-
Notifications
You must be signed in to change notification settings - Fork 164
/
Invoke-Fiddler.ps1
215 lines (180 loc) · 7.6 KB
/
Invoke-Fiddler.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
<#
Assumes that Fiddler Core Libraries are in same directory as this script.
http://www.telerik.com/fiddler/fiddlercore
This script uses Fiddler Core 4
#>
function Start-Fiddler {
<#
.Synopsis
Uses FiddlerCore to listen on a specified port.
.Description
Start-Fiddler loads the FiddlerCore DLL and uses Fiddler.FiddlerApplication to listen on a specified port.
When http(s) traffic is generated Fiddler logs the traffic. The result is exposed through a job interface.
Start-Fiddler requires FiddlerCore which allows you to integrate HTTP/HTTPS traffic viewing and modification capabilities into your .NET application.
.PARAMETER ListenPort
Specifies the Port that Fiddler listens to.
.PARAMETER RegisterAsSystemProxy
Registers as the system proxy, default set to False.
.Example
Start-Fiddler -ListenPort 8877 -RegisterAsSystemProxy
Starts Fiddler and listens to Port 8877, registers as the system proxy.
.Example
Start-Fiddler -ListenPort 8877 -RegisterAsSystemProxy -Whatif
Displays what would happen if you run Start-Fiddler.
.NOTES
Start-Fiddler requires FiddlerCore which allows you to integrate HTTP/HTTPS traffic viewing and modification capabilities into your .NET application.
.LINK
https://www.fiddler2.com/fiddler/core/
#>
[cmdletbinding(SupportsShouldProcess = $true)]
param(
[Parameter(
Mandatory = $true,
Position = 0)]
[int]$ListenPort,
[switch]$RegisterAsSystemProxy
)
Process {
Try {
# Start FiddlerApplication
if(-not([Fiddler.FiddlerApplication]::IsStarted())) {
if($psCmdlet.ShouldProcess("[Fiddler.FiddlerApplication]","Startup")) {
$FiddlerCoreStarupFlags = [Fiddler.FiddlerCoreStartupFlags]::DecryptSsl -band [Fiddler.FiddlerCoreStartupFlags]::RegisterAsSystemProxy -band [Fiddler.FiddlerCoreStartupFlags]::ChainToUpstreamProxy
#[Fiddler.FiddlerApplication]::StartUp($ListenPort,$RegisterAsSystemProxy,$true) #This is the deprecated calling Convention. New version uses FiddlerCoreStartupFlags
[Fiddler.FiddlerApplication]::StartUp($ListenPort,$RegisterAsSystemProxy,$true)
}
} else {
Write-Verbose "FiddlerApplication is already started"
}
}
Catch {
$error[0]
Continue
}
Try {
if(-not(Get-EventSubscriber | Where-Object { $_.EventName -eq "BeforeRequest" })) {
if($psCmdlet.ShouldProcess("BeforeRequest","Register-ObjectEvent")) {
$fiddlerApplication = [Fiddler.FiddlerApplication]
# Register Event
$fiddlerApplicationBeforeRequest = Register-ObjectEvent -InputObject $fiddlerApplication -EventName 'BeforeRequest' -Action {
$args | Select-Object *;
}
# Store SourceIdentifier in Script Variable
$script:FiddlerEventIdentifier = (Get-EventSubscriber | Where-Object { $_.EventName -eq "BeforeRequest" }).SourceIdentifier
# Store job in Script Variable
$script:FiddlerJobID = $fiddlerApplicationBeforeRequest.Id
}
} else {
Write-Verbose "Eventsubscriber already exists"
}
}
Catch {
$error[0]
Continue
}
}
}
function Stop-Fiddler {
<#
.Synopsis
Stops Fiddler.
.Description
Stop-Fiddler Unregisters the Fiddler Event, Removes the Jobs associated with it and Clears the Script Variables used between the functions.
.Example
Stop-Fiddler
Unregisters the Fiddler event, Removes any Jobs associated with the event and clears the Script Variables used.
.Example
Stop-Fiddler -Verbose
Unregisters the Fiddler event, Removes any Jobs associated with the event and clears the Script Variables used and writes a verbose messages.
.Example
Stop-Fiddler -Whatif
Displays what would happen if you run Stop-Fiddler.
