Fiddler

Introducing Fiddler

• HTTP/HTTPS Debugger• Runs as a proxy server on the local machine

or on a remote server• Written in C# (.NET Framework v2.0)• Freely available from

http://www.fiddler2.com

How does Fiddler work?

Internet Explorer

WinINET

Office

CryptoAPI WinHTTP

Fiddler

Firefox

CorpNET Proxy

example.com

Firewall

Debugging non-Windows clients

Fiddler

Mac

Internet

Linu

xPo

cket

PCPC

Who uses Fiddler?

• Microsoft engineers• Support teams• Lots of external web developers (10K+

downloads per week)• Security researchers

• Some bad guys

What can Fiddler do?

• HTTP/HTTPS traffic monitoring and analysis

• Request and response modification• Timing and network manipulation

HTTPS Traffic Decryption

Fiddler UI: Session List

• Lists all traffic• URLs, size, and key

headers• Icons show status of

request/response

• Icons show status of request/response

Fiddler UI: Inspectors

Inspectors allow you to visualize requests and responses in meaningful ways.

FiddlerScript Rules• Rules are where Fiddler gets really fun!• Use JavaScript to manipulate request or

response headers or entity body.

Extending Fiddler UI

FiddlerScript and extensions can add new menu items or tabs.

Using Simple Filters

Flag, modify or remove headers from all requests and responses.

AutoResponder

Replay previously captured or generated traffic.

Request Builder

Create hand-built HTTP requests, or modify and

reissue a request previously captured.

Traffic Comparison

Use WinDiff to compare HTTP requests and

responses.

QuickExec

QuickExec allows you to issue textual commands directly…

Search Traffic

Search for strings in all captured

traffic.

Text Encoding / Decoding

Convert text between popular web encodings.

SAZ Files

• “Session Archive ZIP” files store raw traffic.• SAZ files are compressed and may be

password protected.• SAZ files can be reopened by Fiddler or

standard ZIP utilities.• FiddlerCap allows capture of SAZ files by

non-technical, often remote, users.

FiddlerCap

Use FiddlerCap for remote collection of evidence.

www.fiddlercap.com

Fiddler 2

Fiddler ScriptEngine

Inspector2

Inspector2

IFiddlerExtension

IFiddlerExtension

FiddlerCore

Exec

Actio

n.ex

e

YourApp.exe

FiddlerCore

Fiddler application with extensions Your application hosting FiddlerCore

Your FiddlerScript

Xceed*.dll Makecert.exe Xceed*.dll Makecert.exe

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as

of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES,

EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Questions?

https://www.fiddler2.com