Fiddler

Introducing Fiddler
HTTP/HTTPS Debugger Runs as a proxy server on the local machine or on a remote server Written in C# (.NET Framework v2.0) Freely available from

http://www.fiddler2.com

How does Fiddler work?

Firewall Firefox

CryptoAPI

WinHTTP

Internet Explorer

WinINET

Fiddler

CorpNET Proxy

example.com

Office

Debugging non-Windows clients

PC Mac

Fiddler
Linux

Internet

PocketPC

Who uses Fiddler?

Microsoft engineers Support teams Lots of external web developers (10K+ downloads per week) Security researchers
Some bad guys

What can Fiddler do?

HTTP/HTTPS traffic monitoring and analysis Request and response modification Timing and network manipulation

HTTPS Traffic Decryption

Fiddler UI: Session List

Icons show status of request/response

Lists all traffic URLs, size, and key headers Icons show status of request/response

Fiddler UI: Inspectors

Inspectors allow you to visualize requests and responses in meaningful ways.

FiddlerScript Rules
Rules are where Fiddler gets really fun! Use JavaScript to manipulate request or response headers or entity body.

Extending Fiddler UI

FiddlerScript and extensions can add new menu items or tabs.

Using Simple Filters

Flag, modify or remove headers from all requests and responses.

AutoResponder

Replay previously captured or generated traffic.

Request Builder

Create hand-built HTTP requests, or modify and reissue a request previously captured.

Traffic Comparison
Use WinDiff to compare HTTP requests and responses.

QuickExec
QuickExec allows you to issue textual commands directly

Search Traffic

Search for strings in all captured traffic.

Text Encoding / Decoding

Convert text between popular web encodings.

SAZ Files
Session Archive ZIP files store raw traffic. SAZ files are compressed and may be password protected. SAZ files can be reopened by Fiddler or standard ZIP utilities. FiddlerCap allows capture of SAZ files by non-technical, often remote, users.

FiddlerCap

Use FiddlerCap for remote collection of evidence. www.fiddlercap.com

Fiddler application with extensions

Your application hosting FiddlerCore

Fiddler 2
Inspector2 ExecAction.exe Inspector2
IFiddlerExtension

YourApp.exe

IFiddlerExtension

Fiddler ScriptEngine
Your FiddlerScript

FiddlerCore

FiddlerCore
Xceed*.dll Makecert.exe

Xceed*.dll

Makecert.exe

Questions?
https://www.fiddler2.com

2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.