Table of Contents

Acknowledgements............................................................................................................................................................ iii

Table of Contents................................................................................................................................................................ iv

Origins.................................................................................................................................................................................... 1

About this book............................................................................................................................................................... 3

A Quick Primer..................................................................................................................................................................... 5

Basic Concepts................................................................................................................................................................. 5

Fiddler Scenarios............................................................................................................................................................ 6

Getting Started with Fiddler............................................................................................................................................... 8

System Requirements.................................................................................................................................................... 8

Installing Fiddler.............................................................................................................................................................. 8

Updating Fiddler.............................................................................................................................................................. 9

The Fiddler User-Interface............................................................................................................................................... 10

The Web Sessions List.................................................................................................................................................. 10

Web Sessions Context Menu...................................................................................................................................... 13

Fiddler’s Main Menu......................................................................................................................................................... 17

Fiddler’s About Box...................................................................................................................................................... 22

Fiddler’s Toolbar................................................................................................................................................................ 24

Fiddler’s Status Bar....................................................................................................................................................... 25

Application Hotkeys.......................................................................................................................................................... 26

QuickExec........................................................................................................................................................................... 27

The Fiddler User-Interface............................................................................................................................................... 32

Comparing Sessions........................................................................................................................................................... 33

Debugging with Breakpoints............................................................................................................................................ 35

Statistics Tab....................................................................................................................................................................... 38

The Filters tab..................................................................................................................................................................... 40

Request Headers.......................................................................................................................................................... 41

The Timeline tab................................................................................................................................................................ 45

Mode: Timeline............................................................................................................................................................. 45

Mode: Client Pipe Map................................................................................................................................................ 47

Mode: Server Pipe Map.............................................................................................................................................. 47

The AutoResponder tab................................................................................................................................................... 48

Specifying the Match Condition................................................................................................................................. 49

Specifying the Action Text.......................................................................................................................................... 50

Using RegEx Replacements in Action Text................................................................................................................ 51

Drag-and-Drop support............................................................................................................................................... 52

FARX Files....................................................................................................................................................................... 53

Encoding and Decoding Text with the TextWizard...................................................................................................... 54

A Few Words on Character Encodings...................................................................................................................... 55

The Composer tab............................................................................................................................................................. 56

The Log tab......................................................................................................................................................................... 60

The Find Sessions Dialog................................................................................................................................................... 61

The HOSTS Dialog............................................................................................................................................................... 63

Retargeting Traffic with Fiddler....................................................................................................................................... 64

Features to Retarget Requests................................................................................................................................... 66

Sending Traffic to Fiddler................................................................................................................................................. 67

Capturing Traffic from Browsers................................................................................................................................ 67

Capturing Traffic from Other Applications............................................................................................................... 69

Capturing Traffic from Services.................................................................................................................................. 70

Capturing Traffic to Loopback.................................................................................................................................... 70

Running Fiddler on Mac OSX...................................................................................................................................... 73

Capturing Traffic from Other Computers................................................................................................................. 74

Capturing Traffic from Devices................................................................................................................................... 75

Using Fiddler as a Reverse Proxy............................................................................................................................... 76

Chaining to Upstream Proxy Servers......................................................................................................................... 77

Chaining to SOCKS / TOR............................................................................................................................................. 77

VPNs, Modems, and Tethering................................................................................................................................... 78

DirectAccess.................................................................................................................................................................. 78

Buffering vs. Streaming Traffic........................................................................................................................................ 79

Request Buffering......................................................................................................................................................... 79

Response Buffering...................................................................................................................................................... 79

COMET............................................................................................................................................................................ 79

HTML5 WebSockets.......................................................................................................................................................... 81

Fiddler and HTTPS.............................................................................................................................................................. 82

Configuring Clients for HTTPS Decryption..................................................................................................................... 85

Certificate Validation......................................................................................................................................................... 86

Apple iOS and Android..................................................................................................................................................... 87

Client Certificates.............................................................................................................................................................. 88

Client Certificates.............................................................................................................................................................. 89

Fiddler and FTP.................................................................................................................................................................. 90

Memory Use and Fiddler’s Bitness................................................................................................................................. 91

Fiddler and Web Authentication.................................................................................................................................... 93

HTTP Authentication.................................................................................................................................................... 93

