Presentation is loading. Please wait.

Presentation is loading. Please wait.

Debugging with Fiddler

Similar presentations


Presentation on theme: "Debugging with Fiddler"— Presentation transcript:

1 Debugging with Fiddler
Eric Lawrence @ericlaw

2 Let’s talk about you…

3 How did I end up here? Did I imagine that I’d grow up to have a network protocol as my license plate?

4 In a word, no. But after a decade of obsession with astronautics, I realized I was only really interested in technology, and specifically software.

5 Once upon a time…

6 Oh no! What happened?

7 There must be a better way…

8 A simple idea takes shape…
All problems in computer science can be solved by another level of indirection. - David Wheeler

9 Only two problems Don’t know HTTP Don’t know C#

10 Fiddler: Evolution Eleven years, ~35k lines of C#,
160+ release builds, one full-length paperback, a cross-country move to Telerik, and two new supported platforms later…

11 New Website New Documentation New Platforms Enhanced User-Interface

12 My current side-project

13 A quick tour around Fiddler…

14 UI Evolution – The Web Sessions List

15 Fiddler on Linux (Mint/Ubuntu)
Limitations: No script engine. No WebView. No automatic proxy chaining. UI very glitchy on Mac.

16 Fiddler on Mac OSX It works, but due to UI glitches, you’re usually better off using VirtualBox / Parallels / Fusion Limitations: No script engine. No WebView. No automatic proxy chaining. UI very glitchy on Mac.

17 Traffic Monitoring

18 Typical Architecture

19 Fiddler Windows/Linux
Debug Across Devices PC Mac iOS Fiddler Windows/Linux Internet Tablets Phones

20 Fiddler as a Reverse Proxy

21 Win8/8.1 “Immersive” Apps & IE11
AppContainer blocks “loopback” network connections. For debugging purposes, you can disable that blocking. Ctrl+Click to exempt all AppContainers

22 .NET Applications YourApp.exe.config or machine.config <configuration>   <system.net>     <defaultProxy>       <proxy bypassonlocal="false" usesystemdefault=“false" proxyaddress= "http:// :8888" />     </defaultProxy>   </system.net> </configuration>

23 node.js Different libraries offer different approaches…
var http = require('http'); var options = { host: ' ', port: 8888, path: 'https://bayden.com/echo.aspx', headers: { Host: "bayden.com“ }, method: 'POST' }; var req = http.request(options, function(res) { console.log('STATUS: ' + res.statusCode + ‘ HEADERS: ' + JSON.stringify(res.headers)); res.setEncoding('utf8'); res.on('data', function (chunk) { console.log('BODY: ' + chunk); }); }); req.write(‘Post Data\n'); req.end();

24 Protocols

25 HTTPS Traffic Decryption
For security reasons, proxies cannot normally “see” HTTPS requests. To enable traffic decryption, Fiddler performs a “man-in-the-middle” attack. Decrypting CONNECT tunnel to GET /fiddler2/ GET /Fiddler2/Fiddler.css Export to Desktop for Firefox Added "fiddler.network.https.NoDecryptionHosts" list and UI. Cleanup certificate store GET /Fiddler/images/FiddlerLogo.png

26 HTML5 WebSockets WebSockets enable bi-directional socket communications over a connection established using HTTP or HTTPS.

27 FTP Fiddler supports FTP traffic via a built-in FTP gateway. FTP proxy is off-by-default. SPDY / HTTP2 Fiddler recognizes and tags SPDY connections if HTTPS-decryption is disabled.

28 SPDY / HTTP2 Fiddler cannot support SPDY until .NET’s SslStream supports ALPN. Please vote for my bug on CONNECT: https://connect.microsoft.com/VisualStudio/feedback/ViewFeedback.aspx?FeedbackID=812003 Also, please vote for this other SslStream bug: https://connect.microsoft.com/VisualStudio/feedback/details/811998/system-net-security-sslstream-calls-localcertificateselection-callback-unconditionally-even-if-server-never-sends-certificaterequest-tls-message

29 Protocol Violations prefs set fiddler.lint.HTTP True

30 Store & Load Traffic

31 Output Formats Fiddler Session Archive Copy to the clipboard
Visual Studio .WebTest Store as a plaintext file HTML5 AppCache Manifest Extract binary response bodies WCAT Load Test Archive to a database cURL Script HTTP Archive Format (HAR) Meddler Script

32 Or write your own… Fiddler’s Import/Export architecture

33 The SAZ file format Session Archive Zip files contain:
Request and response bytes Timing and other metadata WebSocket messages HTML index file For security, SAZ files may be encrypted using AES

34 FiddlerCap – Simple captures
FiddlerCap allows non-technical users to easily capture SAZ archives which can be ed to developers or experts for analysis. FiddlerCap is available from User-interface localized to: English | Français | Español | Português | 日本語 | русский

35 Import Formats HTTP Archive Format (HAR)
Internet Explorer F12 Developer Tools (NETXML) Telerik Test Studio LoadTest Packet Capture (WireShark, tcpdump, NetMon) …or write your own

36 PCAP Import

37 Traffic Analysis

38 Convert text between popular web encodings.
TextWizard Convert text between popular web encodings.

39 Traffic Comparison Use WinDiff or the differ of your choice to compare Sessions’ requests and responses.

40 Use the Differ Extension to compare groups of Sessions at once.
Traffic Comparison Use the Differ Extension to compare groups of Sessions at once.

