Debugging with Fiddler

Download Report

Transcript Debugging with Fiddler 

Debugging
with Fiddler
Eric Lawrence (@ericlaw)
Follow along at http://getfiddler.com
How did I end up here?
Once upon a time…
Oh no! What happened?!?
There must be a better way…
A simple idea takes shape…
All problems in computer science can
be solved by another level of
indirection.
- David Wheeler
Applications
Network
APIs
Proxy
Website
Fiddler: Evolution
Ten years,
~30k lines of C#,
120+ release builds,
one full-length paperback,
a cross-country move to Telerik,
and two new supported platforms later…
My current side-project
Roadmap




New Website
New Documentation
New Platforms
Enhanced User-Interface
Fiddler Today: Demo
A quick tour of Fiddler
UI Evolution - Web Sessions list
Fiddler on Linux (Mint/Ubuntu)
Fiddler on Mac OSX
• It works, but due to UI glitches, you’re
usually better off using Parallels / Fusion
Traffic Monitoring
Typical Architecture
Phones
Tablets
iOS
Mac
PC
Debug Across Devices
Fiddler
Internet
Fiddler as a Reverse Proxy
http://fiddler2.com/r/?reverseproxy
Win8/8.1 “Immersive” Apps &
IE11
.NET Applications
YourApp.exe.config or machine.config
<configuration>
<system.net>
<defaultProxy>
<proxy bypassonlocal="false"
usesystemdefault=“false"
proxyaddress=
"http://127.0.0.1:8888" />
</defaultProxy>
</system.net>
</configuration>
Protocols
HTTPS Traffic Decryption
• Proxies cannot normally “see” HTTPS
requests
GET
/fiddler2/
GET
/Fiddler2/Fiddler.css
GET
/Fiddler/images/FiddlerLogo.png
HTTPS Traffic Decryption
Fiddler dynamically generates interception
certificates chained to a self-signed root.
HTML5 WebSockets
WebSockets enable bi-directional socket
communications over a connection
established using HTTP or HTTPS
HTML5 WebSockets
HTML5 WebSockets
FTP
Fiddler supports FTP traffic via a built-in FTP
gateway. FTP proxy is off-by-default.
SPDY/HTTP2.0
Fiddler recognizes and tags SPDY connections if
HTTPS-decryption is disabled.
Protocol Violations
prefs set fiddler.lint.HTTP True
Traffic Archiving
Fiddler has many output options
•
•
•
•
•
•
•
Copy sessions to the clipboard
Store as a plaintext file
Extract binary response bodies
Archive to a database
Export a Visual Studio .WebTest file
Build a HTML5 AppCache Manifest
Build a WCAT load-test script
…or write your own
The SAZ file format
Session Archive Zip files contain:
• Request and response bytes
• Timing and other metadata
• HTML index file
For security, SAZ files may be encrypted
using AES
FiddlerCap – Simple capture
tool http://www.fiddlercap.com
User-interface localized to:
English | Français | Español | Português | 日本語 | русский
Traffic Analysis
TextWizard
Convert text between popular web encodings.
Traffic Comparison
Use WinDiff or the
differ of your choice to
compare Sessions’
requests and
responses.
Traffic Comparison
Use the Differ Extension to compare
groups of Sessions at once.
Filtering Traffic
•
•
•
•
>
>
Ignore Images & CONNECTs
Application Type Filter
Process Filter
Troubleshooting with Help menu
Regular Expression Support
SyntaxView Reformatting
ImageView DataURL Support
ImageView Tools integration
ImageView Metadata &
GeoLocation
X-Download-Initiator
https://fiddler2.com/dl/EnableDownloadInitiator.reg
cols add @request.X-Download-Initiator
HTML5 Media & Font previews
In Context
Internet Explorer F12 Developer
tools
F12 Developer Tools vs. Fiddler