Automatic Authentication in Fiddler......................................................................................................................... 94

Authentication Issues................................................................................................................................................... 95

HTTPS Client Certificates............................................................................................................................................. 96

Inspectors........................................................................................................................................................................... 98

Auth (Request / Response)............................................................................................................................................ 100

Caching (Response; ReadOnly)..................................................................................................................................... 102

Cookies (Request / Response; ReadOnly)................................................................................................................... 103

Headers (Request/Response; Read/Write)................................................................................................................ 104

Context Menu............................................................................................................................................................. 105

Keyboard Shortcuts................................................................................................................................................... 105

Editing........................................................................................................................................................................... 105

HexView (Request / Response; Read/Write)............................................................................................................. 107

ImageView (Response; ReadOnly)................................................................................................................................ 109

JSON (Request / Response; ReadOnly)........................................................................................................................ 110

Raw (Request / Response; Read/Write)...................................................................................................................... 111

SyntaxView (Request / Response; Read/Write)......................................................................................................... 112

TextView (Request / Response; Read/Write)............................................................................................................. 114

Transformer (Response; Read/Write)......................................................................................................................... 115

WebForms (Request; Read/Write).............................................................................................................................. 117

WebView (Response; ReadOnly).................................................................................................................................. 118

XML (Request / Response; ReadOnly)......................................................................................................................... 119

Fiddler Options................................................................................................................................................................ 120

General Options......................................................................................................................................................... 120

HTTPS Options............................................................................................................................................................. 121

Extensions Options..................................................................................................................................................... 122

Connections Options................................................................................................................................................. 123

Appearance Options.................................................................................................................................................. 124

Preferences..................................................................................................................................................................... 125

Understanding Text Encodings...................................................................................................................................... 126

Fiddler Extensions........................................................................................................................................................... 127

Gallery............................................................................................................................................................................... 128

Full-Screen View......................................................................................................................................................... 128

Content Blocker............................................................................................................................................................... 130

FiddlerScript Editors....................................................................................................................................................... 132

FiddlerScript Tab........................................................................................................................................................ 132

ClassView Sidebar....................................................................................................................................................... 133

Fiddler2 ScriptEditor.................................................................................................................................................. 133

SAZ Clipboard................................................................................................................................................................... 135

Traffic Differ..................................................................................................................................................................... 136

AnyWHERE........................................................................................................................................................................ 137

JavaScript Formatter....................................................................................................................................................... 138

Session Archive Zip (SAZ) Files...................................................................................................................................... 139

Protecting SAZ Files................................................................................................................................................... 139

Importing and Exporting Sessions................................................................................................................................. 141

Import Formats........................................................................................................................................................... 141

Export Formats............................................................................................................................................................ 141

Fiddler’s Viewer Mode................................................................................................................................................... 146

FiddlerCap........................................................................................................................................................................ 147

Capture Box................................................................................................................................................................. 147

Capture Options Box.................................................................................................................................................. 148

Tools Box...................................................................................................................................................................... 149

Using Fiddler for Performance Debugging................................................................................................................. 152

Using Fiddler for Content Collection............................................................................................................................ 153

Using Fiddler for Security Analysis............................................................................................................................... 154

Configuration for IT Administrators.............................................................................................................................. 155

Using Fiddler for Compatibility Diagnosis.................................................................................................................... 156

Extending Fiddler with FiddlerScript............................................................................................................................ 158

About FiddlerScript.................................................................................................................................................... 158

Editing FiddlerScript................................................................................................................................................... 159

FiddlerScript Functions.................................................................................................................................................. 161

Session Handling Functions...................................................................................................................................... 161

General Functions...................................................................................................................................................... 162

Automating Fiddler......................................................................................................................................................... 164

Extending Fiddler’s UI - Menus..................................................................................................................................... 167

Extending the Tools Menu........................................................................................................................................ 167

Extending the Web Sessions Context Menu.......................................................................................................... 168

Extending the Rules Menu........................................................................................................................................ 168

Creating New Top-Level Menus............................................................................................................................... 171

Extending Fiddler’s UI - Adding Columns to the Web Sessions List........................................................................ 173

Binding Columns using Attributes............................................................................................................................ 173

Binding Columns using AddBoundColumn............................................................................................................. 175

FiddlerObject Functions................................................................................................................................................. 177