41 Filtering Traffic Selecting Traffic Using QuickExec Using Find
Ignore Images & CONNECTs Application Type Filter Process Filter Troubleshooting with Help menu Selecting Traffic Using QuickExec Using Find

42 Regular Expression Support

43 SyntaxView Reformatting

44 ImageView DataURL Support

45 ImageView Tools Integration

46 Metadata & GeoLocation

47 HTML5 Media & Font previews

48 X-Download-Initiator
https://fiddler2.com/dl/EnableDownloadInitiator.reg cols Run this: https://www.fiddler2.com/dl/EnableDownloadInitiator.reg FiddlerObject.UI.lvSessions.AddBoundColumn ("Reason", 50, Initiator"); cols cols

49 Traffic Manipulation

50 Automated Rewrites Simple built-in Rules The HOSTS command

51 Use Fiddler Inspectors to modify requests and responses….
Breakpoint Debugging Use Fiddler Inspectors to modify requests and responses….

52 Flag, modify or remove headers from all requests and responses.
Simple Filters Flag, modify or remove headers from all requests and responses.

53 Request Composer Create hand-built requests, or modify and reissue a request previously captured. Supports: Automatic authentication File Uploads Redirect chasing Sequential URL Crawling CURL commands

54 Replay previously-captured or generated traffic.
AutoResponder Replay previously-captured or generated traffic. Drag / drop entire folder structure FARX Bulk updates *drop Latency *delay:###ms // AutoResponder now supports *redir: and HTTP/HTTPS URL overrides // AutoResponder now supports *exit // AutoResponder now supports NOT: rules

55 FiddlerScript

56 FiddlerScript – Request Modification
static function OnBeforeRequest(oS: Session) { if (oS.uriContains(".aspx")) { oS["ui-color"] = "red"; } if (m_DisableCaching) { oS.oRequest.headers.Remove("If-None-Match"); oS.oRequest.headers.Remove("If-Modified-Since"); oS.oRequest["Pragma"] = "no-cache"; }

57 FiddlerScript – Response Modification
static function OnBeforeResponse(oS: Session) { oS.utilDecodeResponse(); oS.utilPrependToResponseBody( "Injected Content!"); }

58 Powerups

59 Understanding Extensibility
Each component in red is your code… Fiddler.exe Inspector2 Script / Batch file ExecAction.exe Inspector2 IFiddlerExtension IFiddlerExtension Fiddler ScriptEngine Your FiddlerScript FiddlerCore Xceed*.dll Makecert.exe

60 Understanding UI Extensibility
RulesOptions ToolsActions Custom menus Custom columns ContextActions QuickExec handlers Views Request Inspectors Response Inspectors Import & Export Transcoders

61 Type-specific Inspectors

62 Expert Perf Analysis with neXpert
Creates response time predictions and suggests optimizations for your site.

63 intruder21 Web Fuzzer By yamagata21 MIX 11 4/14/2017
By yamagata21

64 Watcher & x5s Security Auditors
MIX 11 4/14/2017 Watcher & x5s Security Auditors

65 WCF Binary Inspector MIX 11 4/14/2017

66 Integration

67 ExecAction.exe Calls into OnExecAction in script or extensions
Alternatively, invoke directly by sending a Windows Message: oCDS.dwData = 61181; // Magic Cookie oCDS.cbData = lstrlen(wzData * sizeof(WCHAR)); oCDS.lpData = wzData; SendMessage( FindWindow(NULL, "Fiddler - HTTP Debugging Proxy"), WM_COPYDATA, NULL, (LPARAM) &oCDS );

68 Fiddler application with extensions
Your application hosting FiddlerCore Fiddler.exe YourApp.exe Inspector2 ExecAction.exe Inspector2 IFiddlerExtension IFiddlerExtension Fiddler ScriptEngine Your FiddlerScript FiddlerCore FiddlerCore Xceed*.dll Makecert.exe DotNetZip CertMaker.dll

69 Programming with FiddlerCore
// Call Startup to tell FiddlerCore to begin // listening on the specified port, register as // the system proxy and decrypt HTTPS traffic. Fiddler.FiddlerApplication.Startup(8877, true, true); Fiddler.FiddlerApplication.BeforeResponse += delegate(Fiddler.Session oS) { Console.WriteLine("{0}:HTTP/{1} for {2}", oS.id, oS.responseCode, oS.fullUrl); }; // Later, call Shutdown to tell FiddlerCore to stop // listening and unregister as the system proxy Fiddler.FiddlerApplication.Shutdown(); Now available for .NET CLR 4.0, supporting HTTPS, with an arbitrary numbers of listening endpoints. Export captured traffic to the SAZ format or the database of your choice.

70 Fiddler Futures WebSockets UI SPDY/HTTP2 UI Enhancements You tell me!

71 Thank you!!! Eric Lawrence @ericlaw //fiddlerbook.com
~300 pages. Paper or DRM-free PDF. //fiddlerbook.com


Download ppt "Debugging with Fiddler"

Similar presentations


Ads by Google