Download presentation
Presentation is loading. Please wait.
Published byMadeleine Daniel Modified over 9 years ago
1
Advanced Web Debugging with Fiddler Eric Lawrence Program Manager Internet Explorer ericlaw@microsoft.com Note: Session includes demos and code samples. For optimal viewing, please sit near the front!
2
TRAFFIC CAPTURE GET /data HTTP/1.1
3
Typical Architecture
4
Debug Across Devices Fiddler Mac Internet SmartPhone Linux PC
5
FiddlerHook for Firefox
6
TRAFFIC IMPORT Fiddler, FiddlerCap, and IE9
7
FiddlerCap FiddlerCap is a lightweight capture tool
8
IE9 Developer Tools IE9’s Developer Tools include a “Network” tab
9
TRAFFIC ANALYSIS Examine Requests and Responses
10
Filtering Traffic Ignore Images & CONNECTs Application Type Filter Process Filter Using QuickExec Using Find
11
Output Options Copy sessions to the clipboard Store as a plaintext file Extract binary response bodies Archive to a database Export a Visual Studio.WebTest file Write your own… Fiddler’s native “Session Archive ZIP” (SAZ) Format
12
Traffic Comparison Use WinDiff to compare HTTP requests and responses.
13
Traffic Comparison “Viewer” mode allows examining multiple captures side-by-side. fiddler.exe -viewer
14
TRAFFIC MODIFICATION Rewriting HTTP(S) Traffic
15
Automated Rewrites Simple Built-in Rules The HOSTS extension
16
Breakpoint Debugging Use Fiddler inspectors to modify requests and responses….
17
Understanding Streaming Timeline view of Buffering Mode Timeline view of Streaming Mode
18
Request Builder Create hand-built HTTP requests, or modify and reissue a request previously captured.
19
Simple Filters Flag, modify or remove headers from all requests and responses.
20
AutoResponder Replay previously captured or generated traffic.
21
SCRIPTING AND EXTENSIBILITY Powering Up Fiddler
22
Understanding Extensibility Fiddler 2 Fiddler ScriptEngine Inspector2 IFiddlerExtension Fiddler Proxy ExecAction.exe Your FiddlerScript Xceed*.dll Makecert.exe Your Automation
23
FIDDLERSCRIPT Lightweight extensibility using JavaScript
24
FiddlerScript
25
FiddlerScript: Request Modification static function OnBeforeRequest(oS: Session){ if (oS.uriContains(".aspx")) { oS["ui-color"] = "red"; } if (m_DisableCaching){ oS.oRequest.headers.Remove("If-None-Match"); oS.oRequest.headers.Remove("If-Modified- Since"); oS.oRequest["Pragma"] = "no-cache"; }
26
FiddlerScript: Response Modification static function OnBeforeResponse(oS: Session) { oS.utilDecodeResponse(); oS.utilPrependToResponseBody("Injected Content!"); }
27
EXTENSIONS Powerful extensibility using any.NET Language
28
neXpert
29
Watcher http://websecuritytool.codeplex.com/ Automated (passive) security analysis
30
TEST INTEGRATION Integrating Fiddler into your tools
31
ExecAction The ExecAction.exe command line utility calls into the OnExecAction function in script and Fiddler extensions.
32
FiddlerCore Fiddler 2 Fiddler ScriptEngine Inspector2 IFiddlerExtension FiddlerCore ExecAction.exe YourApp.exe FiddlerCore Fiddler application with extensionsYour application hosting FiddlerCore Your FiddlerScript Xceed*.dll Makecert.exe
33
Programming with FiddlerCore // Call Startup to tell FiddlerCore to begin // listening on the specified port, register as // the system proxy and decrypt HTTPS traffic. Fiddler.FiddlerApplication.Startup(8877, true, true); Fiddler.FiddlerApplication.BeforeResponse += delegate(Fiddler.Session oS) { Console.WriteLine ("{0}:HTTP {1} for {2}", oS.id, oS.responseCode, oS.fullUrl); }; // Call Shutdown to tell FiddlerCore to stop // listening and unregister as the system proxy Fiddler.FiddlerApplication.Shutdown();
34
Call To Action Try the Watcher & neXpert extensions Use FiddlerCap to collect traffic from the field Check out import from the IE9 Developer Tools
35
Questions and Resources Resources o Meet the IE Team in the MIX “Commons” o http://www.fiddler2.com/mix/ o ericlaw@microsoft.com Please fill out an evaluation form for this session ( FT-50 ). Thank you!
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.