Fiddler和Wireshark网络抓包实践

1. Fiddler

只能抓浏览器返回的包，即只可以抓PC上的包，无法抓手机上的包

2. Wireshark

世界上最流行的网络协议分析器，抓包工具Wireshark基本介绍和学习TCP三次握手

通过ping命令拿到网址的IP

过滤表达式的规则

表达式规则 规则说明 协议过滤 比如TCP，只显示TCP协议 IP 过滤 比如 ip.src ==192.168.1.102 显示源地址为192.168.1.102，ip.dst==192.168.1.102，目标地址为192.168.1.102 端口过滤 tcp.port ==80, 端口为80的； tcp.srcport == 80, 只显示TCP协议的愿端口为80的 Http模式过滤 http.request.method==”GET”, 只显示HTTP GET方法的 逻辑运算符 AND/ OR

常用的过滤表达式

过滤表达式 用途 http 只查看HTTP协议的记录 ip.src ==192.168.1.102 过滤源ip地址是192.168.1.102 ip.dst==192.168.1.102 过滤目标ip地址是192.168.1.102 ip.src ==192.168.1.102 or ip.dst==192.168.1.102 源地址或者目标地址是192.168.1.102 http.request.method==”GET” 过滤get请求 http.request.method==”POST” 过滤post请求 http.request.method==”GET” and ip.dst==192.168.1.102

Wireshark抓包实战

抓取某新闻客户端的数据

注意事项

• 在抓取数据之前先清除缓存，缓存会影响抓包

过滤get请求

通过ping命令获取新闻数据的目标IP地址，封包信息中网址带有163可能就是新闻客户端的url

拿到目标IP地址，就可以通过目标IP地址过滤数据

用浏览器打开抓到的url，即可得到新闻的数据

http://c.m.163.com/nc/article/list/T1467284926140/0-20.html

新闻分类tid

url组织形式http://c.m.163.com/nc/article/list/tid/startindex-count.html

其中tid是新闻类别的id，startindex是数据的起始索引，count是新闻数据的条数

• 体育T1348649079062
• 头条T1467284926140
• 娱乐T1348648517839
• 要闻T1348647909107

新闻Tab标签

http://c.m.163.com/nc/topicset/android/subscribe/manage/listspecial.html

{    "tList": [        {            "template": "normal1",            "topicid": "0001899N",            "hasCover": false,            "weburl": "http://www.163.com/",            "alias": "Top News",            "subnum": "3.2万",            "recommendOrder": 0,            "isNew": 0,            "hashead": 1,            "img": "",            "isHot": 0,            "hasIcon": false,            "cid": "C1348646712614",            "recommend": "0",            "headLine": true,            "hasAD": 1,            "color": "",            "bannerOrder": 0,            "tname": "头条",            "ename": "androidnews",            "showType": "comment",            "special": 0,            "tid": "T1348647909107",            "ad_type": 1        },        {            "template": "normal1",            "topicid": "0001899N;000187QQ",            "hasCover": false,            "alias": "yaowenspecial",            "subnum": "10.6万",            "recommendOrder": 0,            "isNew": 0,            "hashead": 1,            "img": "",            "isHot": 0,            "hasIcon": false,            "cid": "C1348647991705",            "recommend": "0",            "headLine": false,            "hasAD": 1,            "color": "",            "bannerOrder": 0,            "tname": "要闻",            "ename": "yaowenspecial",            "showType": "comment",            "special": 0,            "tid": "T1467284926140",            "ad_type": 1        },        {            "template": "recommend",            "topicid": "00037VVH",            "hasCover": false,            "weburl": "http://ent.163.com/",            "alias": "Entertainment",            "subnum": "超过1000万",            "recommendOrder": 120,            "isNew": 0,            "hashead": 1,            "img": "T1348648517839",            "isHot": 0,            "hasIcon": true,            "cid": "C1348648351901",            "recommend": "1",            "headLine": false,            "hasAD": 1,            "color": "",            "bannerOrder": 0,            "tname": "娱乐",            "ename": "yule",            "showType": "comment",            "special": 0,            "tid": "T1348648517839",            "ad_type": 1        }    ]}

json数据中的tid即为上文中的新闻类别id

新闻详情页

http://c.m.163.com/nc/article/docid/full.html

https://c.m.163.com/news/a/docid.html

例如：http://c.m.163.com/nc/article/CG4A99320001899O/full.html

其中CG4A99320001899O是docid，如图所示