Table of Contents
Acknowledgements………………………………………………………………………………………………………………………………………… iii
Table of Contents……………………………………………………………………………………………………………………………………………. iv
Origins……………………………………………………………………………………………………………………………………………………………… 1
About this book…………………………………………………………………………………………………………………………………………… 3
A Quick Primer………………………………………………………………………………………………………………………………………………… 5
Basic Concepts…………………………………………………………………………………………………………………………………………….. 5
Fiddler Scenarios………………………………………………………………………………………………………………………………………… 6
Getting Started with Fiddler…………………………………………………………………………………………………………………………….. 8
System Requirements…………………………………………………………………………………………………………………………………. 8
Installing Fiddler………………………………………………………………………………………………………………………………………….. 8
Updating Fiddler………………………………………………………………………………………………………………………………………….. 9
The Fiddler User-Interface…………………………………………………………………………………………………………………………….. 10
The Web Sessions List……………………………………………………………………………………………………………………………….. 10
Web Sessions Context Menu…………………………………………………………………………………………………………………….. 13
Fiddler’s Main Menu……………………………………………………………………………………………………………………………………… 17
Fiddler’s About Box…………………………………………………………………………………………………………………………………… 22
Fiddler’s Toolbar……………………………………………………………………………………………………………………………………………. 24
Fiddler’s Status Bar……………………………………………………………………………………………………………………………………. 25
Application Hotkeys………………………………………………………………………………………………………………………………………. 26
QuickExec……………………………………………………………………………………………………………………………………………………… 27
The Fiddler User-Interface…………………………………………………………………………………………………………………………….. 32
Comparing Sessions……………………………………………………………………………………………………………………………………….. 33
Debugging with Breakpoints………………………………………………………………………………………………………………………….. 35
Statistics Tab………………………………………………………………………………………………………………………………………………….. 38
The Filters tab………………………………………………………………………………………………………………………………………………… 40
Request Headers………………………………………………………………………………………………………………………………………. 41
The Timeline tab……………………………………………………………………………………………………………………………………………. 45
Mode: Timeline…………………………………………………………………………………………………………………………………………. 45
Mode: Client Pipe Map……………………………………………………………………………………………………………………………… 47
Mode: Server Pipe Map……………………………………………………………………………………………………………………………. 47
The AutoResponder tab………………………………………………………………………………………………………………………………… 48
Specifying the Match Condition………………………………………………………………………………………………………………… 49
Specifying the Action Text………………………………………………………………………………………………………………………… 50
Using RegEx Replacements in Action Text…………………………………………………………………………………………………. 51
Drag-and-Drop support…………………………………………………………………………………………………………………………….. 52
FARX Files………………………………………………………………………………………………………………………………………………….. 53
Encoding and Decoding Text with the TextWizard………………………………………………………………………………………… 54
A Few Words on Character Encodings………………………………………………………………………………………………………. 55
The Composer tab…………………………………………………………………………………………………………………………………………. 56
The Log tab……………………………………………………………………………………………………………………………………………………. 60
The Find Sessions Dialog………………………………………………………………………………………………………………………………… 61
The HOSTS Dialog…………………………………………………………………………………………………………………………………………… 63
Retargeting Traffic with Fiddler……………………………………………………………………………………………………………………… 64
Features to Retarget Requests………………………………………………………………………………………………………………….. 66
Sending Traffic to Fiddler………………………………………………………………………………………………………………………………. 67
Capturing Traffic from Browsers……………………………………………………………………………………………………………….. 67
Capturing Traffic from Other Applications………………………………………………………………………………………………… 69
Capturing Traffic from Services…………………………………………………………………………………………………………………. 70
Capturing Traffic to Loopback…………………………………………………………………………………………………………………… 70
Running Fiddler on Mac OSX…………………………………………………………………………………………………………………….. 73
Capturing Traffic from Other Computers………………………………………………………………………………………………….. 74
Capturing Traffic from Devices………………………………………………………………………………………………………………….. 75
Using Fiddler as a Reverse Proxy………………………………………………………………………………………………………………. 76
Chaining to Upstream Proxy Servers…………………………………………………………………………………………………………. 77
Chaining to SOCKS / TOR…………………………………………………………………………………………………………………………… 77
