1. Debugging with Fiddler
Eric Lawrence
@ericlaw

2. Let’s talk about you…

3. How did I end up here?
Did I imagine that I’d grow up to have a network protocol as my license plate?

4. In a word, no. But after a decade of obsession with astronautics, I realized I was only really interested in technology, and specifically software.

5. Once upon a time…

6. Oh no! What happened?

7. There must be a better way…

8. A simple idea takes shape…
All problems in computer science can be solved by another level of indirection.
- David Wheeler

9. Only two problems
Don’t know HTTP
Don’t know C#

10. Fiddler: Evolution Eleven years, ~35k lines of C#,
160+ release builds,
one full-length paperback,
a cross-country move to Telerik,
and two new supported platforms later…

11. New Website
New Documentation
New Platforms
Enhanced User-Interface

12. My current side-project

13. A quick tour around Fiddler…

14. UI Evolution – The Web Sessions List

15. Fiddler on Linux (Mint/Ubuntu)
Limitations: No script engine. No WebView. No automatic proxy chaining. UI very glitchy on Mac.

16. Fiddler on Mac OSX
It works, but due to UI glitches, you’re usually better off using VirtualBox / Parallels / Fusion
Limitations: No script engine. No WebView. No automatic proxy chaining. UI very glitchy on Mac.

17. Traffic Monitoring

18. Typical Architecture

19. Fiddler Windows/Linux
Debug Across Devices PC
Mac
iOS
Fiddler Windows/Linux
Internet
Tablets
Phones

20. Fiddler as a Reverse Proxy

21. Win8/8.1 “Immersive” Apps & IE11
AppContainer blocks “loopback” network connections. For debugging purposes, you can disable that blocking.
Ctrl+Click to exempt all AppContainers

22. .NET Applications
YourApp.exe.config or machine.config
<configuration>   <system.net>     <defaultProxy>       <proxy bypassonlocal="false" usesystemdefault=“false" proxyaddress= " />     </defaultProxy>   </system.net> </configuration>

23. node.js Different libraries offer different approaches…
var http = require('http'); var options = { host: ' ', port: 8888, path: ' headers: { Host: "bayden.com“ }, method: 'POST' }; var req = http.request(options, function(res) { console.log('STATUS: ' + res.statusCode + ‘ HEADERS: ' + JSON.stringify(res.headers)); res.setEncoding('utf8'); res.on('data', function (chunk) { console.log('BODY: ' + chunk); }); }); req.write(‘Post Data\n'); req.end();

24. Protocols

25. HTTPS Traffic Decryption
For security reasons, proxies cannot normally “see” HTTPS requests. To enable traffic decryption, Fiddler performs a “man-in-the-middle” attack.
Decrypting CONNECT tunnel to
GET /fiddler2/
GET /Fiddler2/Fiddler.css
Export to Desktop for Firefox
Added "fiddler.network.https.NoDecryptionHosts" list and UI.
Cleanup certificate store
GET /Fiddler/images/FiddlerLogo.png

26. HTML5 WebSockets
WebSockets enable bi-directional socket communications over a connection established using HTTP or HTTPS.

27. FTP
Fiddler supports FTP traffic via a built-in FTP gateway. FTP proxy is off-by-default.
SPDY / HTTP2
Fiddler recognizes and tags SPDY connections if HTTPS-decryption is disabled.

28. SPDY / HTTP2
Fiddler cannot support SPDY until .NET’s SslStream supports ALPN. Please vote for my bug on CONNECT:
Also, please vote for this other SslStream bug:

29. Protocol Violations
prefs set fiddler.lint.HTTP True

30. Store & Load Traffic

31. Output Formats Fiddler Session Archive Copy to the clipboard
Visual Studio .WebTest
Store as a plaintext file
HTML5 AppCache Manifest
Extract binary response bodies
WCAT Load Test
Archive to a database
cURL Script
HTTP Archive Format (HAR)
Meddler Script

32. Or write your own… Fiddler’s Import/Export architecture

33. The SAZ file format Session Archive Zip files contain:
Request and response bytes
Timing and other metadata
WebSocket messages
HTML index file
For security, SAZ files may be encrypted using AES

34. FiddlerCap – Simple captures
FiddlerCap allows non-technical users to easily capture SAZ archives which can be ed to developers or experts for analysis.
FiddlerCap is available from
User-interface localized to:
English | Français | Español | Português | 日本語 | русский

35. Import Formats HTTP Archive Format (HAR)
Internet Explorer F12 Developer Tools (NETXML)
Telerik Test Studio LoadTest
Packet Capture (WireShark, tcpdump, NetMon)
…or write your own

36. PCAP Import

37. Traffic Analysis

38. Convert text between popular web encodings.
TextWizard
Convert text between popular web encodings.

39. Traffic Comparison
Use WinDiff or the differ of your choice to compare Sessions’ requests and responses.

40. Use the Differ Extension to compare groups of Sessions at once.
Traffic Comparison
Use the Differ Extension to compare groups of Sessions at once.

