SlideShare a Scribd company logo
1 of 36
Download to read offline
Debugging the Web with
Fiddler
Ido Flatow
Senior Architect
Microsoft MVP & RD
Sela Group
Meet Fiddler…
Application
Network
APIs
Proxy Website
What is Fiddler?
Fiddler Facts
• A proxy server
• An HTTP/HTTPS Sniffer
• An HTTP Debugger
• Written in .NET / Mono
• A free utility (for now, cross your fingers)
• An extensible application
• A must tool for web developers
• Unfortunately, it doesn’t make coffee!
How Fiddler Works…
Internet
Explorer
WinINET
Office
CryptoAPI WinHTTP
Fiddler
Firefox
Upstream
Proxy
Web Site
Firewall
Fiddler by Scenarios
Traffic
Inspection
Performance
Tuning
DebuggingTesting
Scenario: Inspecting Traffic
Fiddler to the Rescue
• Browsers (Static sites, ASP.NET, J2EE, PHP)
• Desktop applications that use HTTP
• Web services
• Phone emulators
• Any device that supports
a proxy server ( )
The Sessions List
Sequence and color
coding
Caching information
Origin process
Manual
commentsResponse size
Inspectors
• See the content of messages (requests & responses)
• View both headers and body
• Transform content to viewable form XML, Image, JSON, JavaScript, Binary
• Create your own inspectors
Inspectors, Now with Web Sockets
Filter by…
By process type
By specific process
By host
By process name/PID/svchost
By URL
By status code
By MIME or size
QuickExec
Fiddler and HTTPS
• Fiddler acts as a “machine-in-the-middle”
• Generates certificates for web sites on-the-fly
• Supports excluding sensitive HTTPS sites
• Basic support for client certificates
Scenario: Performance Tuning
Reminder:
Understanding the Connection
Application
Network
APIs
Proxy Website
Second connection
From Fiddler to the server
First connection
From client to Fiddler
Visualize the Traffic with Timeline
Start End
Bar color = MIME
Red = new connection
Green = reused connection
Disk = cached response
Bar = begin receive
Stripes = buffered by Fiddler
Prefer stream over buffer
Use buffer when editing responses
Single Session Timeline
• Server wait time
• Time to receive headers and body
• Time between body chunks
Statistics are Important
• Single page statistics give info on performance
– Client processing
– Server processing
– Network latency
• Execution time:
ServerBeginResponse – ServerGotRequest
• Upload time:
ServerGotRequest – ClientDoneRequest
• Download time:
ServerDoneResponse – ServerBeginResponse
• Watch out for misleading connection reuse
• Add timer columns instead of calculating
Statistics are Important
• Statistics is also supported for multiple sessions
• Aggregative information
– Request count
– Unique hosts
– Bytes sent
– Bytes received
– Elapsed time
– Response code statistics
– Content statistics
Performance-related inspectors
• Transformer
• Image view
• Caching
• Cookies
• HTML Inspector (3rd party)
Drawing Conclusions
• Reduce number of requests
• Reduce traffic roundtrips
• Reduce the size of requests and responses
• Applying compression where needed
• Identify non-cached responses
• Use Fiddler to improve performance, not to measure it!
Scenario: Debugging
Manipulate Traffic with Rules
• Simulate user-agents (IE, Mozila…)
• Simulate network latency
• Disable sending cache headers
• HOSTS file remapping
• You can also write your own rules!
http://fiddlerbook.com/Fiddler/dev/ScriptSamples.asp
Play it Again, Sam
• Why run the client scenario again, just to resend the request?
• Simply click “Replay”
– Reissue a single request
– Reissue a set of requests
– Reissue unconditionally (no cache headers)
– Reissue multiple times
• What if the request needs a change before reissuing?
Changing Requests with Composer
• Create any request from scratch
• Use previous requests with drag-n-drop
• Don’t bother calculating content length
• Composed requests history
www.bobthebuilder.com
Breakpoints – Human in the Middle
• Manual control over
request & response
• Stop on any direction
• Manipulate header and body
• Auto reply instead of
forwarding request
• Least used feature in Fiddler!!
Debugging Localhost
• In some cases, proxies are bypassed when using
localhost (127.0.0.1) addresses
• What to do?
• Use the machine’s name
• Use fictitious DNS names
– ipv4.fiddler or ipv6.fiddler (converted to 127.0.0.1 / [::1])
– localhost. or localhost.fiddler (converted to localhost)
Debugging Services
• Fiddler hooks to the interactive user
• IIS App Pools and Windows Services runs with
built-in users (Network Service / AppPoolIdentity)
• Use network sniffers and export as PCAP
• Download PsExec and run:
PsExec.exe -i -u "nt authoritynetwork service"
"%ProgramFiles(x86)%Fiddler2Fiddler.exe"
If You See This, Don’t Panic
Scenario: Testing
“My Code is Perfect”
• No more “I can’t reproduce this
bug”
• Save sessions to .SAZ archive
and send them to the developer
• Saves everything, not only text
responses
• Open on another machine,
inspect, and replay if necessary
I Got this From Fiddler
• Save/Load sessions to .SAZ files
• Export/Import HTTP Archive (HAR) sessions
• Export sessions to raw files. Great for:
– Images
– CSS
– Scripts
– Data URIs
• Export as Visual Studio web test
In-Memory Website with Auto-
Responder
• Match URI according to
– String literals (sub-string, * wildcard)
– Inverse string literals
– Exact match, including casing
– Regular expressions
• If a match then
– Respond with file
– Send stored response
– Redirect (not 301 redirect)
– Http Redirect (301)
– Break
– Delay send
– Drop response
If URI matches… then respond with…
Extending Fiddler to Your Needs
• Customize rules script
• Create custom inspectors
• Create requests and responses auto-modifiers
• Create new exporter/importer
• Extend QuickExec with new commands
• Add menus and tabs
http://docs.telerik.com/fiddler/Extend-Fiddler/ExtendWithDotNet
Fiddler is More Than a Sniffer
• Monitors traffic, yes, but also…
• Controls traffic
• Modifies traffic
• Generates traffic
• Easy to use
• Extensible
Resources
• Fiddler Website
– http://www.telerik.com/fiddler
• Fiddler Forum
– http://groups.google.com/group/httpfiddler
• Fiddler Blog
– http://www.telerik.com/blogs/tag/fiddler
– http://www.telerik.com/blogs/fiddler-a-segue
– http://blogs.msdn.com/b/fiddler (old blog)
• My Info
– @IdoFlatow // idof@sela.co.il // www.idoflatow.net/downloads

