Presentation is loading. Please wait.

Presentation is loading. Please wait.

Debugging with Fiddler Eric Lawrence ) Follow along at

Published byBlaze Glenn Modified over 8 years ago

Similar presentations

Presentation on theme: "Debugging with Fiddler Eric Lawrence ) Follow along at"— Presentation transcript:

1 Debugging with Fiddler Eric Lawrence ( @ericlaw ) Follow along at http://getfiddler.com

2 How did I end up here?

3

4 Once upon a time…

5 Oh no! What happened?!?

6 There must be a better way…

7 A simple idea takes shape… All problems in computer science can be solved by another level of indirection. - David Wheeler

8 Fiddler: Evolution Ten years, ~30k lines of C#, 120+ release builds, one full-length paperback, a cross-country move to Telerik, and two new supported platforms later…

9 My current side-project

10 New Website New Documentation  New Platforms  Enhanced User-Interface Roadmap

11 Fiddler Today: Demo A quick tour of Fiddler

12 UI Evolution - Web Sessions list

13 Fiddler on Linux (Mint/Ubuntu)

14 It works, but due to UI glitches, you’re usually better off using Parallels / Fusion Fiddler on Mac OSX

15 Traffic Monitoring

16 Typical Architecture

17 Debug Across Devices Fiddler Mac Internet iOS Phones PC Tablets

18 Fiddler as a Reverse Proxy http://fiddler2.com/r/?reverseproxy

19 Win8/8.1 “Immersive” Apps & IE11

20 .NET Applications YourApp.exe.config or machine.config

21 Protocols

22 Proxies cannot normally “see” HTTPS requests HTTPS Traffic Decryption GET /fiddler2/ GET /Fiddler2/Fiddler.css GET /Fiddler/images/FiddlerLogo.png

23 Fiddler dynamically generates interception certificates chained to a self-signed root. HTTPS Traffic Decryption

24 HTML5 WebSockets WebSockets enable bi-directional socket communications over a connection established using HTTP or HTTPS

25 HTML5 WebSockets

26

27 FTP Fiddler supports FTP traffic via a built-in FTP gateway. FTP proxy is off-by-default. Fiddler recognizes and tags SPDY connections if HTTPS-decryption is disabled. SPDY/HTTP2.0

28 Protocol Violations prefs set fiddler.lint.HTTP True

29 Traffic Archiving

30 Copy sessions to the clipboard Store as a plaintext file Extract binary response bodies Archive to a database Export a Visual Studio.WebTest file Build a HTML5 AppCache Manifest Build a WCAT load-test script Fiddler has many output options

31 …or write your own

32 Session Archive Zip files contain: Request and response bytes Timing and other metadata HTML index file For security, SAZ files may be encrypted using AES The SAZ file format

33 http://www.fiddlercap.com FiddlerCap – Simple capture tool User-interface localized to: English | Français | Español | Português | 日本語 | русский

34 Traffic Analysis

35 TextWizard Convert text between popular web encodings.

36 Traffic Comparison Use WinDiff or the differ of your choice to compare Sessions’ requests and responses.

37 Traffic Comparison Use the Differ Extension to compare groups of Sessions at once.

38 Filtering Traffic Ignore Images & CONNECTs Application Type Filter Process Filter Troubleshooting with Help menu

39 Regular Expression Support

40 SyntaxView Reformatting

41 ImageView DataURL Support

42 ImageView Tools integration

43 ImageView Metadata & GeoLocation

44 X-Download-Initiator https://fiddler2.com/dl/EnableDownloadInitiator.reg cols add @request.X-Download-Initiator

45 HTML5 Media & Font previews

46 In Context

47 Internet Explorer F12 Developer tools

48 F12 Developer Tools vs. Fiddler F12 Network TabFiddler Display cache and network requests Display and modify only network requests Shows downloads from current process Shows traffic from all processes Shows post-decryption HTTPS traffic Decrypts HTTPS traffic via “man-in-the-middle” approach Less explicit mixed-content detection Exports F12 NetworkData.xmlImports F12 NetworkData.xml

49 Traffic Manipulation

50 Automated Rewrites Simple built-in Rules The HOSTS command

51 Breakpoint Debugging Use Fiddler Inspectors to modify requests and responses….

52 Simple Filters Flag, modify or remove headers from all requests and responses.

53 Request Composer Create hand-built HTTP requests, or modify and reissue a request previously captured. Supports Automatic authentication File Uploads Redirect chasing Sequential URL Crawling

54 AutoResponder Replay previously- captured or generated traffic.

55 FiddlerScript

56 FiddlerScript – Request Modification static function OnBeforeRequest(oS: Session) { if (oS.uriContains(".aspx")) { oS["ui-color"] = "red"; } if (m_DisableCaching) { oS.oRequest.headers.Remove("If-None-Match"); oS.oRequest.headers.Remove("If-Modified-Since"); oS.oRequest["Pragma"] = "no-cache"; }

57 FiddlerScript – Response Modification static function OnBeforeResponse(oS: Session) { oS.utilDecodeResponse(); oS.utilPrependToResponseBody( "Injected Content!"); }

