使用 Fiddler 调试源自 npm install 的 HTTP 流量

问题描述 投票:0回答:1

首先,请允许我证明 

npm install
在没有 Fiddler 的情况下也能正常工作:

C:\Temp\1> npm config list
; "user" config from C:\Users\p11f70f\.npmrc

//pkgs.dev.azure.com/xyz/_packaging/platform_catalog/npm/:_password = (protected)
//pkgs.dev.azure.com/xyz/_packaging/platform_catalog/npm/:email = "npm requires email to be set but doesn't use the value"
//pkgs.dev.azure.com/xyz/_packaging/platform_catalog/npm/:username = "whatever"
//pkgs.dev.azure.com/xyz/_packaging/platform_catalog/npm/registry/:_password = (protected)
//pkgs.dev.azure.com/xyz/_packaging/platform_catalog/npm/registry/:email = "npm requires email to be set but doesn't use the value"
//pkgs.dev.azure.com/xyz/_packaging/platform_catalog/npm/registry/:username = "whatever"
registry = "https://registry.npmjs.org/"

; node bin location = C:\Program Files\nodejs\node.exe
; node version = v20.11.1
; npm local prefix = C:\Temp\1
; npm version = 10.2.4
; cwd = C:\Temp\1
; HOME = C:\Users\p11f70f
; Run `npm config ls -l` to show all defaults.
C:\Temp\1> npm cache clean --force
npm WARN using --force Recommended protections disabled.
C:\Temp\1> dir
C:\Temp\1> npm i --no-package-lock --no-save [email protected] && dir

added 1 package in 3s

    Directory: C:\Temp\1

Mode                 LastWriteTime         Length Name
----                 -------------         ------ ----
d----          12/11/2024  2:41 PM                node_modules

C:\Temp\1>

所以它无需任何代理即可工作。 现在我要启动Fiddler,配置HTTPS解密并重试:

C:\Temp\1> npm config set proxy http://127.0.0.1:8888/
C:\Temp\1> npm config set https-proxy http://127.0.0.1:8888/
C:\Temp\1> npm config set strict-ssl false
C:\Temp\1> npm config list
; "user" config from C:\Users\p11f70f\.npmrc

//pkgs.dev.azure.com/xyz/_packaging/platform_catalog/npm/:_password = (protected)
//pkgs.dev.azure.com/xyz/_packaging/platform_catalog/npm/:email = "npm requires email to be set but doesn't use the value"
//pkgs.dev.azure.com/xyz/_packaging/platform_catalog/npm/:username = "whatever"
//pkgs.dev.azure.com/xyz/_packaging/platform_catalog/npm/registry/:_password = (protected)
//pkgs.dev.azure.com/xyz/_packaging/platform_catalog/npm/registry/:email = "npm requires email to be set but doesn't use the value"
//pkgs.dev.azure.com/xyz/_packaging/platform_catalog/npm/registry/:username = "whatever"
https-proxy = "http://127.0.0.1:8888/"
proxy = "http://127.0.0.1:8888/"
registry = "https://registry.npmjs.org/"
strict-ssl = false

; node bin location = C:\Program Files\nodejs\node.exe
; node version = v20.11.1
; npm local prefix = C:\Temp\1
; npm version = 10.2.4
; cwd = C:\Temp\1
; HOME = C:\Users\p11f70f
; Run `npm config ls -l` to show all defaults.
C:\Temp\1> npm cache clean --force
npm WARN using --force Recommended protections disabled.
C:\Temp\1> del -r -Force *
C:\Temp\1> npm i --no-package-lock --no-save [email protected] && dir
npm ERR! code E400
npm ERR! 400 Bad Request - GET https://registry.npmjs.org/simple-test-package

npm ERR! A complete log of this run can be found in: C:\Users\p11f70f\AppData\Local\npm-cache\_logs\2024-12-11T19_43_58_782Z-debug-0.log
C:\Temp\1>

这是 Fiddler 捕获的内容:

请求

GET http://registry.npmjs.org:443/simple-test-package HTTP/1.1
user-agent: npm/10.2.4 node/v20.11.1 win32 x64 workspaces/false
pacote-version: 17.0.4
pacote-req-type: packument
pacote-pkg-id: registry:simple-test-package
accept: application/vnd.npm.install-v1+json; q=1.0, application/json; q=0.8, */*
npm-auth-type: web
npm-command: install
Accept-Encoding: gzip,deflate
Host: registry.npmjs.org:443
Connection: Keep-Alive
connection: keep-alive

回复

HTTP/1.1 400 Bad Request
Server: cloudflare
Date: Wed, 11 Dec 2024 19:44:01 GMT
Content-Type: text/html
Content-Length: 253
Connection: close
CF-RAY: -

<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>cloudflare</center>
</body>
</html>

注意 url 是 BS - http://registry.npmjs.org:443/simple-test-package。这与 npm 在错误消息中声称的相反 - https://registry.npmjs.org/simple-test-package

现在 URL 的差异才是最重要的:

C:\Temp\1> curl.exe -LsSfO https://registry.npmjs.org/simple-test-package
C:\Temp\1> dir .\simple-test-package

    Directory: C:\Temp\1

Mode                 LastWriteTime         Length Name
----                 -------------         ------ ----
-a---          12/11/2024  2:51 PM           7374 simple-test-package

C:\Temp\1> del -r -Force .\simple-test-package
C:\Temp\1> curl.exe -LsSfO http://registry.npmjs.org:443/simple-test-package
curl: (22) The requested URL returned error: 400
C:\Temp\1>

所以我的问题是 - 发生了什么事?为什么我无法使用 Fiddler 拦截 npm install 生成的 HTTPS 流量?我怀疑问题是 npm install 破坏了 URL,但为什么呢?我该如何解决它?

npm https fiddler
1个回答
0
投票

我设法解决了它。

npm 的问题是它会查看代理协议模式并假设它用于请求 url。因此,即使注册表 url 为 https://registry.npmjs.org/,由于 https 代理 url 为 http://127.0.0.1:8888,npm 使用的结果 url 将为 http: //registry.npmjs.org:443/,这是错误的。

这看起来像是 npm 10.2.4 使用的 http 库中的一个错误。

我通过将以下代码添加到 Fiddler 脚本中的 

OnBeginRequest
来修复它(我使用 C# 作为脚本语言):

if (!oSession.HTTPMethodIs("CONNECT") && !oSession.isHTTPS && oSession.port == 443) {
    oSession["ui-backcolor"] = "lime";
    oSession["ui-bold"] = "changing URL for this session";
    oSession.fullUrl = "https://" + oSession.url;
}
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.