Referencing Assemblies................................................................................................................................................. 180

Interacting with Fiddler.................................................................................................................................................. 181

Sample Scripts.................................................................................................................................................................. 182

Extending Fiddler with .NET........................................................................................................................................... 186

Project Requirements and Settings......................................................................................................................... 187

Debugging Extensions................................................................................................................................................ 187

Best Practices for Extensions................................................................................................................................... 187

Interacting with Fiddler.................................................................................................................................................. 192

Understanding SessionStates................................................................................................................................... 192

SessionFlags................................................................................................................................................................. 192

Sending Strings to the TextWizard.......................................................................................................................... 193

Logging Events............................................................................................................................................................ 194

Interacting with the FiddlerScript Engine............................................................................................................... 194

Programming with Preferences.................................................................................................................................... 196

Preference Naming.................................................................................................................................................... 196

The IFiddlerPreferences Interface.......................................................................................................................... 196

Storing and Removing Preferences........................................................................................................................ 197

Retrieving Preferences............................................................................................................................................. 197

Watching for Preference Changes.......................................................................................................................... 197

Notifications in Extensions........................................................................................................................................ 197

Notifications in FiddlerScript.................................................................................................................................... 198

Building Extension Installers.......................................................................................................................................... 199

Building Inspectors.......................................................................................................................................................... 202

Inspecting the Session Object.................................................................................................................................. 205

Dealing with HTTP Compression and Chunking.......................................................................................................... 208

Decoding a Copy of the Body................................................................................................................................... 208

Using the GetRe*BodyAsString Methods............................................................................................................... 209

Using the utilDecode* Methods.............................................................................................................................. 209

Inspector Assemblies................................................................................................................................................. 210

Fiddler Extensions........................................................................................................................................................... 211

Integrating with QuickExec....................................................................................................................................... 212

Extension Assemblies................................................................................................................................................ 213

Import and Export Transcoders.................................................................................................................................... 214

Handling Options........................................................................................................................................................ 216

Going Beyond Files..................................................................................................................................................... 218

FiddlerCore...................................................................................................................................................................... 224

Legalities...................................................................................................................................................................... 225

Getting Started with FiddlerCore............................................................................................................................. 225

Compiling the Sample Application........................................................................................................................... 225

The FiddlerCoreStartupFlags.................................................................................................................................... 227

The FiddlerApplication Class......................................................................................................................................... 229

FiddlerApplication Events......................................................................................................................................... 229

FiddlerApplication Methods..................................................................................................................................... 230

FiddlerApplication Properties and Fields............................................................................................................... 231

Fiddler API................................................................................................................................................................... 231

Common Tasks with FiddlerCore.................................................................................................................................. 233

Other resources......................................................................................................................................................... 234

Appendix A: Troubleshooting....................................................................................................................................... 236

Missing Traffic............................................................................................................................................................. 236

Interference from Security Software..................................................................................................................... 237

Corrupted Proxy Settings.......................................................................................................................................... 238

Resetting Fiddler........................................................................................................................................................ 238

Troubleshooting Certificate Problems.................................................................................................................... 239

Wiping all traces of Fiddler....................................................................................................................................... 240

Fiddler crashes complaining about the "Configuration System"........................................................................ 240

Fiddler randomly stops capturing traffic................................................................................................................ 240

Fiddler stalls streaming RPC-over-HTTPS traffic.................................................................................................... 241

Appendix B: Command Line Syntax............................................................................................................................. 242

Option Flags................................................................................................................................................................. 242

Appendix C: Session Flags.............................................................................................................................................. 243

Session Display Flags.................................................................................................................................................. 243

Breakpoint and Editing Flags..................................................................................................................................... 244

Network Routing Flags............................................................................................................................................... 245

Performance Simulation Flags.................................................................................................................................. 247

Client Information Flags............................................................................................................................................. 247

HTTPS Flags.................................................................................................................................................................. 248

Appendix D: Preferences.............................................................................................................................................. 254

Network Preferences................................................................................................................................................ 254

HTTPS Preferences.................................................................................................................................................... 257

Fiddler UI Preferences.............................................................................................................................................. 259

Path Configuration..................................................................................................................................................... 265

Miscellaneous............................................................................................................................................................. 266

Extension Preferences.............................................................................................................................................. 266

Index.................................................................................................................................................................................. 270