More Related Content

What's hot

Threading through InterBase, Firebird, and beyond
Threading through InterBase, Firebird, and beyondThreading through InterBase, Firebird, and beyond
Threading through InterBase, Firebird, and beyondMind The Firebird
 
Load Balancing, Failover and Scalability with ColdFusion
Load Balancing, Failover and Scalability with ColdFusionLoad Balancing, Failover and Scalability with ColdFusion
Load Balancing, Failover and Scalability with ColdFusionColdFusionConference
 
Developing High Performance and Scalable ColdFusion Application Using Terraco...
Developing High Performance and Scalable ColdFusion Application Using Terraco...Developing High Performance and Scalable ColdFusion Application Using Terraco...
Developing High Performance and Scalable ColdFusion Application Using Terraco...ColdFusionConference
 
Java script anywhere. What Nombas was doing pre-acquisition.
Java script anywhere. What Nombas was doing pre-acquisition.Java script anywhere. What Nombas was doing pre-acquisition.
Java script anywhere. What Nombas was doing pre-acquisition.Brent Noorda
 
Expand Your ColdFusion App Power with AWS
Expand Your ColdFusion App Power with AWSExpand Your ColdFusion App Power with AWS
Expand Your ColdFusion App Power with AWSColdFusionConference
 
SCUGBE_Lowlands_Unite_2017_Managing Windows Containers with Docker
SCUGBE_Lowlands_Unite_2017_Managing Windows Containers with DockerSCUGBE_Lowlands_Unite_2017_Managing Windows Containers with Docker
SCUGBE_Lowlands_Unite_2017_Managing Windows Containers with DockerKenny Buntinx
 
Supporting Digital Media Workflows in the Cloud with Perforce Helix
Supporting Digital Media Workflows in the Cloud with Perforce HelixSupporting Digital Media Workflows in the Cloud with Perforce Helix
Supporting Digital Media Workflows in the Cloud with Perforce HelixPerforce
 
RESTFul Tools For Lazy Experts - CFSummit 2016
RESTFul Tools For Lazy Experts - CFSummit 2016RESTFul Tools For Lazy Experts - CFSummit 2016
RESTFul Tools For Lazy Experts - CFSummit 2016Ortus Solutions, Corp
 
Take home your very own free Vagrant CFML Dev Environment - Presented at dev....
Take home your very own free Vagrant CFML Dev Environment - Presented at dev....Take home your very own free Vagrant CFML Dev Environment - Presented at dev....
Take home your very own free Vagrant CFML Dev Environment - Presented at dev....Gavin Pickin
 
