Presentation is loading. Please wait.

Presentation is loading. Please wait.

Gold Silver Bronze. Eric Follow along at

Published byRandell Bradley Modified over 8 years ago

Similar presentations

Presentation on theme: "Gold Silver Bronze. Eric Follow along at"— Presentation transcript:

1 Gold Silver Bronze

2 Eric Lawrence @ericlaw Follow along at http://getfiddler.com

3 Origins

4 Once upon a time…

5 Oh no! What happened?!?

6 There must be a better way…

7 A simple idea takes shape… All problems in computer science can be solved by another level of indirection - David Wheeler

8 Fiddler: Evolution Ten years, ~30k lines of C#, 120+ release builds, a cross-country move to Telerik, and two new supported Platforms later…

9 My current side-project

10 New Website New Documentation  New Platforms  Enhanced User-Interface Roadmap

11 Fiddler Today Demo

12 UI Evolution - Web Sessions list

13 Fiddler on Linux  Linux Mint & Ubuntu

14 Fiddler on Mac OSX  It works, but due to UI glitches, you’re usually better off using Parallels

15 Traffic Monitoring

16 Typical Architecture

17 Debugging Across Devices Fiddler Mac Internet iOS Phones PC Tablets

18 Fiddler as a Reverse Proxy http://fiddler2.com/r/?reverseproxy

19 Firefox Configuration Use the FiddlerHook add-on or configure Tools > Options > Advanced > Network > Connection Settings > Use system proxy settings

20 Win 8 “Store Apps” & IE11

21 .NET Applications YourApp.exe.config

22 Protocols

23 HTTPS Traffic Decryption Proxies cannot normally “see” HTTPS requests GET /fiddler2/ GET /Fiddler2/Fiddler.css GET /Fiddler/images/FiddlerLogo.png

24 HTTPS Traffic Decryption Fiddler dynamically generates interception certificates chained to a self-signed root.

25 HTML5 WebSockets

26 WebSockets enable bi- directional socket communications over a connection established using HTTP or HTTPS

27 FTP Fiddler supports FTP traffic via a built-in FTP gateway. FTP proxy is off-by-default. Fiddler recognizes and tags SPDY connections if HTTPS-decryption is disabled. SPDY/HTTP2.0

28 Protocol Violation prefs set fiddler.lint.HTTP True

29 Traffic Archiving

30 Fiddler has many output options  Copy sessions to the clipboard  Store as a plaintext file  Extract binary response bodies  Archive to a database  Export a Visual Studio.WebTest file  Build a HTML5 AppCache Manifest  Build a WCAT load-test script

31 …or write your own

32 The SAZ file format Session Archive Zip files contain:  Request and response bytes  Timing and other metadata  HTML index file For security, SAZ files may be encrypted

33 FiddlerCap – Lightweight capture tool http://www.fiddlercap.com User-interface localized to: English | Français | Español | Português | 日本語 | русский

34 Traffic Analysis

35 TextWizard Convert text between popular web encodings.

36 Traffic Comparison Use WinDiff or the differ of your choice to compare Sessions’ requests and responses.

37 Traffic Comparison Use the Differ Extension to compare sets of sessions at once.

38 Filtering Traffic  Ignore Images & CONNECTs  Application Type Filter  Process Filter  Troubleshooting with Help menu

39 Regular Expression Support

40 SyntaxView Reformatting

41 ImageView DataURL Support

42 ImageView Tools integration

43 ImageView Metadata & GeoLocation

44 Better Together: X-Download-Initiator https://fiddler2.com/dl/EnableDownloadInitiator.reg cols add @request.X-Download-Initiator

45 HTML5 Media & Font previews

46 In Context

47 Internet Explorer F12 Developer tools

48 F12 Developer Tools vs. Fiddler F12 Network TabFiddler Display cache and network requests Display and modify only network requests Shows downloads from current process Shows traffic from all processes Shows post-decryption HTTPS traffic Decrypts HTTPS traffic via “man-in-the-middle” approach ExcellentJavaScript Formatter Less explicit mixed-content detection Exports F12 NetworkData.xmlImports F12 NetworkData.xml

49 Scenario Traffic Manipulation

50 Automated Rewrites  Simple built-in Rules  The HOSTS command

51 Breakpoint Debugging Use Fiddler Inspectors to modify requests and responses….

52 Simple Filters Flag, modify or remove headers from all requests and responses.

53 Request Composer Create hand-built HTTP requests, or modify and reissue a request previously captured. Supports Automatic authentication File Uploads Redirect chasing Sequential URL Crawling

54 AutoResponder Replay previously- captured or generated traffic.

55 FiddlerScript

56 FiddlerScript – Request Modification static function OnBeforeRequest(oS: Session){ if (oS.uriContains(".aspx")) { oS["ui-color"] = "red"; } if (m_DisableCaching){ oS.oRequest.headers.Remove("If-None-Match"); oS.oRequest.headers.Remove("If-Modified-Since"); oS.oRequest["Pragma"] = "no-cache"; }

57 FiddlerScript – Response Modification static function OnBeforeResponse(oS: Session) { oS.utilDecodeResponse(); oS.utilPrependToResponseBody("Injected Content!"); }

