• Become a Power user Intro to AutoHotkey Intermediate AutoHotkey Intermediate Objects GUIs are Easy w/AutoHotkey Painlessly switch from V1 to V2

Fiddler Everywhere API Syntax Writer

Rip your API call from Fiddler Everywhere and dump it into AutoHotkey syntax

Fiddler Everywhere API AutoHotkey Syntax Writer

Fiddler Everywhere API AutoHotkey Syntax Writer


The key idea of the video is to demonstrate how to convert API calls from Fiddler to AutoHotkey code using a script that automates the process and allows for easy execution and customization.

  • 00:00 Convert API calls from Fiddler to AutoHotkey code using a script that automatically converts raw information, allowing for easy execution and customization.
    • The video demonstrates a fiddler ripper tool for automatically converting and recreating browser traffic from Fiddler and Fiddler Everywhere using AutoHotkey.
    • Convert API calls from Fiddler to AutoHotkey code by copying the raw information and pasting it into a script that automatically converts it to the appropriate code.
    • Clicking on run will create a chrome object, set headers, loop through them, and send the payload, which can be empty, and you can also copy something without it being parsed by the script.
  • 02:41 The Fiddler Everywhere API AutoHotkey Syntax Writer script parses the clipboard to remove certain compression formats that AutoHotkey cannot understand, and connects to the object that receives and displays information.
    • When using the Fiddler Everywhere API AutoHotkey Syntax Writer, the script ignores changes made to the clipboard when using Ctrl+C, but will parse the clipboard when using the provided button or right-clicking and selecting copy, with the script specifically changing the accept encoding part to remove certain compression formats that AutoHotkey cannot understand.
    • The speaker explains that the object being connected to is not actually AutoHotkey, but rather the object that receives and displays information.
  • 04:42 The message box command in AutoHotkey cannot decompress files, resulting in weird characters, but the file itself is valid and can be opened to access the information.
  • 05:58 Using AutoHotkey to bypass the browser, the video discusses decompressing gzipped responses and viewing initially invisible images in the composer window of Fiddler.
    • Fiddler Everywhere API AutoHotkey Syntax Writer discusses using AutoHotkey to bypass the browser and make API calls, specifically focusing on decompressing gzipped responses.
    • Clicking on the preview button shows an image that is initially invisible, but by decompressing it and using a browser, you can view it in the composer window of Fiddler.
  • 08:10 Executing an API call and checking for a 200 response is crucial to determine the success of the call, and Fiddler can be used to compare API calls and identify code differences.
    • Executing an API call and checking for a 200 response is important, as it indicates whether the call is successful or not.
    • You can use Fiddler to compare API calls made by different programs and see the differences in the code being sent.
  • 09:54 Passing traffic through Fiddler allows you to view SSL-encoded and analyze Hotkey traffic, but there is a modification that can interfere with expected results.
    • Passing traffic through Fiddler allows you to view SSL-encoded traffic and analyze Hotkey traffic.
    • There is a slight modification that can sometimes interfere with expected results in Fiddler, as it constantly adds information that may go unnoticed.
  • 11:50 This tool allows users to emulate browser actions and make API calls for faster information retrieval, while commenting out unnecessary headers and discussing the use of Fiddler Everywhere for analyzing internet traffic and potential data handling variations.
    • This tool allows users to easily emulate browser actions and make specific API calls for faster information retrieval without having to scrape the entire webpage.
    • Commenting out unnecessary headers is important to prevent potential issues and make the code more manageable.
    • The speaker discusses the use of Fiddler Everywhere to analyze and replicate internet traffic, and suggests the possibility of creating a separate version to handle data in a different way.
  • 14:47 The speaker discusses the pros and cons of using an object-based approach in the Fiddler Everywhere API AutoHotkey Syntax Writer, and asks for viewer feedback on their preferred method.

 

Transcripts to Video showing how to rip fiddler traffic from it and convert it to AutoHotkey code