CollabSphere 2018: How to build your SmartCloud Notes hybrid environment
CollabSphere 2018: How to build your SmartCloud Notes hybrid environmentCollabSphere 2018: How to build your SmartCloud Notes hybrid environment
CollabSphere 2018: How to build your SmartCloud Notes hybrid environmentDavid Hablewitz
 
Automating Attacks Against Office365 - BsidesPDX 2016
Automating Attacks Against Office365 - BsidesPDX 2016Automating Attacks Against Office365 - BsidesPDX 2016
Automating Attacks Against Office365 - BsidesPDX 2016Karl Fosaaen
 
Super Fast Application development with Mura CMS
Super Fast Application development with Mura CMSSuper Fast Application development with Mura CMS
Super Fast Application development with Mura CMSColdFusionConference
 
Immutable Infrastructure: the new App Deployment
Immutable Infrastructure: the new App DeploymentImmutable Infrastructure: the new App Deployment
Immutable Infrastructure: the new App DeploymentAxel Fontaine
 

What's hot (20)

Threading through InterBase, Firebird, and beyond
Threading through InterBase, Firebird, and beyondThreading through InterBase, Firebird, and beyond
Threading through InterBase, Firebird, and beyond
 
ColdFusion builder plugins
ColdFusion builder pluginsColdFusion builder plugins
ColdFusion builder plugins
 
Hidden gems in cf2016
Hidden gems in cf2016Hidden gems in cf2016
Hidden gems in cf2016
 
Load Balancing, Failover and Scalability with ColdFusion
Load Balancing, Failover and Scalability with ColdFusionLoad Balancing, Failover and Scalability with ColdFusion
Load Balancing, Failover and Scalability with ColdFusion
 
Realtime with websockets
Realtime with websocketsRealtime with websockets
Realtime with websockets
 
Developing High Performance and Scalable ColdFusion Application Using Terraco...
Developing High Performance and Scalable ColdFusion Application Using Terraco...Developing High Performance and Scalable ColdFusion Application Using Terraco...
Developing High Performance and Scalable ColdFusion Application Using Terraco...
 
Command box
Command boxCommand box
Command box
 
Java script anywhere. What Nombas was doing pre-acquisition.
Java script anywhere. What Nombas was doing pre-acquisition.Java script anywhere. What Nombas was doing pre-acquisition.
Java script anywhere. What Nombas was doing pre-acquisition.
 
Expand Your ColdFusion App Power with AWS
Expand Your ColdFusion App Power with AWSExpand Your ColdFusion App Power with AWS
Expand Your ColdFusion App Power with AWS
 
SCUGBE_Lowlands_Unite_2017_Managing Windows Containers with Docker
SCUGBE_Lowlands_Unite_2017_Managing Windows Containers with DockerSCUGBE_Lowlands_Unite_2017_Managing Windows Containers with Docker
SCUGBE_Lowlands_Unite_2017_Managing Windows Containers with Docker
 
Supporting Digital Media Workflows in the Cloud with Perforce Helix
Supporting Digital Media Workflows in the Cloud with Perforce HelixSupporting Digital Media Workflows in the Cloud with Perforce Helix
Supporting Digital Media Workflows in the Cloud with Perforce Helix
 
Locking Down CF Servers
Locking Down CF ServersLocking Down CF Servers
Locking Down CF Servers
 
RESTFul Tools For Lazy Experts - CFSummit 2016
RESTFul Tools For Lazy Experts - CFSummit 2016RESTFul Tools For Lazy Experts - CFSummit 2016
RESTFul Tools For Lazy Experts - CFSummit 2016
 
60 Admin Tips
60 Admin Tips60 Admin Tips
60 Admin Tips
 
Take home your very own free Vagrant CFML Dev Environment - Presented at dev....
Take home your very own free Vagrant CFML Dev Environment - Presented at dev....Take home your very own free Vagrant CFML Dev Environment - Presented at dev....
Take home your very own free Vagrant CFML Dev Environment - Presented at dev....
 
CollabSphere 2018: How to build your SmartCloud Notes hybrid environment
CollabSphere 2018: How to build your SmartCloud Notes hybrid environmentCollabSphere 2018: How to build your SmartCloud Notes hybrid environment
CollabSphere 2018: How to build your SmartCloud Notes hybrid environment
 
Automating Attacks Against Office365 - BsidesPDX 2016
Automating Attacks Against Office365 - BsidesPDX 2016Automating Attacks Against Office365 - BsidesPDX 2016
Automating Attacks Against Office365 - BsidesPDX 2016
 
EVOLVE'14 | Enhance | Anshul Chhabra & Akhil Aggrawal | Cisco - AEM High Avai...
EVOLVE'14 | Enhance | Anshul Chhabra & Akhil Aggrawal | Cisco - AEM High Avai...EVOLVE'14 | Enhance | Anshul Chhabra & Akhil Aggrawal | Cisco - AEM High Avai...
EVOLVE'14 | Enhance | Anshul Chhabra & Akhil Aggrawal | Cisco - AEM High Avai...
 
