Fiddler is a proxy that aims to debug any problems related to the HTTP traffic between your computer and the Internet. The interface is divided into different tabs where you can access statistics for each website you visit. Mac 下有没有类似 Fiddler 的工具?. 可以试试用这个:GitHub - avwo/whistle: HTTP, HTTPS, Websocket debugging proxy tool. 发布于 2016-06-25.
Active3 years, 8 months ago
I'm in the process of testing my application with respect to security.
Aside from Fiddler, Charles and Poster (Firefox plug in). Are there any other free to use https interception (and editing) applications out there? Especially ones which can be installed w/o admin privileges.
Achilles comes to mind, but I don't think it can handle https traffic.
reevesy3,21611 gold badge2121 silver badges2222 bronze badges
IaCoderIaCoder
5,33399 gold badges3030 silver badges4545 bronze badges
closed as off-topic by bummi, rene, Yvette Colomb♦, TigerhawkT3, CRABOLODec 20 '15 at 23:40
This question appears to be off-topic. The users who voted to close gave this specific reason:
- 'Questions asking us to recommend or find a book, tool, software library, tutorial or other off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.' – bummi, rene, Yvette Colomb, TigerhawkT3, CRABOLO
8 Answers
Achilles does work on HTTPS traffic, but they note on their site that it is not the best tool any more.
Their suggestions are Burp Suite and WebScarab both of which I highly recommend.
borisdiakur6,09655 gold badges4949 silver badges8181 bronze badges
CalvinTregCalvinTreg33811 gold badge33 silver badges1111 bronze badges
OWASP ZAP - its free, open source and cross platform.
Its also the most active open source web security tool and came first and second in the last 2 'Top Security Tools' surveys run by Toolswatch.org (2013, 2014)
It was originally forked from Paros, which is no longer maintained, but it now has loads more functionality.
Its an OWASP Flagship project having replaced WebScarab, which is also essentially no longer maintained.
Simon (ZAP Project Lead)
Simon BennettsSimon Bennetts2,84511 gold badge1010 silver badges1818 bronze badges
Wireshark is amazing. It captures everything on the network so you'll need to filter down to http/https: http://wiki.wireshark.org/CaptureFilters.
Corbin MarchCorbin March23.5k66 gold badges6565 silver badges9696 bronze badges
Doing more research I came across Paros Proxy. Seems to be a good alternative to the others.
IaCoderIaCoder
5,33399 gold badges3030 silver badges4545 bronze badges
There are a few programs that I would suggest.
Paros Proxy and Ratproxy have already been noted.
scapy is a powerful packet manipulation tool, and has all of the sniffing and monitoring capabilities as well.dsniff is a suite of tools that allows manipulation, injection, and all sorts of interception and modification options.
There is also a plugin for IE called Tamper IE that has a simple GUI based packet editor.
All of these are free.
CalvinTregCalvinTreg33811 gold badge33 silver badges1111 bronze badges
I'd strongly recommend HttpWatch. I believe the basic version is free and captures your HTTPS traffic to some extent. The Professional version is worth the money.
Gabriel IsenbergGabriel Isenberg11.8k44 gold badges3232 silver badges5656 bronze badges
Fiddler Via Mac
Have a look at ratproxy. It may not be exactly what you're asking for, but is very useful in testing the security of your web app.
Rather than intercepting HTTP and allowing you to edit or replay requests, it installs as a proxy and monitors the normal use of your web app, and then provides a report on possible security issues, along with their severity. It can also be configured to attempt active XSS or XSRF attacks where it thinks there is a vulnerability.
The site says 'Ratproxy is currently believed to support Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments' but I've only used it on Linux.
TimBTimB4,96622 gold badges2222 silver badges2929 bronze badges
Check HTTP Debugger Pro
It is proxy-less solution and have zero impact to the transferring data.
Also it has modern user interface :)
Fiddler Tool For Linux
KhachaturKhachaturDownload Fiddler For Mac
50511 gold badge77 silver badges2222 bronze badges