VPNs, Modems, and Tethering………………………………………………………………………………………………………………….. 78
DirectAccess……………………………………………………………………………………………………………………………………………… 78
Buffering vs. Streaming Traffic………………………………………………………………………………………………………………………. 79
Request Buffering……………………………………………………………………………………………………………………………………… 79
Response Buffering…………………………………………………………………………………………………………………………………… 79
COMET………………………………………………………………………………………………………………………………………………………. 79
HTML5 WebSockets………………………………………………………………………………………………………………………………………. 81
Fiddler and HTTPS………………………………………………………………………………………………………………………………………….. 82
Configuring Clients for HTTPS Decryption……………………………………………………………………………………………………… 85
Certificate Validation……………………………………………………………………………………………………………………………………… 86
Apple iOS and Android………………………………………………………………………………………………………………………………….. 87
Client Certificates………………………………………………………………………………………………………………………………………….. 88
Client Certificates………………………………………………………………………………………………………………………………………….. 89
Fiddler and FTP……………………………………………………………………………………………………………………………………………… 90
Memory Use and Fiddler’s Bitness………………………………………………………………………………………………………………… 91
Fiddler and Web Authentication…………………………………………………………………………………………………………………… 93
HTTP Authentication…………………………………………………………………………………………………………………………………. 93
Automatic Authentication in Fiddler…………………………………………………………………………………………………………. 94
Authentication Issues………………………………………………………………………………………………………………………………… 95
HTTPS Client Certificates…………………………………………………………………………………………………………………………… 96
Inspectors……………………………………………………………………………………………………………………………………………………… 98
Auth (Request / Response)………………………………………………………………………………………………………………………….. 100
Caching (Response; ReadOnly)……………………………………………………………………………………………………………………. 102
Cookies (Request / Response; ReadOnly)……………………………………………………………………………………………………. 103
Headers (Request/Response; Read/Write)…………………………………………………………………………………………………. 104
Context Menu…………………………………………………………………………………………………………………………………………. 105
Keyboard Shortcuts………………………………………………………………………………………………………………………………… 105
Editing……………………………………………………………………………………………………………………………………………………… 105
HexView (Request / Response; Read/Write)………………………………………………………………………………………………. 107
ImageView (Response; ReadOnly)……………………………………………………………………………………………………………….. 109
JSON (Request / Response; ReadOnly)………………………………………………………………………………………………………… 110
Raw (Request / Response; Read/Write)………………………………………………………………………………………………………. 111
SyntaxView (Request / Response; Read/Write)…………………………………………………………………………………………… 112
TextView (Request / Response; Read/Write)………………………………………………………………………………………………. 114
Transformer (Response; Read/Write)…………………………………………………………………………………………………………. 115
WebForms (Request; Read/Write)……………………………………………………………………………………………………………… 117
WebView (Response; ReadOnly)…………………………………………………………………………………………………………………. 118
XML (Request / Response; ReadOnly)…………………………………………………………………………………………………………. 119
Fiddler Options……………………………………………………………………………………………………………………………………………. 120
General Options……………………………………………………………………………………………………………………………………… 120
HTTPS Options…………………………………………………………………………………………………………………………………………. 121
Extensions Options………………………………………………………………………………………………………………………………….. 122
Connections Options………………………………………………………………………………………………………………………………. 123
Appearance Options……………………………………………………………………………………………………………………………….. 124
Preferences………………………………………………………………………………………………………………………………………………… 125
Understanding Text Encodings…………………………………………………………………………………………………………………….. 126
Fiddler Extensions……………………………………………………………………………………………………………………………………….. 127
Gallery…………………………………………………………………………………………………………………………………………………………. 128
Full-Screen View……………………………………………………………………………………………………………………………………… 128
Content Blocker…………………………………………………………………………………………………………………………………………… 130
FiddlerScript Editors……………………………………………………………………………………………………………………………………. 132
FiddlerScript Tab…………………………………………………………………………………………………………………………………….. 132
ClassView Sidebar……………………………………………………………………………………………………………………………………. 133
Fiddler2 ScriptEditor……………………………………………………………………………………………………………………………….. 133
SAZ Clipboard………………………………………………………………………………………………………………………………………………. 135