41. Filtering Traffic Selecting Traffic Using QuickExec Using Find
Ignore Images & CONNECTs
Application Type Filter
Process Filter
Troubleshooting with Help menu
Selecting Traffic
Using QuickExec
Using Find

42. Regular Expression Support

43. SyntaxView Reformatting

44. ImageView DataURL Support

45. ImageView Tools Integration

46. Metadata & GeoLocation

47. HTML5 Media & Font previews

48. X-Download-Initiator
cols
Run this:
FiddlerObject.UI.lvSessions.AddBoundColumn ("Reason", 50, Initiator");
cols
cols

49. Traffic Manipulation

50. Automated Rewrites
Simple built-in Rules
The HOSTS command

51. Use Fiddler Inspectors to modify requests and responses….
Breakpoint Debugging
Use Fiddler Inspectors to modify requests and responses….

52. Flag, modify or remove headers from all requests and responses.
Simple Filters
Flag, modify or remove headers from all requests and responses.

53. Request Composer
Create hand-built requests, or modify and reissue a request previously captured.
Supports:
Automatic authentication
File Uploads
Redirect chasing
Sequential URL Crawling
CURL commands

54. Replay previously-captured or generated traffic.
AutoResponder
Replay previously-captured or generated traffic.
Drag / drop entire folder structure
FARX
Bulk updates
*drop
Latency
*delay:###ms
// AutoResponder now supports *redir: and HTTP/HTTPS URL overrides
// AutoResponder now supports *exit
// AutoResponder now supports NOT: rules

55. FiddlerScript

56. FiddlerScript – Request Modification
static function OnBeforeRequest(oS: Session) { if (oS.uriContains(".aspx")) { oS["ui-color"] = "red"; }
if (m_DisableCaching) { oS.oRequest.headers.Remove("If-None-Match"); oS.oRequest.headers.Remove("If-Modified-Since");
oS.oRequest["Pragma"] = "no-cache"; }

57. FiddlerScript – Response Modification
static function OnBeforeResponse(oS: Session) {
oS.utilDecodeResponse(); oS.utilPrependToResponseBody( "Injected Content!"); }

58. Powerups

59. Understanding Extensibility
Each component in red is your code…
Fiddler.exe
Inspector2
Script / Batch file
ExecAction.exe
Inspector2
IFiddlerExtension
IFiddlerExtension
Fiddler ScriptEngine
Your FiddlerScript
FiddlerCore
Xceed*.dll
Makecert.exe

60. Understanding UI Extensibility
RulesOptions
ToolsActions
Custom menus
Custom columns
ContextActions
QuickExec handlers
Views
Request Inspectors
Response Inspectors
Import & Export Transcoders

61. Type-specific Inspectors

62. Expert Perf Analysis with neXpert
Creates response time predictions and suggests optimizations for your site.

63. intruder21 Web Fuzzer By yamagata21 MIX 11 4/14/2017
By yamagata21

64. Watcher & x5s Security Auditors
MIX 11
4/14/2017
Watcher & x5s Security Auditors

65. WCF Binary Inspector MIX 11 4/14/2017

66. Integration

67. ExecAction.exe Calls into OnExecAction in script or extensions
Alternatively, invoke directly by sending a Windows Message:
oCDS.dwData = 61181; // Magic Cookie
oCDS.cbData = lstrlen(wzData * sizeof(WCHAR));
oCDS.lpData = wzData;
SendMessage(
FindWindow(NULL, "Fiddler - HTTP Debugging Proxy"),
WM_COPYDATA,
NULL,
(LPARAM) &oCDS );

68. Fiddler application with extensions
Your application hosting FiddlerCore
Fiddler.exe
YourApp.exe
Inspector2
ExecAction.exe
Inspector2
IFiddlerExtension
IFiddlerExtension
Fiddler ScriptEngine
Your FiddlerScript
FiddlerCore
FiddlerCore
Xceed*.dll
Makecert.exe
DotNetZip
CertMaker.dll

69. Programming with FiddlerCore
// Call Startup to tell FiddlerCore to begin
// listening on the specified port, register as
// the system proxy and decrypt HTTPS traffic.
Fiddler.FiddlerApplication.Startup(8877, true, true);
Fiddler.FiddlerApplication.BeforeResponse += delegate(Fiddler.Session oS) { Console.WriteLine("{0}:HTTP/{1} for {2}", oS.id, oS.responseCode, oS.fullUrl); };
// Later, call Shutdown to tell FiddlerCore to stop
// listening and unregister as the system proxy
Fiddler.FiddlerApplication.Shutdown();
Now available for .NET CLR 4.0, supporting HTTPS, with an arbitrary numbers of listening endpoints. Export captured traffic to the SAZ format or the database of your choice.

70. Fiddler Futures
WebSockets UI
SPDY/HTTP2
UI Enhancements
You tell me!

71. Thank you!!! Eric Lawrence @ericlaw //fiddlerbook.com
~300 pages. Paper or DRM-free PDF.
//fiddlerbook.com