Over on my other blog, I just posted an article showing how you can use Fiddler to find bugs in applications that don't expect authenticating proxies.