Super Fast Application development with Mura CMS
Super Fast Application development with Mura CMSSuper Fast Application development with Mura CMS
Super Fast Application development with Mura CMS
 
Immutable Infrastructure: the new App Deployment
Immutable Infrastructure: the new App DeploymentImmutable Infrastructure: the new App Deployment
Immutable Infrastructure: the new App Deployment
 

Viewers also liked

Introduction to HTTP/2
Introduction to HTTP/2Introduction to HTTP/2
Introduction to HTTP/2Ido Flatow
 
Production debugging web applications
Production debugging web applicationsProduction debugging web applications
Production debugging web applicationsIdo Flatow
 
From VMs to Containers: Introducing Docker Containers for Linux and Windows S...
From VMs to Containers: Introducing Docker Containers for Linux and Windows S...From VMs to Containers: Introducing Docker Containers for Linux and Windows S...
From VMs to Containers: Introducing Docker Containers for Linux and Windows S...Ido Flatow
 
Building IoT and Big Data Solutions on Azure
Building IoT and Big Data Solutions on AzureBuilding IoT and Big Data Solutions on Azure
Building IoT and Big Data Solutions on AzureIdo Flatow
 
Powershell For Developers
Powershell For DevelopersPowershell For Developers
Powershell For DevelopersIdo Flatow
 
The Essentials of Building Cloud-Based Web Apps with Azure
The Essentials of Building Cloud-Based Web Apps with AzureThe Essentials of Building Cloud-Based Web Apps with Azure
The Essentials of Building Cloud-Based Web Apps with AzureIdo Flatow
 
ASP.NET Core 1.0
ASP.NET Core 1.0ASP.NET Core 1.0
ASP.NET Core 1.0Ido Flatow
 
IIS for Developers
IIS for DevelopersIIS for Developers
IIS for DevelopersIdo Flatow
 
Introducing HTTP/2
Introducing HTTP/2Introducing HTTP/2
Introducing HTTP/2Ido Flatow
 
IaaS vs. PaaS: Windows Azure Compute Solutions
IaaS vs. PaaS: Windows Azure Compute SolutionsIaaS vs. PaaS: Windows Azure Compute Solutions
IaaS vs. PaaS: Windows Azure Compute SolutionsIdo Flatow
 
React vs angular (mobile first battle)
React vs angular (mobile first battle)React vs angular (mobile first battle)
React vs angular (mobile first battle)Michael Haberman
 
Advanced WCF Workshop
Advanced WCF WorkshopAdvanced WCF Workshop
Advanced WCF WorkshopIdo Flatow
 
Learning ASP.NET 5 and MVC 6
Learning ASP.NET 5 and MVC 6Learning ASP.NET 5 and MVC 6
Learning ASP.NET 5 and MVC 6Ido Flatow
 
What HTTP/2.0 Will Do For You
What HTTP/2.0 Will Do For YouWhat HTTP/2.0 Will Do For You
What HTTP/2.0 Will Do For YouMark Nottingham
 
ASP.NET Web API and HTTP Fundamentals
ASP.NET Web API and HTTP FundamentalsASP.NET Web API and HTTP Fundamentals
ASP.NET Web API and HTTP FundamentalsIdo Flatow
 
Introduction to HTTP/2
Introduction to HTTP/2Introduction to HTTP/2
Introduction to HTTP/2Ido Flatow
 
HTTP/2 Changes Everything
HTTP/2 Changes EverythingHTTP/2 Changes Everything
HTTP/2 Changes EverythingLori MacVittie
 
High Performance Web - Full Stack Toronto
High Performance Web - Full Stack TorontoHigh Performance Web - Full Stack Toronto
High Performance Web - Full Stack TorontoMaximiliano Firtman
 

Viewers also liked (19)

Introduction to HTTP/2
Introduction to HTTP/2Introduction to HTTP/2
Introduction to HTTP/2
 
Production debugging web applications
Production debugging web applicationsProduction debugging web applications
Production debugging web applications
 
From VMs to Containers: Introducing Docker Containers for Linux and Windows S...
From VMs to Containers: Introducing Docker Containers for Linux and Windows S...From VMs to Containers: Introducing Docker Containers for Linux and Windows S...
From VMs to Containers: Introducing Docker Containers for Linux and Windows S...
 
