Download presentation
Presentation is loading. Please wait.
1
Note: Session includes demos and code samples. For optimal viewing, please sit near the front!
2
Fiddler: Origins
9
+
13
Fiddler 2 Fiddler ScriptEngine Inspector2 IFiddlerExtension Fiddler Proxy ExecAction.exe Your FiddlerScript Xceed*.dll Makecert.exe Your Automation
14
Demo
15
Traffic Monitoring
18
Fiddler Mac Internet Linux PocketPC PC
21
Fiddler dynamically generates interception certificates chained to a self-signed root.
22
Traffic Archiving
26
Traffic Analysis
28
Demo
30
Use WinDiff to compare HTTP requests and responses.
31
http://websecuritytool.codeplex.com/
32
Traffic Manipulation
34
Use Fiddler inspectors to modify requests and responses….
35
Flag, modify or remove headers from all requests and responses.
36
Create hand-built HTTP requests, or modify and reissue a request previously captured.
37
Replay previously captured or generated traffic.
39
static function OnBeforeRequest(oS: Session){ if (oS.uriContains(".aspx")) { oS["ui-color"] = "red"; } if (m_DisableCaching){ oS.oRequest.headers.Remove("If-None-Match"); oS.oRequest.headers.Remove("If-Modified-Since"); oS.oRequest["Pragma"] = "no-cache"; }
![static function OnBeforeRequest(oS: Session){ if (oS.uriContains( .aspx )) { oS[ ui-color ] = red ; } if (m_DisableCaching){ oS.oRequest.headers.Remove( If-None-Match ); oS.oRequest.headers.Remove( If-Modified-Since ); oS.oRequest[ Pragma ] = no-cache ; }](http://images.slideplayer.com./20/5998054/slides/slide_39.jpg "static function OnBeforeRequest(oS: Session){ if (oS.uriContains( .aspx )) { oS[ ui-color ] = red ; } if (m_DisableCaching){ oS.oRequest.headers.Remove( If-None-Match ); oS.oRequest.headers.Remove( If-Modified-Since ); oS.oRequest[ Pragma ] = no-cache ; }")
40
static function OnBeforeResponse(oS: Session) { oS.utilDecodeResponse(); oS.utilPrependToResponseBody("Injected Content!"); }
41
Performance
45
Timeline view of Buffering Mode Timeline view of Streaming Mode
47
Test Integration
48
oCDS.dwData = 61180; // Magic Cookie oCDS.cbData = strlen(sData); oCDS.lpData = sData; SendMessage( FindWindow(NULL, "Fiddler - HTTP Debugging Proxy"), WM_COPYDATA, NULL, (LPARAM) &oCDS );
49
>>FUTURE Fiddler 2 Fiddler ScriptEngine Inspector2 IFiddlerExtension FiddlerCore ExecAction.exe YourApp.exe FiddlerCore Fiddler application with extensionsYour application hosting FiddlerCore Your FiddlerScript Xceed*.dll Makecert.exe
50
// Call Startup to tell FiddlerCore to begin // listening on the specified port, register as // the system proxy and decrypt HTTPS traffic. Fiddler.FiddlerApplication.Startup(8877, true, true); Fiddler.FiddlerApplication.BeforeResponse += delegate(Fiddler.Session oS) { Console.WriteLine("{0}:HTTP {1} for {2}", oS.id, oS.responseCode, oS.fullUrl); }; // Call Shutdown to tell FiddlerCore to stop // listening and unregister as the system proxy Fiddler.FiddlerApplication.Shutdown();
51
>>FUTURE
52
Questions?
54
Built by Developers for Developers….
55
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Similar presentations