hey everyone it’s Joe and Isaias from the ottoman here and today we’re demoing our fiddler ripper for fiddler everywhere so we had one before for ripping out a fiddler and what it does is it looks at your you know fiddler and fiddler everywhere both monitor your network traffic especially your browser traffic and you know an AutoHotkey and i did this for years where i’m like oh let me look at the traffic and fiddler let me rewrite that onHotkey and then one day i’m like why am i rewriting this
why don’t i rip it out of fiddler and have it automatically convert it for me so i had done that with fiddler and it was a little broken but it mostly worked and then isaias was he was using fiddler everywhere which i i think it has some really cool benefits to it so at some point i’ll probably switch especially now that we have this tool because we didn’t have a tool before that’s why main reason i stuck with the old version butin this example here we’re going to show you how to use this fiddler everywhere ripper and again
it you know you look at your traffic you you can recreate your browser you know api calland then adapt it to AutoHotkey which is really cool so let’s go ahead and show us okay yeah so what we’re going to do is that we’re going to just go ahead and open up this is a script you can go ahead and modify the code however you want make it a little bit you know personalized if you need but the idea is that it allows you to go here on fiddler right and you can get any any request that you’re looking at you just go to any of
it any one of them and just click on raw here and this raw information here is what we usually try to copy this is what we’re trying to kind of like pass to Auto Hotkey so what i did is that if you click the copy button right here it would Automatically parse it and it just notified you that it was converted you go to place where you could type out aHotkey code and you just ctrl v now the paste but instead of pasting the raw information like this it is actually converted to otherHotkey code that can be run you can just simply
click on run and it would work as if it was you know so it will create your chrome object you would create your headers then it would loop through your headers and set them and then it would just send the the payload in this case the payload is empty which it doesn’t matter when you send the command with an empty payload it is just a get so it works like that and sometimes what you might want to do is just copy something from here and you don’t want it to be parsed by the script so say you wanted to grab this token
here you can select it right and you just hit ctrl c when you hit ctrl c my script just goes ahead and ignores the change in the clipboard in this case and it would not parse it now you you if you paste now would just paste whatever you had selected so ctrl c ignores the parsing thingit only works whether you click the button here or if you have everything selected and right click and say copy because those two functions they change the clipboard and the script is actually chain waiting for the clipboard change right so
when the clipboard change is happening and fiddler everywhere is open then it does the parsing except if you use the control c now we have this these two examples here which are very simple like a get example here that you can see how it looks like one key thing that i want you to keep in mind is that we are actually changing the accept encoding part here it usually what happens is that AutoHotkey cannot understand certain compression formats so we are asian looking characters yeah you do you do so so basically what
we’re doing is that i i do want to note that so in case that something is not working as expected you keep in mind that i’m actually changing that line so what happens is that if i go ahead and copy this it says convert it to fiddler and you just go ahead and paste it and you would notice that the accept encoding is just deflate so we removed the gzip and the br options from it usually because AutoHotkey does not understand it right hold on here because correctly if i’m wrong i think i’m starting to get something
i don’t think it’s actually out of Hotkey is it it’s the object that we’re connecting to rightwell that’s not that’s not entirely accurate because the things that you can get so so basically you can get the objects receives the information and you see this text that you received you could save it as a file and then use a compression okay and and you could decompress it if it understands it the only thing is that when i use the messagebox command the messagebox command cannot decompress that right so the message box
command does not decompress anything and that’s why you get these characters these weird looking characters but it is a valid file you can actually say that so the time could theoretically adapt or find a way to actually unencode it or however you want to say it yeah yeah yeah sure sure sure you can natively doesn’t do it but well again i i wouldn’t say that it is out of Hotkey itself is the message box command because the message box command is expecting just text right so that’s all that now get your point
yeah so basically yeah exactly you can you can have it as a file and you can open it and you’re gonna have the information there it’s okay but the problem is that we don’t need that usually when you’re doing a script you just need the raw text yeah so let me and let’s back up now we have several i have quite a few videos on fiddler now and isaias and i have done several on how to you know detect hidden apis and stuff but to take a step back if you’re totally new to this know your browser
when you use a browser and you load a webpage that’s an api call right and it goes to server and asks a request we try to return something right often html with some json or something else in there fiddler will look at all that traffic right and so the api calls you were seeing earlier were things that were done with the browser and that we were looking at the traffic in here we’re like hey we want to get rid of using the browser let’s use AutoHotkey for doing this stuff and that’s what we’re really trying to do
yeah and basically by using the com object we’re bypassing the browser itself now that’s exactly what fiddler everywhere is doing and basically as you can see right here this is the part that i wanted to kind of like show you see that as it is gz deflate vr down here you get garbage as well it looks like garbage to you because it is not decompressed now if you click on the preview button that is an image the only thing is that that image is kind of like you cannot see it this tab in here is decompressing it and
showing whatever is there and that’s why you get some images whenever you you do this and you get an image from the site you could see the image in the preview tab but if you go to the body you would see a lot of a bunch of weird stuff right so again that is exactly what is happening to AutoHotkey if you this body part here is what happens to the messagebox command you get this garbage thing but if you coded something to decompress it and then show it you will be able to see it anyways right maybe somewe’ll work on yeah so basically i do