Building IoT and Big Data Solutions on Azure
Building IoT and Big Data Solutions on AzureBuilding IoT and Big Data Solutions on Azure
Building IoT and Big Data Solutions on Azure
 
EF Core (RC2)
EF Core (RC2)EF Core (RC2)
EF Core (RC2)
 
Powershell For Developers
Powershell For DevelopersPowershell For Developers
Powershell For Developers
 
The Essentials of Building Cloud-Based Web Apps with Azure
The Essentials of Building Cloud-Based Web Apps with AzureThe Essentials of Building Cloud-Based Web Apps with Azure
The Essentials of Building Cloud-Based Web Apps with Azure
 
ASP.NET Core 1.0
ASP.NET Core 1.0ASP.NET Core 1.0
ASP.NET Core 1.0
 
IIS for Developers
IIS for DevelopersIIS for Developers
IIS for Developers
 
Introducing HTTP/2
Introducing HTTP/2Introducing HTTP/2
Introducing HTTP/2
 
IaaS vs. PaaS: Windows Azure Compute Solutions
IaaS vs. PaaS: Windows Azure Compute SolutionsIaaS vs. PaaS: Windows Azure Compute Solutions
IaaS vs. PaaS: Windows Azure Compute Solutions
 
React vs angular (mobile first battle)
React vs angular (mobile first battle)React vs angular (mobile first battle)
React vs angular (mobile first battle)
 
Advanced WCF Workshop
Advanced WCF WorkshopAdvanced WCF Workshop
Advanced WCF Workshop
 
Learning ASP.NET 5 and MVC 6
Learning ASP.NET 5 and MVC 6Learning ASP.NET 5 and MVC 6
Learning ASP.NET 5 and MVC 6
 
What HTTP/2.0 Will Do For You
What HTTP/2.0 Will Do For YouWhat HTTP/2.0 Will Do For You
What HTTP/2.0 Will Do For You
 
ASP.NET Web API and HTTP Fundamentals
ASP.NET Web API and HTTP FundamentalsASP.NET Web API and HTTP Fundamentals
ASP.NET Web API and HTTP Fundamentals
 
Introduction to HTTP/2
Introduction to HTTP/2Introduction to HTTP/2
Introduction to HTTP/2
 
HTTP/2 Changes Everything
HTTP/2 Changes EverythingHTTP/2 Changes Everything
HTTP/2 Changes Everything
 
High Performance Web - Full Stack Toronto
High Performance Web - Full Stack TorontoHigh Performance Web - Full Stack Toronto
High Performance Web - Full Stack Toronto
 

Similar to Debugging the Web with Fiddler

How Applications Manager helps with application performance monitoring
How Applications Manager helps with application performance monitoringHow Applications Manager helps with application performance monitoring
How Applications Manager helps with application performance monitoringManageEngine, Zoho Corporation
 
CNIT 152: 10 Enterprise Services
CNIT 152: 10 Enterprise ServicesCNIT 152: 10 Enterprise Services
CNIT 152: 10 Enterprise ServicesSam Bowne
 
CNIT 121: 10 Enterprise Services
CNIT 121: 10 Enterprise ServicesCNIT 121: 10 Enterprise Services
CNIT 121: 10 Enterprise ServicesSam Bowne
 
Monitoring and Scaling Redis at DataDog - Ilan Rabinovitch, DataDog
 Monitoring and Scaling Redis at DataDog - Ilan Rabinovitch, DataDog Monitoring and Scaling Redis at DataDog - Ilan Rabinovitch, DataDog
Monitoring and Scaling Redis at DataDog - Ilan Rabinovitch, DataDogRedis Labs
 
Penny coventry fiddler-spsbe23
Penny coventry fiddler-spsbe23Penny coventry fiddler-spsbe23
Penny coventry fiddler-spsbe23BIWUG
 
SharePoint Saturday San Antonio: SharePoint 2010 Performance
SharePoint Saturday San Antonio: SharePoint 2010 PerformanceSharePoint Saturday San Antonio: SharePoint 2010 Performance
SharePoint Saturday San Antonio: SharePoint 2010 PerformanceBrian Culver
 
AWS for Java Developers workshop
AWS for Java Developers workshopAWS for Java Developers workshop
AWS for Java Developers workshopRory Preddy
 
