Skip Ribbon Commands
Skip to main content

Ondrej Sevecek's Blog

:

Engineering and troubleshooting by Directory Master!
Microsoft Certified Master: Directory Services   RSS
RSS
Ondrej Sevecek's Blog > Posts > TechEd 2018 - Přednáška o Fiddleru
květen 14
TechEd 2018 - Přednáška o Fiddleru
by  Ondřej Ševeček  on 14.5.2018 20:22
Category: Blog

​Slajdy k přednášce o tom, jak jednoduše používat Fiddler k průzkumu HTTPS komunikací, bez ohledu na to, jestli to je prohlížeč, nebo GUI program, si můžete stáhnout zde.

Současně je zde zdrojový kód skriptu pro nastavení proxy (ať už to je Fiddler nebo něco jiného). Baťáček je zajímavé také tím, že si umí sám požádat o zvýšení UAC oprávnění (elevate - spustí se podruhé zvýšeně pomocí parametru -Verb runas):

fiddle.bat

@ECHO OFF

IF "%1" == "noElevate" GOTO NoElevate

powershell -NoLogo -ExecutionPolicy Bypass -Command "Start-Process %~d0%~p0%~n0.bat noElevate -Verb runas"
GOTO Exit

:NoElevate

powershell -NoLogo -ExecutionPolicy Bypass -File "%~d0%~p0%~n0.ps1"

:Exit

fiddle.ps1

[string] $fdl = (Read-Host 'Fiddler machine name (or [-] to reset proxy)').Trim()

if ($fdl -eq '') {

  $fdl = 'localhost'
}

if (($fdl -ne '-') -and ($fdl -ne '[-]')) {

  if ($fdl -notlike '*?:?*') {

    $fdl = '{0}:8888' -f $fdl
  }

  Set-ItemProperty 'Microsoft.PowerShell.Core\Registry::HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings' ProxyServer $fdl
  Set-ItemProperty 'Microsoft.PowerShell.Core\Registry::HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings' ProxyEnable 1

  Set-ItemProperty 'Microsoft.PowerShell.Core\Registry::HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings' ProxyServer $fdl
  Set-ItemProperty 'Microsoft.PowerShell.Core\Registry::HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings' ProxyEnable 1

  Set-ItemProperty 'Microsoft.PowerShell.Core\Registry::HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings' ProxyServer $fdl
  Set-ItemProperty 'Microsoft.PowerShell.Core\Registry::HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings' ProxyEnable 1

  Set-ItemProperty 'Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings' ProxyServer $fdl
  Set-ItemProperty 'Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings' ProxyEnable 1

  # Note: for example, the "Bypass proxy for local addresses" would be specified as 
  Remove-ItemProperty 'Microsoft.PowerShell.Core\Registry::HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings' ProxyOverride
  Remove-ItemProperty 'Microsoft.PowerShell.Core\Registry::HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings' ProxyOverride
  Remove-ItemProperty 'Microsoft.PowerShell.Core\Registry::HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings' ProxyOverride
  Remove-ItemProperty 'Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings' ProxyOverride

  netsh winhttp set proxy $fdl | Out-Null

  $remoteFdl = $fdl.Split(':')[0]
  if (($remoteFdl -ne 'localhost') -and ($remoteFdl -ne '127.0.0.1')) {

    $remoteAdmin = (Read-Host 'Credentials to make Fiddler certificate trusted (or nothing to skip)').Trim()

    if (($remoteAdmin -ne '') -and ($remoteAdmin -ne '-')) {

      $remotePwd = (New-Object System.Management.Automation.PSCredential ('DummyLogin', (Read-Host 'Password' -AsSecureString))).GetNetworkCredential().Password

      [System.Management.ConnectionOptions] $wmiRegOptions = New-Object System.Management.ConnectionOptions
      $wmiRegOptions.Impersonation = [System.Management.ImpersonationLevel]::Impersonate
      $wmiRegOptions.Username = $remoteAdmin
      $wmiRegOptions.Password = $remotePwd
      $wmiRegOptions.EnablePrivileges = $true
      [System.Management.ManagementScope] $wmiRegScope = New-Object System.Management.ManagementScope (('\\{0}\root\default' -f $remoteFdl), $wmiRegOptions)
      $wmiRegScope.Connect()
      [System.Management.ManagementClass] $wmiReg = New-Object System.Management.ManagementClass ($wmiRegScope, 'stdRegProv', $null)

      [System.Management.ManagementBaseObject] $wmiRes = $wmiReg.EnumKey(2147483650, 'Software\Microsoft\SystemCertificates\Root\Certificates')
      foreach ($oneThumbprint in ([string[]] $wmiRes.sNames)) {

