Transcript Fiddler
Fiddler
Introducing Fiddler
• HTTP/HTTPS Debugger
• Runs as a proxy server on the local machine
or on a remote server
• Written in C# (.NET Framework v2.0)
• Freely available from
http://www.fiddler2.com
How does Fiddler work?
Firewall
Firefox
CryptoAPI
WinHTTP
Internet
Explorer
WinINET
Office
Fiddler
CorpNET
Proxy
example.com
Mac
PC
Debugging non-Windows clients
PocketPC
Linux
Fiddler
Internet
Who uses Fiddler?
• Microsoft engineers
• Support teams
• Lots of external web developers (10K+
downloads per week)
• Security researchers
• Some bad guys
What can Fiddler do?
• HTTP/HTTPS traffic monitoring and
analysis
• Request and response modification
• Timing and network manipulation
HTTPS Traffic Decryption
Fiddler UI: Session List
• Icons show status of
request/response
• Lists all traffic
• URLs, size, and key
headers
• Icons show status of
request/response
Fiddler UI: Inspectors
Inspectors allow you to visualize requests
and responses in meaningful ways.
FiddlerScript Rules
• Rules are where Fiddler gets really fun!
• Use JavaScript to manipulate request or
response headers or entity body.
Extending Fiddler UI
FiddlerScript and
extensions can add new
menu items or tabs.
Using Simple Filters
Flag, modify or remove headers from
all requests and responses.
AutoResponder
Replay previously captured or
generated traffic.
Request Builder
Create hand-built HTTP
requests, or modify
and reissue a request
previously captured.
Traffic Comparison
Use WinDiff to compare
HTTP requests and
responses.
QuickExec
QuickExec
allows you to
issue textual
commands
directly…
Search Traffic
Search for strings
in all captured
traffic.
Text Encoding / Decoding
Convert text
between popular
web encodings.
SAZ Files
• “Session Archive ZIP” files store raw traffic.
• SAZ files are compressed and may be
password protected.
• SAZ files can be reopened by Fiddler or
standard ZIP utilities.
• FiddlerCap allows capture of SAZ files by
non-technical, often remote, users.
FiddlerCap
Use FiddlerCap for remote collection of evidence.
www.fiddlercap.com
Fiddler application with extensions
Fiddler 2
Your application hosting FiddlerCore
YourApp.exe
ExecAction.exe
Inspector2
Inspector2
IFiddlerExtension
IFiddlerExtension
Fiddler ScriptEngine
Your FiddlerScript
FiddlerCore
Xceed*.dll
Makecert.exe
FiddlerCore
Xceed*.dll
Makecert.exe
Questions?
https://www.fiddler2.com
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or
other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft
must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information
provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.