Transcript Note: Session includes demos and code samples. For optimal viewing, please sit near the front!

Note: Session includes demos and code samples.
For optimal viewing, please sit near the front!
Fiddler: Origins
Applications
Network
APIs
Proxy
Website
+
>
Fiddler 2
ExecAction.exe
Your Automation
Inspector2
Inspector2
IFiddlerExtension
IFiddlerExtension
Fiddler ScriptEngine
Your FiddlerScript
Fiddler Proxy
Xceed*.dll
Makecert.exe
Demo
Traffic Monitoring
Firewall
Firefox
CryptoAPI
WinHTTP
Internet
Explorer
WinINET
Office
Fiddler
Upstream
Proxy
example.com
PocketPC
Linux
Mac
Fiddler
Internet
PC
> YourApp.exe.config
proxy bypassonlocal="false"
usesystemdefault="true"
> or, use http://ipv4.fiddler
Firewall
Firefox
CryptoAPI
WinHTTP
Internet
Explorer
WinINET
Office
Upstream
Proxy
Fiddler
(Port 80)
IIS or Apache
(Port 81)
Fiddler dynamically generates interception
certificates chained to a self-signed root.
Traffic Archiving
>
>
>
>
>
>
>
>
>
Traffic Analysis
>
>
>
>
>
Demo
Demo
Use WinDiff to
compare HTTP
requests and
responses.
http://websecuritytool.codeplex.com/
Traffic Manipulation
>
>
Use Fiddler
inspectors to modify
requests and
responses….
Flag, modify or remove headers
from all requests and responses.
Create hand-built
HTTP requests, or
modify and reissue a
request previously
captured.
Replay previously captured or
generated traffic.
static function OnBeforeRequest(oS: Session){
if (oS.uriContains(".aspx"))
{
oS["ui-color"] = "red";
}
if (m_DisableCaching){
oS.oRequest.headers.Remove("If-None-Match");
oS.oRequest.headers.Remove("If-Modified-Since");
oS.oRequest["Pragma"] = "no-cache";
}
}
static function OnBeforeResponse(oS: Session) {
oS.utilDecodeResponse();
oS.utilPrependToResponseBody("Injected Content!");
}
Performance
>
>
>
>
>
>
>
Timeline view of Buffering Mode
Timeline view of Streaming Mode
Test Integration
>
>
oCDS.dwData = 61180; // Magic Cookie
oCDS.cbData = strlen(sData);
oCDS.lpData = sData;
SendMessage(
FindWindow(NULL, "Fiddler - HTTP Debugging Proxy"),
WM_COPYDATA,
NULL,
(LPARAM) &oCDS
);
>>FUTURE
Fiddler application with extensions
Fiddler 2
Your application hosting
FiddlerCore
YourApp.exe
ExecAction.exe
Inspector2
Inspector2
IFiddlerExtension
IFiddlerExtension
Fiddler ScriptEngine
Your FiddlerScript
FiddlerCore
Xceed*.dll
Makecert.exe
FiddlerCore
Makecert.exe
// Call Startup to tell FiddlerCore to begin
// listening on the specified port, register as
// the system proxy and decrypt HTTPS traffic.
Fiddler.FiddlerApplication.Startup(8877, true, true);
Fiddler.FiddlerApplication.BeforeResponse +=
delegate(Fiddler.Session oS) {
Console.WriteLine("{0}:HTTP {1} for {2}", oS.id,
oS.responseCode, oS.fullUrl);
};
// Call Shutdown to tell FiddlerCore to stop
// listening and unregister as the system proxy
Fiddler.FiddlerApplication.Shutdown();
>>FUTURE
>
>
Questions?
>
>
channel9.msdn.com/learn
Built by Developers for Developers….
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT
MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.