Traffic Differ………………………………………………………………………………………………………………………………………………… 136
AnyWHERE…………………………………………………………………………………………………………………………………………………… 137
JavaScript Formatter……………………………………………………………………………………………………………………………………. 138
Session Archive Zip (SAZ) Files…………………………………………………………………………………………………………………….. 139
Protecting SAZ Files………………………………………………………………………………………………………………………………… 139
Importing and Exporting Sessions………………………………………………………………………………………………………………… 141
Import Formats……………………………………………………………………………………………………………………………………….. 141
Export Formats………………………………………………………………………………………………………………………………………… 141
Fiddler’s Viewer Mode………………………………………………………………………………………………………………………………… 146
FiddlerCap…………………………………………………………………………………………………………………………………………………… 147
Capture Box…………………………………………………………………………………………………………………………………………….. 147
Capture Options Box……………………………………………………………………………………………………………………………….. 148
Tools Box…………………………………………………………………………………………………………………………………………………. 149
Using Fiddler for Performance Debugging………………………………………………………………………………………………….. 152
Using Fiddler for Content Collection……………………………………………………………………………………………………………. 153
Using Fiddler for Security Analysis………………………………………………………………………………………………………………. 154
Configuration for IT Administrators……………………………………………………………………………………………………………… 155
Using Fiddler for Compatibility Diagnosis…………………………………………………………………………………………………….. 156
Extending Fiddler with FiddlerScript……………………………………………………………………………………………………………. 158
About FiddlerScript…………………………………………………………………………………………………………………………………. 158
Editing FiddlerScript………………………………………………………………………………………………………………………………… 159
FiddlerScript Functions……………………………………………………………………………………………………………………………….. 161
Session Handling Functions…………………………………………………………………………………………………………………….. 161
General Functions…………………………………………………………………………………………………………………………………… 162
Automating Fiddler……………………………………………………………………………………………………………………………………… 164
Extending Fiddler’s UI – Menus……………………………………………………………………………………………………………………. 167
Extending the Tools Menu………………………………………………………………………………………………………………………. 167
Extending the Web Sessions Context Menu……………………………………………………………………………………………. 168
Extending the Rules Menu………………………………………………………………………………………………………………………. 168
Creating New Top-Level Menus………………………………………………………………………………………………………………. 171
Extending Fiddler’s UI – Adding Columns to the Web Sessions List……………………………………………………………… 173
Binding Columns using Attributes……………………………………………………………………………………………………………. 173
Binding Columns using AddBoundColumn………………………………………………………………………………………………. 175
FiddlerObject Functions………………………………………………………………………………………………………………………………. 177
Referencing Assemblies………………………………………………………………………………………………………………………………. 180
Interacting with Fiddler……………………………………………………………………………………………………………………………….. 181
Sample Scripts……………………………………………………………………………………………………………………………………………… 182
Extending Fiddler with .NET…………………………………………………………………………………………………………………………. 186
Project Requirements and Settings…………………………………………………………………………………………………………. 187
Debugging Extensions……………………………………………………………………………………………………………………………… 187
Best Practices for Extensions………………………………………………………………………………………………………………….. 187
Interacting with Fiddler……………………………………………………………………………………………………………………………….. 192
Understanding SessionStates………………………………………………………………………………………………………………….. 192
SessionFlags…………………………………………………………………………………………………………………………………………….. 192
Sending Strings to the TextWizard………………………………………………………………………………………………………….. 193
Logging Events………………………………………………………………………………………………………………………………………… 194
Interacting with the FiddlerScript Engine………………………………………………………………………………………………… 194
Programming with Preferences…………………………………………………………………………………………………………………… 196
Preference Naming…………………………………………………………………………………………………………………………………. 196
The IFiddlerPreferences Interface………………………………………………………………………………………………………….. 196
Storing and Removing Preferences………………………………………………………………………………………………………… 197
Retrieving Preferences…………………………………………………………………………………………………………………………… 197
Watching for Preference Changes………………………………………………………………………………………………………….. 197
Notifications in Extensions………………………………………………………………………………………………………………………. 197
