Fiddler

Introducing Fiddler
• HTTP/HTTPS Debugger
• Runs as a proxy server on the local machine
or on a remote server
• Written in C# (.NET Framework v2.0)
• Freely available from
http://www.fiddler2.com
 How does Fiddler work?
Firewall

Firefox

CryptoAPI WinHTTP

Internet CorpNET
WinINET Fiddler example.com
Explorer Proxy

Office
Debugging non-Windows clients
PC
PC
Mac
Mac

Fiddler Internet
Linux
Linux
PocketPC
PocketPC
 Who uses Fiddler?
• Microsoft engineers
• Support teams
• Lots of external web developers (10K+
downloads per week)
• Security researchers

• Some bad guys 

 What can Fiddler do?
• HTTP/HTTPS traffic monitoring and
analysis
• Request and response modification
• Timing and network manipulation
HTTPS Traffic Decryption
 Fiddler UI: Session List
• Icons show status of
request/response

• Lists all traffic

• URLs, size, and key
headers
• Icons show status of
request/response
 Fiddler UI: Inspectors

Inspectors allow you to visualize requests

and responses in meaningful ways.
 FiddlerScript Rules
• Rules are where Fiddler gets really fun!
• Use JavaScript to manipulate request or
response headers or entity body.
 Extending Fiddler UI

FiddlerScript and
extensions can add new
menu items or tabs.
 Using Simple Filters

Flag, modify or remove headers from

all requests and responses.
 AutoResponder

Replay previously captured or

generated traffic.
 Request Builder

Create hand-built HTTP

requests, or modify and
reissue a request
previously captured.
 Traffic Comparison
Use WinDiff to compare
HTTP requests and
responses.
 QuickExec

QuickExec
allows you to
issue textual
commands
directly…
 Search Traffic

Search for strings

in all captured
traffic.
 Text Encoding / Decoding

Convert text
between popular
web encodings.
 SAZ Files
• “Session Archive ZIP” files store raw traffic.
• SAZ files are compressed and may be
password protected.
• SAZ files can be reopened by Fiddler or
standard ZIP utilities.
• FiddlerCap allows capture of SAZ files by
non-technical, often remote, users.
 FiddlerCap

Use FiddlerCap for remote collection of evidence.

www.fiddlercap.com
 Fiddler application with extensions Your application hosting FiddlerCore

Fiddler 2 YourApp.exe
Inspector2

Inspector2
ExecAction.exe
ExecAction.exe

IFiddlerExtension

IFiddlerExtension

Fiddler ScriptEngine
Your FiddlerScript

FiddlerCore FiddlerCore

Xceed*.dll Makecert.exe Xceed*.dll Makecert.exe

 Questions?
https://www.fiddler2.com

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or
other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft
must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information
provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.