F12 Network Tab
Fiddler
Display cache and network requests
Display and modify only network requests
Shows downloads from current process
Shows traffic from all processes
Shows post-decryption HTTPS traffic
Decrypts HTTPS traffic via “man-in-themiddle” approach
Less explicit mixed-content detection
Exports F12 NetworkData.xml
Imports F12 NetworkData.xml
Traffic Manipulation
Automated Rewrites
• Simple built-in Rules
• The HOSTS command
Breakpoint Debugging
Use Fiddler
Inspectors to modify
requests and
responses….
Simple Filters
Flag, modify or remove headers
from all requests and responses.
Request Composer
Create hand-built HTTP requests, or modify
and reissue a request previously captured.
Supports
• Automatic
authentication
• File Uploads
• Redirect
chasing
• Sequential
URL Crawling
AutoResponder
Replay
previouslycaptured or
generated
traffic.
FiddlerScript
FiddlerScript – Request Modification
static function OnBeforeRequest(oS: Session)
{
if (oS.uriContains(".aspx"))
{
oS["ui-color"] = "red";
}
if (m_DisableCaching)
{
oS.oRequest.headers.Remove("If-None-Match");
oS.oRequest.headers.Remove("If-Modified-Since");
oS.oRequest["Pragma"] = "no-cache";
}
}
FiddlerScript – Response Modification
static function
OnBeforeResponse(oS: Session) {
oS.utilDecodeResponse();
oS.utilPrependToResponseBody(
"Injected Content!");
}
Power up with
Extensions
Understanding Extensibility
Each component in red is your code…
Fiddler.exe
ExecAction.exe
Script / Batch file
Inspector2
Inspector2
IFiddlerExtension
IFiddlerExtension
Fiddler ScriptEngine
Your FiddlerScript
FiddlerCore
Xceed*.dll
Makecert.exe
Understanding UI Extensibility
1. RulesOptions
2. ToolsActions
3. Custom menus
4. Custom columns
5. ContextActions
6. QuickExec handlers
7. Views
8. Request Inspectors
9. Response Inspectors
10.Import & Export Transcoders
Type-specific Inspectors
Expert Perf Analysis with neXpert
intruder21 Web Fuzzer
• By yamagata21
Watcher & x5s Security Auditors
http://websecuritytool.codeplex.com/
http://xss.codeplex.com/
WCF Binary Inspector
Integration
ExecAction.exe
• Calls into OnExecAction in script or
extensions
• Alternatively, invoke directly by sending a
oCDS.dwData Message:
= 61181; // Magic Cookie
Windows
oCDS.cbData = lstrlen(wzData * sizeof(WCHAR));
oCDS.lpData = wzData;
SendMessage(
FindWindow(NULL, "Fiddler - HTTP Debugging Proxy"),
WM_COPYDATA,
NULL,
(LPARAM) &oCDS
);
Fiddler application with extensions
Your application hosting FiddlerCore
Fiddler.exe
YourApp.exe
Inspector2
ExecAction.exe
Inspector2
IFiddlerExtension
IFiddlerExtension
Fiddler ScriptEngine
Your FiddlerScript
FiddlerCore
Xceed*.dll
Makecert.exe
FiddlerCore
DotNetZip
CertMaker.dll
Programming with FiddlerCore
// Call Startup to tell FiddlerCore to begin
// listening on the specified port, register as
// the system proxy and decrypt HTTPS traffic.
Fiddler.FiddlerApplication.Startup(8877, true, true);
Fiddler.FiddlerApplication.BeforeResponse +=
delegate(Fiddler.Session oS) {
Console.WriteLine("{0}:HTTP/{1} for {2}", oS.id,
oS.responseCode, oS.fullUrl);
};
// Later, call Shutdown to tell FiddlerCore to stop
// listening and unregister as the system proxy
Fiddler.FiddlerApplication.Shutdown();
Fiddler Futures
•
•
•
•
WebSockets UI
SPDY/HTTP2
UI Enhancements
You tell me!
Thank you!
@ericlaw
http://fiddler2.com/blog
Now Available
//fiddlerbook.com