自动验证的HTTP流量与小提琴家特定站点 [英] Auto http authenticate traffic for a specific site with fiddler
问题描述
我想弄清楚我如何能得到提琴手autorespond或修改HTTP验证基本的反应,所以我不都输入了用户名/密码(我有超过200子域尝试要求凭据,我想避免这样做各一个)。
I am trying to figure out how I can get fiddler to autorespond or modify an http authenticate basic response so I don't have to keep entering in the username/password (I have over 200 sub-domains to try that require the credentials and I want to avoid doing each one).
我已经尝试添加一个自动应答规则,以确定使用基本XXXXXXXXXXXX的价值(EN code字符串)WWW身份验证的请求,但它似乎没有当我使用浏览器作为工作代理设置为提琴手(IE:本地主机,端口8888)...
I've tried adding in a autoresponder rule to identify the www-authenticate request with the value of Basic XXXXXXXXXXXX(encode string), but it doesn't seem to work when I am using a browser as a proxy set to fiddler (IE: localhost, port 8888)...
我也尝试添加到自定义规则(和设置自动身份验证标志):oSession [X-AutoAuth] =域\\用户名:密码;但是这并不能工作。
I have also tried adding into custom rules (and setting the "auto authenticate" flags): oSession["X-AutoAuth"] = "domain\username:password"; but that didn't work either.
任何人都知道我能做到这一点?我错过了什么?有没有更好的工具来处理这个修改,我怎么会去吗?
Anyone know how I can do this? Did I miss something? Is there a better tool to handle this modification and how would I go about it?
推荐答案
使用 X-AutoAuth 标记不会帮助你,因为它仅适用于摘要,NTLM,和协商身份验证协议,而不是基本的。
Using the X-AutoAuth flag won't help you because it only works for Digest, NTLM, and Negotiate authentication protocols, not Basic.
使用自动回复不会帮助你,因为你的目标不是要返回到客户端修改响应。
Using the AutoResponder won't help you, as your goal isn't to return a modified response to the client.
要做到这一点,正确的方法是让你的FiddlerScript添加适当的授权:基本XXXXXX 头到出站请求。
The proper way to do this is to have your FiddlerScript add the appropriate Authorization: Basic xxxxxx header to outbound requests.
点击规则> 自定义规则。滚动到 OnBeforeRequest 。加入这样的:
Click Rules > Customize Rules. Scroll to OnBeforeRequest. Add something like:
if (oSession.hostname.EndsWith(".example.com"))
{
oSession.oRequest["Authorization"] = "Basic xxxbase64encodedvaluexxx";
}
保存脚本,然后所有请求任何与 .example.com的结束将得到自动添加凭证头。
Save the script and all requests to anything ending with .example.com will get the credential header added automatically.
这篇关于自动验证的HTTP流量与小提琴家特定站点的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
