4. Fiddler Facts
• A proxy server
• An HTTP/HTTPS Sniffer
• An HTTP Debugger
• Written in .NET / Mono
• A free utility (for now, cross your fingers)
• An extensible application
• A must tool for web developers
• Unfortunately, it doesn’t make coffee!
8. Fiddler to the Rescue
• Browsers (Static sites, ASP.NET, J2EE, PHP)
• Desktop applications that use HTTP
• Web services
• Phone emulators
• Any device that supports
a proxy server ( )
9. The Sessions List
Sequence and color
coding
Caching information
Origin process
Manual
commentsResponse size
10. Inspectors
• See the content of messages (requests & responses)
• View both headers and body
• Transform content to viewable form XML, Image, JSON, JavaScript, Binary
• Create your own inspectors
12. Filter by…
By process type
By specific process
By host
By process name/PID/svchost
By URL
By status code
By MIME or size
QuickExec
13. Fiddler and HTTPS
• Fiddler acts as a “machine-in-the-middle”
• Generates certificates for web sites on-the-fly
• Supports excluding sensitive HTTPS sites
• Basic support for client certificates
16. Visualize the Traffic with Timeline
Start End
Bar color = MIME
Red = new connection
Green = reused connection
Disk = cached response
Bar = begin receive
Stripes = buffered by Fiddler
Prefer stream over buffer
Use buffer when editing responses
17. Single Session Timeline
• Server wait time
• Time to receive headers and body
• Time between body chunks
18. Statistics are Important
• Single page statistics give info on performance
– Client processing
– Server processing
– Network latency
• Execution time:
ServerBeginResponse – ServerGotRequest
• Upload time:
ServerGotRequest – ClientDoneRequest
• Download time:
ServerDoneResponse – ServerBeginResponse
• Watch out for misleading connection reuse
• Add timer columns instead of calculating
19. Statistics are Important
• Statistics is also supported for multiple sessions
• Aggregative information
– Request count
– Unique hosts
– Bytes sent
– Bytes received
– Elapsed time
– Response code statistics
– Content statistics
21. Drawing Conclusions
• Reduce number of requests
• Reduce traffic roundtrips
• Reduce the size of requests and responses
• Applying compression where needed
• Identify non-cached responses
• Use Fiddler to improve performance, not to measure it!
23. Manipulate Traffic with Rules
• Simulate user-agents (IE, Mozila…)
• Simulate network latency
• Disable sending cache headers
• HOSTS file remapping
• You can also write your own rules!
http://fiddlerbook.com/Fiddler/dev/ScriptSamples.asp
24. Play it Again, Sam
• Why run the client scenario again, just to resend the request?
• Simply click “Replay”
– Reissue a single request
– Reissue a set of requests
– Reissue unconditionally (no cache headers)
– Reissue multiple times
• What if the request needs a change before reissuing?
25. Changing Requests with Composer
• Create any request from scratch
• Use previous requests with drag-n-drop
• Don’t bother calculating content length
• Composed requests history
www.bobthebuilder.com
26. Breakpoints – Human in the Middle
• Manual control over
request & response
• Stop on any direction
• Manipulate header and body
• Auto reply instead of
forwarding request
• Least used feature in Fiddler!!
27. Debugging Localhost
• In some cases, proxies are bypassed when using
localhost (127.0.0.1) addresses
• What to do?
• Use the machine’s name
• Use fictitious DNS names
– ipv4.fiddler or ipv6.fiddler (converted to 127.0.0.1 / [::1])
– localhost. or localhost.fiddler (converted to localhost)
28. Debugging Services
• Fiddler hooks to the interactive user
• IIS App Pools and Windows Services runs with
built-in users (Network Service / AppPoolIdentity)
• Use network sniffers and export as PCAP
• Download PsExec and run:
PsExec.exe -i -u "nt authoritynetwork service"
"%ProgramFiles(x86)%Fiddler2Fiddler.exe"
31. “My Code is Perfect”
• No more “I can’t reproduce this
bug”
• Save sessions to .SAZ archive
and send them to the developer
• Saves everything, not only text
responses
• Open on another machine,
inspect, and replay if necessary
32. I Got this From Fiddler
• Save/Load sessions to .SAZ files
• Export/Import HTTP Archive (HAR) sessions
• Export sessions to raw files. Great for:
– Images
– CSS
– Scripts
– Data URIs
• Export as Visual Studio web test
33. In-Memory Website with Auto-
Responder
• Match URI according to
– String literals (sub-string, * wildcard)
– Inverse string literals
– Exact match, including casing
– Regular expressions
• If a match then
– Respond with file
– Send stored response
– Redirect (not 301 redirect)
– Http Redirect (301)
– Break
– Delay send
– Drop response
If URI matches… then respond with…
34. Extending Fiddler to Your Needs
• Customize rules script
• Create custom inspectors
• Create requests and responses auto-modifiers
• Create new exporter/importer
• Extend QuickExec with new commands
• Add menus and tabs
http://docs.telerik.com/fiddler/Extend-Fiddler/ExtendWithDotNet
35. Fiddler is More Than a Sniffer
• Monitors traffic, yes, but also…
• Controls traffic
• Modifies traffic
• Generates traffic
• Easy to use
• Extensible
36. Resources
• Fiddler Website
– http://www.telerik.com/fiddler
• Fiddler Forum
– http://groups.google.com/group/httpfiddler
• Fiddler Blog
– http://www.telerik.com/blogs/tag/fiddler
– http://www.telerik.com/blogs/fiddler-a-segue
– http://blogs.msdn.com/b/fiddler (old blog)
• My Info
– @IdoFlatow // idof@sela.co.il // www.idoflatow.net/downloads