/5.0 (Windows NT 6.0)
        AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.121 Safari/535.2");

        InputStream is = hc.getInputStream();

        int u = 0;
        byte[] kj = new byte[1024];
        while((u = is.read(kj)) != -1)
        {
            System.out.write(kj,0,u);
        }
        is.close();
    }
}

如果 fiddler 正在运行，则在捕获和未捕获时都会产生以下异常:

This produces the following exception, if fiddler is RUNNING, both while capturing, and not capturing:

Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
    at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
    at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown ...

如果我关闭 fiddler，程序运行良好，没有任何异常，在我连接的 url 上生成 html.

If I close fiddler, the program runs fine without any exceptions, producing the html on the url i am connecting to.

或者，如果我指定 System.setProperty("https.proxyPort", "443");，而不是:System.setProperty("https.proxyPort", "8888");，它运行并打印出所有的 html，无一例外，即使 fiddler 打开，在捕获模式下，但仍然没有从 fiddler 捕获.

alternatively, if i specify System.setProperty("https.proxyPort", "443");, instead of: System.setProperty("https.proxyPort", "8888");, it runs and prints out all html, without exceptions, even while fiddler is open, in capturing mode, but there is still no capturing from fiddler at all.

然后，如果我通过 eclipse 的 jvm 参数设置这些系统属性，例如:-DproxySet=true -DproxyHost=127.0.0.1 -DproxyPort=8888，同样的异常再次发生，只要提琴手应用程序正在以捕获和非捕获模式运行.如果我关闭 fiddler，程序将运行得很好.

Then if I set these system properties through eclipse's jvm arguments like: -DproxySet=true -DproxyHost=127.0.0.1 -DproxyPort=8888, the same exact exception happens again, so long as the fiddler app is running, both in capturing and non capturing mode. If i close fiddler, the program will run perfectly fine.

如果我使用:System.setProperty("http.proxyHost", "127.0.0.1"); 而不是:System.setProperty("http.proxyHost", "localhost");，它在 fiddler 应用程序运行的情况下运行良好，包括上限/非捕获模式，但也没有捕获流量.

If i use: System.setProperty("http.proxyHost", "127.0.0.1"); instead of: System.setProperty("http.proxyHost", "localhost");, it runs fine with fiddler application running, both cap-/non capturing mode, but also NO captured traffic.

有没有人能够使用 fiddler 捕获自己的 https 流量，而不是通过网络浏览器，而是通过 Java 程序?什么是 jvm 参数，你如何设置它来做到这一点?谢谢

Is anyone out there, able to capture their own https traffic with fiddler, NOT through a web browser, but through a java program? What are the jvm arguments, how do you set it up to do this? thanks

推荐答案

创建包含 Fiddler 证书的密钥库.将此密钥库与代理设置一起用作 JVM 的信任库.

Create a keystore containing the Fiddler certificate. Use this keystore as the truststore for the JVM along with the proxy settings.

这是如何做到的:

• 导出 Fiddler 的根证书

工具 -> Fiddler 选项... -> HTTPS -> 将根证书导出到桌面

Tools -> Fiddler Options... -> HTTPS -> Export Root Certificate to Desktop

• 使用此证书创建密钥库

以管理员身份打开命令行(否则keytool不起作用)

Open command line as administrator (keytool doesn't work otherwise)

<JDK_Home>inkeytool.exe -import -file C:Users<Username>DesktopFiddlerRoot.cer -keystore FiddlerKeystore -alias Fiddler

<JDK_Home>inkeytool.exe -import -file C:Users<Username>DesktopFiddlerRoot.cer -keystore FiddlerKeystore -alias Fiddler

出现提示时输入密码.这应该会创建一个名为 FiddlerKeystore 的文件.

Enter a password when prompted. This should create a file called FiddlerKeystore.

• 现在使用 Fiddler 作为代理和此密钥库作为信任库启动 JVM.您将需要这些 vmargs:

-DproxySet=true

-DproxySet=true

-DproxyHost=127.0.0.1

-DproxyHost=127.0.0.1

-DproxyPort=8888

-DproxyPort=8888

-Djavax.net.ssl.trustStore=<path oFiddlerKeystore>

-Djavax.net.ssl.trustStore=<path oFiddlerKeystore>

-Djavax.net.ssl.trustStorePassword=<密钥库密码>

-Djavax.net.ssl.trustStorePassword=<Keystore Password>

在您的 eclipse 运行配置中使用这些 vmargs，您应该很高兴.

Use these vmargs in your eclipse run configuration and you should be good to go.

我能够捕获从 JVM 发出的 HTTPS 请求，而此设置没有任何问题.

I'm able to capture HTTPS requests made from the JVM without any issues with this setup.

这篇关于如何使用 fiddler 捕获 https，在 Java 中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！