Notifications in FiddlerScript…………………………………………………………………………………………………………………… 198
Building Extension Installers………………………………………………………………………………………………………………………… 199
Building Inspectors………………………………………………………………………………………………………………………………………. 202
Inspecting the Session Object…………………………………………………………………………………………………………………. 205
Dealing with HTTP Compression and Chunking……………………………………………………………………………………………. 208
Decoding a Copy of the Body………………………………………………………………………………………………………………….. 208
Using the GetRe*BodyAsString Methods………………………………………………………………………………………………… 209
Using the utilDecode* Methods……………………………………………………………………………………………………………… 209
Inspector Assemblies………………………………………………………………………………………………………………………………. 210
Fiddler Extensions……………………………………………………………………………………………………………………………………….. 211
Integrating with QuickExec……………………………………………………………………………………………………………………… 212
Extension Assemblies……………………………………………………………………………………………………………………………… 213
Import and Export Transcoders…………………………………………………………………………………………………………………… 214
Handling Options…………………………………………………………………………………………………………………………………….. 216
Going Beyond Files………………………………………………………………………………………………………………………………….. 218
FiddlerCore…………………………………………………………………………………………………………………………………………………. 224
Legalities…………………………………………………………………………………………………………………………………………………. 225
Getting Started with FiddlerCore…………………………………………………………………………………………………………….. 225
Compiling the Sample Application…………………………………………………………………………………………………………… 225
The FiddlerCoreStartupFlags…………………………………………………………………………………………………………………… 227
The FiddlerApplication Class……………………………………………………………………………………………………………………….. 229
FiddlerApplication Events……………………………………………………………………………………………………………………….. 229
FiddlerApplication Methods……………………………………………………………………………………………………………………. 230
FiddlerApplication Properties and Fields………………………………………………………………………………………………… 231
Fiddler API………………………………………………………………………………………………………………………………………………. 231
Common Tasks with FiddlerCore…………………………………………………………………………………………………………………. 233
Other resources……………………………………………………………………………………………………………………………………… 234
Appendix A: Troubleshooting……………………………………………………………………………………………………………………… 236
Missing Traffic…………………………………………………………………………………………………………………………………………. 236
Interference from Security Software……………………………………………………………………………………………………… 237
Corrupted Proxy Settings………………………………………………………………………………………………………………………… 238
Resetting Fiddler…………………………………………………………………………………………………………………………………….. 238
Troubleshooting Certificate Problems…………………………………………………………………………………………………….. 239
Wiping all traces of Fiddler……………………………………………………………………………………………………………………… 240
Fiddler crashes complaining about the “Configuration System”……………………………………………………………… 240
Fiddler randomly stops capturing traffic…………………………………………………………………………………………………. 240
Fiddler stalls streaming RPC-over-HTTPS traffic………………………………………………………………………………………. 241
Appendix B: Command Line Syntax…………………………………………………………………………………………………………….. 242
Option Flags…………………………………………………………………………………………………………………………………………….. 242
Appendix C: Session Flags……………………………………………………………………………………………………………………………. 243
Session Display Flags……………………………………………………………………………………………………………………………….. 243
Breakpoint and Editing Flags……………………………………………………………………………………………………………………. 244
Network Routing Flags…………………………………………………………………………………………………………………………….. 245
Performance Simulation Flags…………………………………………………………………………………………………………………. 247
Client Information Flags…………………………………………………………………………………………………………………………… 247
HTTPS Flags……………………………………………………………………………………………………………………………………………… 248
Appendix D: Preferences……………………………………………………………………………………………………………………………. 254
Network Preferences……………………………………………………………………………………………………………………………… 254
HTTPS Preferences…………………………………………………………………………………………………………………………………. 257
Fiddler UI Preferences……………………………………………………………………………………………………………………………. 259
Path Configuration………………………………………………………………………………………………………………………………….. 265
Miscellaneous…………………………………………………………………………………………………………………………………………. 266
Extension Preferences……………………………………………………………………………………………………………………………. 266
Index……………………………………………………………………………………………………………………………………………………………. 270