        $wmiRes = $wmiReg.GetBinaryValue(2147483650, 'Software\Microsoft\SystemCertificates\Root\Certificates\{0}' -f $oneThumbprint, 'Blob')
        [Security.Cryptography.X509Certificates.X509Certificate2] $oneCert = New-Object Security.Cryptography.X509Certificates.X509Certificate2 @(, ([byte[]] $wmiRes.uValue))

        if ($oneCert.Subject -eq 'CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com') {

          $rootStore = New-Object System.Security.Cryptography.X509Certificates.X509Store ('Root', 'LocalMachine')
          $rootStore.Open('MaxAllowed')
          $rootStore.Add($oneCert) 
          $rootStore.Close()
        }
      }       
    }
  }

} else {

  Remove-ItemProperty 'Microsoft.PowerShell.Core\Registry::HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings' ProxyServer
  Remove-ItemProperty 'Microsoft.PowerShell.Core\Registry::HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings' ProxyEnable

  Remove-ItemProperty 'Microsoft.PowerShell.Core\Registry::HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings' ProxyServer
  Remove-ItemProperty 'Microsoft.PowerShell.Core\Registry::HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings' ProxyEnable

  Remove-ItemProperty 'Microsoft.PowerShell.Core\Registry::HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings' ProxyServer
  Remove-ItemProperty 'Microsoft.PowerShell.Core\Registry::HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings' ProxyEnable

  Remove-ItemProperty 'Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings' ProxyServer
  Remove-ItemProperty 'Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings' ProxyEnable

  netsh winhttp reset proxy | Out-Null
}

Write-Host ('')
Read-Host 'Press ENTER to exit'

 

Permanent Link to Post | Email Post Link | Number of Comments 8 Comment(s)

Comments

Re: TechEd 2018 - Přednáška o Fiddleru

Looking for a reliable writing service? https://writepaperfor.me is your go-to solution. With a team of skilled writers and a commitment to delivering high-quality papers, they can help you tackle any academic assignment. Their user-friendly website WritePaperFor.me makes it easy to place your order and track its progress. Don't compromise on the quality of your papers - trust WritePaperFor.me for exceptional results.
AlexKant on 12.7.2023 16:51

Re: TechEd 2018 - Přednáška o Fiddleru

They can assist you with any academic assignment because they have a staff of qualified writers and a commitment to creating high-quality papers. https://doodlegames.io
Pauline Cotton on 17.7.2023 11:17

Re: TechEd 2018 - Přednáška o Fiddleru

You should click here to find out all about writing services. This will help you avoid common mistakes and save you money. It's very important.
https://essayservices.review/reviews/justdomyessay-com-review
Michael Wilson on 22.7.2023 10:56

nemuste

Instead of experiencing frustration when faced with a lack of internet https://dinosaurgameoffline.com
good on 26.9.2023 8:40

Re: TechEd 2018 - Přednáška o Fiddleru

Because of their experienced writers and dedication to delivering just the highest quality papers, they can help you with whatever schoolwork you have. https://basketball-stars.co/
nolan on 18.10.2023 5:24

Re: TechEd 2018 - Přednáška o Fiddleru

I really like everything about it. It's a nice thing to share and a great service https://iogames.games

bettyking on 30.10.2023 7:54

Good

 I appreciate what you share in the post. Thanks to your post, I have gained a lot of new and useful knowledge. https://mapquestdirections.org
David on 2.11.2023 3:56

service  Provider

Glancing at women shifting by using Aerocity  Escorts Girls famous girls aspect and awaiting badly how you can hold out together with her and perhaps you’re secretly anticipating to this point her or maybe https://www.hemaahuja.com/aerocity-escorts.htmleven searching to talk approximately a bed. It is all approximately the name of the game needs a boy/man has but never in reality does anything to get together up with them.
Kaabir Singh on 30.11.2023 7:15

Add Comment

Title


Pole Title nemusíte vyplňovat, doplní se to samo na stejnou hodnotu jako je nadpis článku.

Author *


Pole Author nesmí být stejné jako pole Title! Mám to tu jako ochranu proti spamu. Roboti to nevyplní dobře :-)

Body *


Type number two as digit *


Semhle vyplňte číslici dvě. Předchozí antispemové pole nefunguje úplně dokonale, zdá se, že jsou i spamery, které pochopily, že je občas potřeba vyplnit autora :-)

Email


Emailová adresa, pokud na ni chcete ode mě dostat odpověď. Nikdo jiný než já vaši emailovou adresu neuvidí.

Attachments