want you to keep in mind if you are expecting if you are somebody who has worked with this kind of things and things are not exactly as you’re expecting just remember that i’m actually changing the encoding line to just be deflated and the really cool thing is that you can use your browser do this and actually what we’ll do which if you want to demonstrate this is show it how it you can see it as a composer in the composer window in fiddler as well so you can take it the actual browser does a call inside fiddler you can what is it e i
think you said you hit yeah the letter e if you right click on it it says edit in the composer right and basically what happens there is that’s what i have up here so here i just hit e and it just brought it here and i could just execute that one api call and see what the answer is so if i hit execute i get a 200 here which means that it is okay rightbut basically i just executed that one api call that’s right and if you don’t get a 200 you might want to stop right then and there because if you didn’t get a 200 here
you’re it’s not you’re not going to get it yeah it’s not going to work yeah so they’re too old or whatever right but we don’t have to go in all thatbut then you can say now and actually go back to the did you execute it yeah i did go back to the live traffic view and at the bottom you’ll see in this little heart maybe you’re hard to tell this window but you can actually look at when fiddler did the api call versus let’s say it was chrome right i think so yeah here so so here you could see when it was chrome
that did the echo right and in Auto cases you would see that it is AutoHotkey right so depending on who made the call you would see exactly you know you would get information about who did the particular code that you were trying but my main point is you can still use fiddler to look exactly what was being sent and seeing and compare it yeah compare okay so my AutoHotkey call how does it differ from the browser call to see if there was something why it’s not working or something like that so one interesting thing that when
i was on the call to take i don’t know if this was in the video or not i don’t think it was because i was when i was testing this withdylan we were seeing it and what was being said i told i told AutoHotkey send exactly this we would look at them here and it wasn’t that and then what happened was was tank was telling me fiddler was actually because it was passing through fiddler fiddler was tweaking it slightly because it was going through fiddler and filler yes i would i would right so yeah the thing is that this is one
part very good that you mentioned that another thing that i’m doing in my code is that if the windows of hitler exists i’m actually setting up that as a proxy there right and that means that all the traffic that the script whatever script you’re using sends is gonna pass through fiddler now there’s two reasons why you might want to do this remember thatthere’s if you want to see the traffic most of the traffic of the traffic is sslor tsl encoded so you cannot look at the traffic because it’s going to be
encoded now fiddler creates a certificate on yAuto computer that you could optionally install and after you have that certificate then fiddler can see the traffic okay so if you want to take a look at ourHotkey traffic that is being sent over an ssl connection you would need to pass it through fiddler to be able to look at it now when you pass it through fiddler there is a slight modification that happens that usually doesn’t interfere with whatever you’re doing but in some situations as you experienced might be the reason why
you’re not seeing the same result that you were expecting yeah and that was actually really well said in the last part of this because it wasn’t breaking it it was yeah yeah it wasn’t what i sent that really confused me of like wait a minute i noticed this but in in in realityfiddler it is there like it is there all the time you just don’t even notice it because there’s so much information being sent that you don’t even notice that it is being addedso in any case like this little tool is
very cool for whenever you’re trying to emulate whatever the browser is doing for a specific purpose like for example i’m not i want to get some information of a public page or whatever but i don’t want to be loading the whole page i just need that one little specific thing and i noticed that the browser does an api call then i would just go ahead and do that like i just copy the api call that i’m interested in paste it in a Hotkey tweak whatever i need because i could just go ahead and comment out some some headers
that i don’t need and that’s it i just hit send and i get the the information that i need and it is extremely fast instead of having to scrape the page itself right and just to click just also to point out if you’re new to this the very line 3 and line 17 because they’re on the same row where the things start and end you can’t just comment that out right like the you would have to all right so these opening brackets if you comment them out you have to make sure to put it in the previous line for
example just to make sure that the bracket is closed that is fixed in Auto hockey two they now in ourHotkey two you can have the brackets like this so you could actually just have it like this and the brackets would be you know on their own lines which should be like thatbut for now you just have to note that if you want to comment out the last line if you comment it out just make sure to close the bracket if you don’t do it AutoHotkey will complain it’s going to say like missing bracket or something like that
the same with the host you just go ahead and remove it from there that’s it and that’s it and just the comment out of headers and stuff is is important because in my experience even though your browser does this and sends you know 20 different headers you don’t need 20 different headers and the more you send to me most often the more likely something’s gonna change and break so i like to comment most of these out and see if it still works if it does i trim it down to as small as possible and it usually keeps working
or people like me who like to look at this code and try to figure out what they are doing right i always find that they send a lot of information that i’m like wow like really they’re getting this out of my computer and you would be surprised people are freaking out about so right in the middle of that Isaias’s lost hisinternet i had paused it here and waited for a while but he hasn’t come back yet so i thought we were pretty much done with this video this is a pretty cool tool being able to use fiddler everywhere to
rip your traffic and replicate it and everything is very cool so check it out watch our other videos on fiddler if you like and comment in here if you havesome you know ideas we might create a separate version that will allow you to shove the data into a that four loop header or versus write it separately i personally like them written out separately the different header commands isaias likes it this way this way is quote unquote better in the sense of it’s all in an object however i think a lot of people using
this if you’re new to it it’s it’s less intuitive if you’re not used to playing with objects and i like making stuff simple that basically everybody can use and so let us know in your comments here which way you prefer cheers hey thank you for watching that video and i don’t know if you’re aware but we actually do offer services so if the stuff you’re learning here is a bit above you or you just don’t have time we talked to me at joe at the v-Automator.com and we can talk about
how we can help you

Comments are closed.