58 Powering up with Extensions

59 Understanding Extensibility Each component in red is your code… Fiddler.exe Fiddler ScriptEngine Inspector2 IFiddlerExtension FiddlerCore ExecAction.exe Your FiddlerScript Xceed*.dllMakecert.exe Script / Batch file

60 Understanding UI Extensibility 1.RulesOptions 2.ToolsActions 3.Custom menus 4.Custom columns 5.ContextActions 6.QuickExec handlers 7.Views 8.Request Inspectors 9.Response Inspectors 10.Import & Export Transcoders

61 Type-specific Inspectors

62 Expert Perf Analysis with neXpert

63 intruder21 Web Fuzzer  By yamagata21

64 Watcher & x5s Security Auditors http://websecuritytool.codeplex.com/ http://xss.codeplex.com/

65 WCF Binary Inspector

66 Test Integration

67 ExecAction.exe  Calls into OnExecAction in script or extensions  Alternatively, invoke directly by sending a Windows Message: oCDS.dwData = 61181; // Magic Cookie oCDS.cbData = lstrlen(wzData * sizeof(WCHAR)); oCDS.lpData = wzData; SendMessage( FindWindow(NULL, "Fiddler - HTTP Debugging Proxy"), WM_COPYDATA, NULL, (LPARAM) &oCDS );

68 Fiddler.exe Fiddler ScriptEngine Inspector2 IFiddlerExtension FiddlerCore ExecAction.exe YourApp.exe FiddlerCore Fiddler application with extensions Your application hosting FiddlerCore Your FiddlerScript Xceed*.dllMakecert.exe CertMaker.dll DotNetZip

69 Programming with FiddlerCore // Call Startup to tell FiddlerCore to begin // listening on the specified port, register as // the system proxy and decrypt HTTPS traffic. Fiddler.FiddlerApplication.Startup(8877, true, true); Fiddler.FiddlerApplication.BeforeResponse += delegate(Fiddler.Session oS) { Console.WriteLine("{0}:HTTP {1} for {2}", oS.id, oS.responseCode, oS.fullUrl); }; // Call Shutdown to tell FiddlerCore to stop // listening and unregister as the system proxy Fiddler.FiddlerApplication.Shutdown();

70 Fiddler Futures  Enhanced WebSockets Support .NET 4.5.1  SPDY/HTTP2  You tell me!

71 @ericlaw #fiddler2 //fiddler2.com //fiddlerbook.com Thank you! Now Available

Download ppt "Gold Silver Bronze. Eric Follow along at"

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.

WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.
Advanced Web Debugging

Advanced Web Debugging
Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.

Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.
Debugging with Fiddler

Debugging with Fiddler
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Lesson 4: Web Browsing.

Lesson 4: Web Browsing.
CIS101 Introduction to Computing Week 05. Agenda Your questions Exam next week - Excel Introduction to the Internet & HTML Online HTML Resources Using.

CIS101 Introduction to Computing Week 05. Agenda Your questions Exam next week - Excel Introduction to the Internet & HTML Online HTML Resources Using.
1 Computing for Todays Lecture 22 Yumei Huo Fall 2006.

1 Computing for Todays Lecture 22 Yumei Huo Fall 2006.
Introduction to HTML 2006 CIS101. What is the Internet? Global network of computers that are connected and communicate via a series of Protocols Protocols.

Introduction to HTML 2006 CIS101. What is the Internet? Global network of computers that are connected and communicate via a series of Protocols Protocols.
Introduction to HTML 2006 INT197B. What is the Internet? Global network of computers that are connected and communicate via a series of Protocols Protocols.

Introduction to HTML 2006 INT197B. What is the Internet? Global network of computers that are connected and communicate via a series of Protocols Protocols.
Introduction to HTML 2004 CIS101. What is the Internet? Global network of computers that are connected and communicate via a series of Protocols Protocols.

Introduction to HTML 2004 CIS101. What is the Internet? Global network of computers that are connected and communicate via a series of Protocols Protocols.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
CIS101 Introduction to Computing Week 06. Agenda Your questions Excel Exam during second hour Our status after the snow day Introduction to the Internet.

CIS101 Introduction to Computing Week 06. Agenda Your questions Excel Exam during second hour Our status after the snow day Introduction to the Internet.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
Introducing Fiddler Web Debugging for Performance and Operations www.fiddler2.com/perf/

Introducing Fiddler Web Debugging for Performance and Operations
Advanced Web Debugging with Fiddler Eric Lawrence Program Manager Internet Explorer Note: Session includes demos and code samples.

Advanced Web Debugging with Fiddler Eric Lawrence Program Manager Internet Explorer Note: Session includes demos and code samples.
Advanced Web Debugging with Fiddler Eric Lawrence Program Manager Internet Explorer Note: Session includes demos and code samples.

Advanced Web Debugging with Fiddler Eric Lawrence Program Manager Internet Explorer Note: Session includes demos and code samples.
Fiddler. Introducing Fiddler HTTP/HTTPS Debugger Runs as a proxy server on the local machine or on a remote server Written in C# (.NET Framework v2.0)

Fiddler. Introducing Fiddler HTTP/HTTPS Debugger Runs as a proxy server on the local machine or on a remote server Written in C# (.NET Framework v2.0)

Similar presentations

Ads by Google