Introduction to node.js aka NodeJS
Introduction to node.js aka NodeJSIntroduction to node.js aka NodeJS
Introduction to node.js aka NodeJSJITENDRA KUMAR PATEL
 
Introduction to dot net framework by vaishali sahare [katkar]
Introduction to dot net framework by vaishali sahare [katkar]Introduction to dot net framework by vaishali sahare [katkar]
Introduction to dot net framework by vaishali sahare [katkar]vaishalisahare123
 
Application Streaming is dead. A smart way to choose an alternative
Application Streaming is dead. A smart way to choose an alternativeApplication Streaming is dead. A smart way to choose an alternative
Application Streaming is dead. A smart way to choose an alternativeDenis Gundarev
 
Tech IT Easy x DevTalk : "Secure Your Coding with OWASP"
Tech IT Easy x DevTalk : "Secure Your Coding with OWASP"Tech IT Easy x DevTalk : "Secure Your Coding with OWASP"
Tech IT Easy x DevTalk : "Secure Your Coding with OWASP"Andi Rustandi Djunaedi
 
Windows internals
Windows internalsWindows internals
Windows internalsPiyush Jain
 
SharePoint Saturday The Conference 2011 - SP2010 Performance
SharePoint Saturday The Conference 2011 - SP2010 PerformanceSharePoint Saturday The Conference 2011 - SP2010 Performance
SharePoint Saturday The Conference 2011 - SP2010 PerformanceBrian Culver
 
SharePoint 2013 Performance Analysis - Robi Vončina
SharePoint 2013 Performance Analysis - Robi VončinaSharePoint 2013 Performance Analysis - Robi Vončina
SharePoint 2013 Performance Analysis - Robi VončinaSPC Adriatics
 

Similar to Debugging the Web with Fiddler (20)

How Applications Manager helps with application performance monitoring
How Applications Manager helps with application performance monitoringHow Applications Manager helps with application performance monitoring
How Applications Manager helps with application performance monitoring
 
20120306 dublin js
20120306 dublin js20120306 dublin js
20120306 dublin js
 
CNIT 152: 10 Enterprise Services
CNIT 152: 10 Enterprise ServicesCNIT 152: 10 Enterprise Services
CNIT 152: 10 Enterprise Services
 
CNIT 121: 10 Enterprise Services
CNIT 121: 10 Enterprise ServicesCNIT 121: 10 Enterprise Services
CNIT 121: 10 Enterprise Services
 
Monitoring and Scaling Redis at DataDog - Ilan Rabinovitch, DataDog
 Monitoring and Scaling Redis at DataDog - Ilan Rabinovitch, DataDog Monitoring and Scaling Redis at DataDog - Ilan Rabinovitch, DataDog
Monitoring and Scaling Redis at DataDog - Ilan Rabinovitch, DataDog
 
Penny coventry fiddler-spsbe23
Penny coventry fiddler-spsbe23Penny coventry fiddler-spsbe23
Penny coventry fiddler-spsbe23
 
SharePoint Saturday San Antonio: SharePoint 2010 Performance
SharePoint Saturday San Antonio: SharePoint 2010 PerformanceSharePoint Saturday San Antonio: SharePoint 2010 Performance
SharePoint Saturday San Antonio: SharePoint 2010 Performance
 
Node.js
Node.jsNode.js
Node.js
 
AWS for Java Developers workshop
AWS for Java Developers workshopAWS for Java Developers workshop
AWS for Java Developers workshop
 
Introduction to node.js aka NodeJS
Introduction to node.js aka NodeJSIntroduction to node.js aka NodeJS
Introduction to node.js aka NodeJS
 
Beginners Node.js
Beginners Node.jsBeginners Node.js
Beginners Node.js
 
Testing Testing everywhere
Testing Testing everywhereTesting Testing everywhere
Testing Testing everywhere
 
One to rule them all
One to rule them allOne to rule them all
One to rule them all
 
Introduction to dot net framework by vaishali sahare [katkar]
Introduction to dot net framework by vaishali sahare [katkar]Introduction to dot net framework by vaishali sahare [katkar]
Introduction to dot net framework by vaishali sahare [katkar]
 
Application Streaming is dead. A smart way to choose an alternative
Application Streaming is dead. A smart way to choose an alternativeApplication Streaming is dead. A smart way to choose an alternative
Application Streaming is dead. A smart way to choose an alternative
 
Tech IT Easy x DevTalk : "Secure Your Coding with OWASP"
Tech IT Easy x DevTalk : "Secure Your Coding with OWASP"Tech IT Easy x DevTalk : "Secure Your Coding with OWASP"
Tech IT Easy x DevTalk : "Secure Your Coding with OWASP"
 