.NOTES
Stop-Fiddler requires FiddlerCore which allows you to integrate HTTP/HTTPS traffic viewing and modification capabilities into your .NET application.
.LINK
https://www.fiddler2.com/fiddler/core/
#>
[cmdletbinding(SupportsShouldProcess = $true)]
param()
# Unregister Event
if(Get-EventSubscriber | Where-Object { $_.SourceIdentifier -eq $FiddlerEventIdentifier }) {
if($psCmdlet.ShouldProcess($FiddlerEventIdentifier,"Unregister-Event")) {
Get-EventSubscriber -SourceIdentifier $FiddlerEventIdentifier | Unregister-Event
Write-Verbose "FiddlerEvent $FiddlerEventIdentifier unregistered"
}
}
# Stop and Remove Jobs
if(Get-Job | Where-Object { $_.Id -eq $fiddlerJobId }) {
if($psCmdlet.ShouldProcess($fiddlerJobId,"Stop-Job")) {
Get-Job -Id $fiddlerJobId | Stop-Job
Write-Verbose "FiddlerJob: $fiddlerJobId Stopped"
}
if($psCmdlet.ShouldProcess($fiddlerJobId,"Remove-Job")) {
Get-Job -Id $fiddlerJobId | Remove-Job -Force
Write-Verbose "FiddlerJob: $fiddlerJobId Removed"
}
}
# Shutdown Fiddler
if([appdomain]::currentdomain.GetAssemblies() | Where { $_.ManifestModule.ToString() -eq "FiddlerCore.dll" }) {
if($psCmdlet.ShouldProcess("[Fiddler.FiddlerApplication]","ShutDown")) {
[Fiddler.FiddlerApplication]::Shutdown()
Write-Verbose "FiddlerApplication shutdown"
}
} else {
Write-Warning "FiddlerCore not added. Unable to run Shutdown() method."
}
# Nullify Script Variables
if($psCmdlet.ShouldProcess("FiddlerVariables","Clear-Variable")) {
$script:FiddlerEventIdentifier = $null
$script:FiddlerJobID = $null
}
}
function Receive-Fiddler {
<#
.Synopsis
Gets the results of the Fiddler background job in the current session.
.Description
Receive-Fiddler gets the results of the Windows PowerShell background jobs in the current session.
By default, the result is deleted from the system when you receive them, you can use the Keep parameter
to save the results so that you can receive them again.
.Example
Receive-Fiddler
Gets the results from a Fiddler job.
.Example
Receive-Fiddler -Keep
Gets the results from a Fiddler job and saves the results so that you can receive them again.
.Example
Receive-Fiddler -Whatif
Displays what would happen if you run Receive-Fiddler.
.NOTES
Receive-Fiddler requires FiddlerCore which allows you to integrate HTTP/HTTPS traffic viewing and modification capabilities into your .NET application.
.LINK
https://www.fiddler2.com/fiddler/core/
#>
[cmdletbinding(SupportsShouldProcess = $true)]
param([switch]$Keep)
if($fiddlerJobId -is [int]) {
if(Get-Job | Where-Object { $_.Id -eq $fiddlerJobId }) {
if($psCmdlet.ShouldProcess($fiddlerJobId,"Receive-Job")) {
Receive-Job -Id $fiddlerJobId -Keep:$Keep
}
}
}
}
# Write a Loop, or Just Embed Base64 For an all in one script
# I left it explicit here so it was clear what is being loaded.
$Content = Get-Content -Path FiddlerCore4.dll -Encoding Byte
$FiddlerCore4Dll = [System.Convert]::ToBase64String($Content)
[System.Reflection.Assembly]::Load([System.Convert]::FromBase64String($FiddlerCore4Dll))
$Content = Get-Content -Path Certmaker.dll -Encoding Byte
$CertMakerDll = [System.Convert]::ToBase64String($Content)
[System.Reflection.Assembly]::Load([System.Convert]::FromBase64String($CertMakerDll))
$Content = Get-Content -Path BCMakeCert.dll -Encoding Byte
$BCMakeCertDll = [System.Convert]::ToBase64String($Content)
[System.Reflection.Assembly]::Load([System.Convert]::FromBase64String($BCMakeCertDll))
Write-Verbose 'Fiddler Core Assemblies Loaded'
Start-Fiddler -ListenPort 8888 -RegisterAsSystemProxy -Verbose
while($true)
{
Receive-Fiddler -Keep
}