58 Power up with Extensions

59 Understanding Extensibility Each component in red is your code… Fiddler.exe Fiddler ScriptEngine Inspector2 IFiddlerExtension FiddlerCore ExecAction.exe Your FiddlerScript Xceed*.dll Makecert.exe Script / Batch file

60 Understanding UI Extensibility 1.RulesOptions 2.ToolsActions 3.Custom menus 4.Custom columns 5.ContextActions 6.QuickExec handlers 7.Views 8.Request Inspectors 9.Response Inspectors 10.Import & Export Transcoders

61 Type-specific Inspectors

62 Expert Perf Analysis with neXpert

63 intruder21 Web Fuzzer By yamagata21

64 Watcher & x5s Security Auditors http://websecuritytool.codeplex.com/ http://xss.codeplex.com/

65 WCF Binary Inspector

66 Integration

67 ExecAction.exe Calls into OnExecAction in script or extensions Alternatively, invoke directly by sending a Windows Message: oCDS.dwData = 61181; // Magic Cookie oCDS.cbData = lstrlen(wzData * sizeof(WCHAR)); oCDS.lpData = wzData; SendMessage( FindWindow(NULL, "Fiddler - HTTP Debugging Proxy"), WM_COPYDATA, NULL, (LPARAM) &oCDS );

68 Fiddler.exe Fiddler ScriptEngine Inspector2 IFiddlerExtension FiddlerCore ExecAction.exe YourApp.exe FiddlerCore Fiddler application with extensions Your application hosting FiddlerCore Your FiddlerScript Xceed*.dll Makecert.exe CertMaker.dll DotNetZip

69 Programming with FiddlerCore // Call Startup to tell FiddlerCore to begin // listening on the specified port, register as // the system proxy and decrypt HTTPS traffic. Fiddler.FiddlerApplication.Startup(8877, true, true); Fiddler.FiddlerApplication.BeforeResponse += delegate(Fiddler.Session oS) { Console.WriteLine("{0}:HTTP/{1} for {2}", oS.id, oS.responseCode, oS.fullUrl); }; // Later, call Shutdown to tell FiddlerCore to stop // listening and unregister as the system proxy Fiddler.FiddlerApplication.Shutdown();

70 Fiddler Futures WebSockets UI SPDY/HTTP2 UI Enhancements You tell me!

71 Thank you! @ericlaw http://fiddler2.com/blog //fiddlerbook.com Now Available

Download ppt "Debugging with Fiddler Eric Lawrence ) Follow along at"

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Overview Environment for Internet database connectivity

Overview Environment for Internet database connectivity
WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.

WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.
 2008 Pearson Education, Inc. All rights reserved. 1 2 2 Web Browser Basics: Internet Explorer and Firefox.

 2008 Pearson Education, Inc. All rights reserved Web Browser Basics: Internet Explorer and Firefox.
Advanced Web Debugging

Advanced Web Debugging
Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.

Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.
Debugging with Fiddler

Debugging with Fiddler
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
CIS101 Introduction to Computing Week 05. Agenda Your questions Exam next week - Excel Introduction to the Internet & HTML Online HTML Resources Using.

CIS101 Introduction to Computing Week 05. Agenda Your questions Exam next week - Excel Introduction to the Internet & HTML Online HTML Resources Using.
CIS101 Introduction to Computing Week 05. Agenda Your questions CIS101 Survey Introduction to the Internet & HTML Online HTML Resources Using the HTML.

CIS101 Introduction to Computing Week 05. Agenda Your questions CIS101 Survey Introduction to the Internet & HTML Online HTML Resources Using the HTML.
CIS101 Introduction to Computing

CIS101 Introduction to Computing
1 Computing for Todays Lecture 22 Yumei Huo Fall 2006.

1 Computing for Todays Lecture 22 Yumei Huo Fall 2006.
Introduction to HTML 2006 CIS101. What is the Internet? Global network of computers that are connected and communicate via a series of Protocols Protocols.

Introduction to HTML 2006 CIS101. What is the Internet? Global network of computers that are connected and communicate via a series of Protocols Protocols.
Introduction to HTML 2006 INT197B. What is the Internet? Global network of computers that are connected and communicate via a series of Protocols Protocols.

Introduction to HTML 2006 INT197B. What is the Internet? Global network of computers that are connected and communicate via a series of Protocols Protocols.
Introduction to HTML 2004 CIS101. What is the Internet? Global network of computers that are connected and communicate via a series of Protocols Protocols.

Introduction to HTML 2004 CIS101. What is the Internet? Global network of computers that are connected and communicate via a series of Protocols Protocols.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
CIS101 Introduction to Computing Week 06. Agenda Your questions Excel Exam during second hour Our status after the snow day Introduction to the Internet.

CIS101 Introduction to Computing Week 06. Agenda Your questions Excel Exam during second hour Our status after the snow day Introduction to the Internet.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
Introducing Fiddler Web Debugging for Performance and Operations www.fiddler2.com/perf/

Introducing Fiddler Web Debugging for Performance and Operations

Similar presentations

Ads by Google