Windows 8 Metro apps and the outside world
Windows 8 Metro apps and the outside worldWindows 8 Metro apps and the outside world
Windows 8 Metro apps and the outside world
 
Windows internals
Windows internalsWindows internals
Windows internals
 
SharePoint Saturday The Conference 2011 - SP2010 Performance
SharePoint Saturday The Conference 2011 - SP2010 PerformanceSharePoint Saturday The Conference 2011 - SP2010 Performance
SharePoint Saturday The Conference 2011 - SP2010 Performance
 
SharePoint 2013 Performance Analysis - Robi Vončina
SharePoint 2013 Performance Analysis - Robi VončinaSharePoint 2013 Performance Analysis - Robi Vončina
SharePoint 2013 Performance Analysis - Robi Vončina
 

More from Ido Flatow

Google Cloud IoT Core
Google Cloud IoT CoreGoogle Cloud IoT Core
Google Cloud IoT CoreIdo Flatow
 
Introduction to HTTP/2
Introduction to HTTP/2Introduction to HTTP/2
Introduction to HTTP/2Ido Flatow
 
Production Debugging War Stories
Production Debugging War StoriesProduction Debugging War Stories
Production Debugging War StoriesIdo Flatow
 
Migrating Customers to Microsoft Azure: Lessons Learned From the Field
Migrating Customers to Microsoft Azure: Lessons Learned From the FieldMigrating Customers to Microsoft Azure: Lessons Learned From the Field
Migrating Customers to Microsoft Azure: Lessons Learned From the FieldIdo Flatow
 
Caching in Windows Azure
Caching in Windows AzureCaching in Windows Azure
Caching in Windows AzureIdo Flatow
 
Automating Windows Azure
Automating Windows AzureAutomating Windows Azure
Automating Windows AzureIdo Flatow
 

More from Ido Flatow (6)

Google Cloud IoT Core
Google Cloud IoT CoreGoogle Cloud IoT Core
Google Cloud IoT Core
 
Introduction to HTTP/2
Introduction to HTTP/2Introduction to HTTP/2
Introduction to HTTP/2
 
Production Debugging War Stories
Production Debugging War StoriesProduction Debugging War Stories
Production Debugging War Stories
 
Migrating Customers to Microsoft Azure: Lessons Learned From the Field
Migrating Customers to Microsoft Azure: Lessons Learned From the FieldMigrating Customers to Microsoft Azure: Lessons Learned From the Field
Migrating Customers to Microsoft Azure: Lessons Learned From the Field
 
Caching in Windows Azure
Caching in Windows AzureCaching in Windows Azure
Caching in Windows Azure
 
Automating Windows Azure
Automating Windows AzureAutomating Windows Azure
Automating Windows Azure
 

Recently uploaded

Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxYounusS2
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIUdaiappa Ramachandran
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdfJamie (Taka) Wang
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceMartin Humpolec
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataSafe Software
 

Recently uploaded (20)

Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptx
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AI
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your Salesforce
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
 

