Here are some key features:
Once you have Fiddler downloaded and installed. You can run it and it will immediately begin to start listening for traffic. The first two items it will hit will be itself checking Telerik for updates. You will see these hits immediately.
If you would like to clean these hits up, just control+select them all and right click. Go to Remove and click Remove Selected Sessions.
Now you have a clean slate and are ready to start hitting sites and seeing what goodies show up.
Now let's try just hitting www.yahoo.com and see what it yields. The below screen capture is all the items that load when I hit the website.
Notice item 49, y.analystics.yahoo.com. What in the world is analystics.yahoo.com? Are they gathering information about me? Personal information? Well, not really. They monitor the items you select, you click and they build trends based on this. They aren't saying "Oh Joe Schmoe clicked this and he's looking for blah blah". They more, so look for what people want to read based on what they click and then they surround their articles around that. Supply and demand.
If you will also notice, the "Protocol" column says "HTTP". So anything I click or go to or read is going over clear text. Anyone on my network could easily sniff this traffic. Not a big deal because I'm just browsing the world wide web, right? Right, these are good things to note.
Now lets try to login to mail. Is that clear text?
No, one key thing to note here is that under "host", it says "tunnel to". This means it is creating a secure tunnel to the host and you can't see the contents. I know this is a strange reading because it says it's going through port 443 instead of 8443, but if you will notice in your URL bar it says HTTPS and not HTTP.
Now let's try just hitting www.yahoo.com and see what it yields. The below screen capture is all the items that load when I hit the website.
Notice item 49, y.analystics.yahoo.com. What in the world is analystics.yahoo.com? Are they gathering information about me? Personal information? Well, not really. They monitor the items you select, you click and they build trends based on this. They aren't saying "Oh Joe Schmoe clicked this and he's looking for blah blah". They more, so look for what people want to read based on what they click and then they surround their articles around that. Supply and demand.
If you will also notice, the "Protocol" column says "HTTP". So anything I click or go to or read is going over clear text. Anyone on my network could easily sniff this traffic. Not a big deal because I'm just browsing the world wide web, right? Right, these are good things to note.
Now lets try to login to mail. Is that clear text?
No, one key thing to note here is that under "host", it says "tunnel to". This means it is creating a secure tunnel to the host and you can't see the contents. I know this is a strange reading because it says it's going through port 443 instead of 8443, but if you will notice in your URL bar it says HTTPS and not HTTP.
Try navigating to www.youtube.com. Your "host" coloum will look a lot different.
Notice in the above image that the Host filed actually has content instead of it saying "Tunnel to"?
Lets go ahead and start analyzing HTML code. Right click the page and go to "View Page Source".
Once you view the page source, you can Contr+F for "Login". We are looking for the action the login button does and the file it loads when you click it.
There it is, you can even click the link live from here and it will take you to the normal login page. The reason why we did this is because sometimes we can view CSS files and see what the website is doing. We can also see if they are using encryption for you login or not. Notice the link has "HTTPS" in it? Secure login!
Lets take a look at the pane on the right side.
This pane will show you the most useful information. This pane will show you the exact data you sent to the Host. Items in here can include: browser type, amount of bytes sent, time sent, cookies dropped from it and various other bits of information helpful to determining what is being transacted between you and the host.
You may wonder, "What am I supposed to do with this information? It's nice and all, but seems useless."
This information is useful because you can see what the server is accepting and what it expects. Beyond this, you can use this information against the server if you choose to. If a server expects the browsing client to be X, then you can craft a packet to LOOK like what the server is expecting.
There's many variants to what you could do.
Disclaimer: I am not responsible for any damage or any malfunctions that may occur during the process of installing this application and use.
No comments:
Post a Comment