Debugging the Web with Fiddler

  • 1. Debugging the Web with Fiddler Ido Flatow Senior Architect Microsoft MVP & RD Sela Group
  • 4. Fiddler Facts • A proxy server • An HTTP/HTTPS Sniffer • An HTTP Debugger • Written in .NET / Mono • A free utility (for now, cross your fingers) • An extensible application • A must tool for web developers • Unfortunately, it doesn’t make coffee!
  • 5. How Fiddler Works… Internet Explorer WinINET Office CryptoAPI WinHTTP Fiddler Firefox Upstream Proxy Web Site Firewall
  • 8. Fiddler to the Rescue • Browsers (Static sites, ASP.NET, J2EE, PHP) • Desktop applications that use HTTP • Web services • Phone emulators • Any device that supports a proxy server ( )
  • 9. The Sessions List Sequence and color coding Caching information Origin process Manual commentsResponse size
  • 10. Inspectors • See the content of messages (requests & responses) • View both headers and body • Transform content to viewable form XML, Image, JSON, JavaScript, Binary • Create your own inspectors
  • 11. Inspectors, Now with Web Sockets
  • 12. Filter by… By process type By specific process By host By process name/PID/svchost By URL By status code By MIME or size QuickExec
  • 13. Fiddler and HTTPS • Fiddler acts as a “machine-in-the-middle” • Generates certificates for web sites on-the-fly • Supports excluding sensitive HTTPS sites • Basic support for client certificates
  • 15. Reminder: Understanding the Connection Application Network APIs Proxy Website Second connection From Fiddler to the server First connection From client to Fiddler
  • 16. Visualize the Traffic with Timeline Start End Bar color = MIME Red = new connection Green = reused connection Disk = cached response Bar = begin receive Stripes = buffered by Fiddler Prefer stream over buffer Use buffer when editing responses
  • 17. Single Session Timeline • Server wait time • Time to receive headers and body • Time between body chunks
  • 18. Statistics are Important • Single page statistics give info on performance – Client processing – Server processing – Network latency • Execution time: ServerBeginResponse – ServerGotRequest • Upload time: ServerGotRequest – ClientDoneRequest • Download time: ServerDoneResponse – ServerBeginResponse • Watch out for misleading connection reuse • Add timer columns instead of calculating
  • 19. Statistics are Important • Statistics is also supported for multiple sessions • Aggregative information – Request count – Unique hosts – Bytes sent – Bytes received – Elapsed time – Response code statistics – Content statistics
  • 20. Performance-related inspectors • Transformer • Image view • Caching • Cookies • HTML Inspector (3rd party)
  • 21. Drawing Conclusions • Reduce number of requests • Reduce traffic roundtrips • Reduce the size of requests and responses • Applying compression where needed • Identify non-cached responses • Use Fiddler to improve performance, not to measure it!
  • 23. Manipulate Traffic with Rules • Simulate user-agents (IE, Mozila…) • Simulate network latency • Disable sending cache headers • HOSTS file remapping • You can also write your own rules! http://fiddlerbook.com/Fiddler/dev/ScriptSamples.asp
  • 24. Play it Again, Sam • Why run the client scenario again, just to resend the request? • Simply click “Replay” – Reissue a single request – Reissue a set of requests – Reissue unconditionally (no cache headers) – Reissue multiple times • What if the request needs a change before reissuing?
  • 25. Changing Requests with Composer • Create any request from scratch • Use previous requests with drag-n-drop • Don’t bother calculating content length • Composed requests history www.bobthebuilder.com
  • 26. Breakpoints – Human in the Middle • Manual control over request & response • Stop on any direction • Manipulate header and body • Auto reply instead of forwarding request • Least used feature in Fiddler!!
  • 27. Debugging Localhost • In some cases, proxies are bypassed when using localhost (127.0.0.1) addresses • What to do? • Use the machine’s name • Use fictitious DNS names – ipv4.fiddler or ipv6.fiddler (converted to 127.0.0.1 / [::1]) – localhost. or localhost.fiddler (converted to localhost)
  • 28. Debugging Services • Fiddler hooks to the interactive user • IIS App Pools and Windows Services runs with built-in users (Network Service / AppPoolIdentity) • Use network sniffers and export as PCAP • Download PsExec and run: PsExec.exe -i -u "nt authoritynetwork service" "%ProgramFiles(x86)%Fiddler2Fiddler.exe"
  • 29. If You See This, Don’t Panic
  • 31. “My Code is Perfect” • No more “I can’t reproduce this bug” • Save sessions to .SAZ archive and send them to the developer • Saves everything, not only text responses • Open on another machine, inspect, and replay if necessary
  • 32. I Got this From Fiddler • Save/Load sessions to .SAZ files • Export/Import HTTP Archive (HAR) sessions • Export sessions to raw files. Great for: – Images – CSS – Scripts – Data URIs • Export as Visual Studio web test
  • 33. In-Memory Website with Auto- Responder • Match URI according to – String literals (sub-string, * wildcard) – Inverse string literals – Exact match, including casing – Regular expressions • If a match then – Respond with file – Send stored response – Redirect (not 301 redirect) – Http Redirect (301) – Break – Delay send – Drop response If URI matches… then respond with…
  • 34. Extending Fiddler to Your Needs • Customize rules script • Create custom inspectors • Create requests and responses auto-modifiers • Create new exporter/importer • Extend QuickExec with new commands • Add menus and tabs http://docs.telerik.com/fiddler/Extend-Fiddler/ExtendWithDotNet
  • 35. Fiddler is More Than a Sniffer • Monitors traffic, yes, but also… • Controls traffic • Modifies traffic • Generates traffic • Easy to use • Extensible
  • 36. Resources • Fiddler Website – http://www.telerik.com/fiddler • Fiddler Forum – http://groups.google.com/group/httpfiddler • Fiddler Blog – http://www.telerik.com/blogs/tag/fiddler – http://www.telerik.com/blogs/fiddler-a-segue – http://blogs.msdn.com/b/fiddler (old blog) • My Info – @IdoFlatow // idof@sela.co.il // www.idoflatow.net/downloads