FIDDLERPERFORMANCE/STRESS TESTING
TOOL
COORDINATOR: PRESENTED BY:
DR. ANOJ KUMAR HIMANI CHAUHAN
CSED,MNNIT ALLAHABAD
TABLE OF CONTENT
• WHY WE SELECT FIDDLER
• WHAT IS FIDDLER
• WHAT CAN FIDDLER DO
• KEY FEATURES
• HOW DOES IT WORK
• WEB SESSIONS
• INSPECTORS
• STATICS
• TIMELINE
WHY WE SELECT FIDDLER
• WORKS WITH ALMOST ANY HTTP CLIENT NOT JUST FIREFOX AND IE
• CAN INTERCEPT TRAFFIC FROM CLIENTS ON NON-WINDOWS PLATFORMS, E.G.
MOBILE DEVICES
• SUPPORTS PLUGINS TO ADD EXTRA FUNCTIONALITY
• IT WILL PROVIDE SPECIFIC DATA ABOUT ALL THE INTERNET TRAFFIC THAT GOES
THROUGH TO THE PC.
• ITS USER INTERFACE IS KNOWN TO MAKE IT EASY TO MONITOR HTTP REQUESTS.
WHAT IS FIDDLER
• FIDDLER IS A WEB DEBUGGING TOOL WHICH LOGS ALL HTTP(S) TRAFFIC
BETWEEN YOUR COMPUTER AND THE INTERNET.
• FIDDLER ALLOWS YOU TO INSPECT TRAFFIC, SET BREAKPOINTS, AND "FIDDLE"
WITH INCOMING OR OUTGOING DATA.
• FIDDLER IS FREEWARE AND CAN DEBUG TRAFFIC FROM VIRTUALLY ANY
APPLICATION THAT SUPPORTS A PROXY, INCLUDING INTERNET EXPLORER,
GOOGLE CHROME, MOZILLA FIREFOX, OPERA, AND THOUSANDS MORE.
FIDDLER IS…
• AN HTTP DEBUGGER
• WRITTEN IN .NET2/3.5
• EXTENSIBLE
• FREE OF CHARGE
• A MUST TOOL FOR EVERY WEB DEVELOPER
WHAT CAN FIDDLER DO?
• TRACK HTTP/HTTPS TRAFFIC
• INSPECT MESSAGE CONTENT
• MANIPULATE REQUESTS AND RESPONSES
• EXPORT WEB SESSIONS FOR LATER INSPECTION
• OFFER EXTENSIBILITY THROUGH SCRIPT AND CODE
KEY FEATURES
• WEB DEBUGGING
• WEB SESSION MANIPULATION
• PERFORMANCE TESTING
• SECURITY TESTING
• HTTP/HTTPS TRAFFIC RECORDING
• CUSTOMIZING FIDDLER
HOW DOES IT WORK?
WATCHING TRAFFIC
• WEB SESSIONS
• STATISTICS
• INSPECTORS
• TIMELINE
LET’S GET STARTED WITH FIDDLER
WEB SESSIONS
KEY INFORMATION
• # - AN ID# OF THE REQUEST GENERATED BY FIDDLER FOR YOUR CONVENIENCE
• RESULT - THE RESULT CODE FROM THE HTTP RESPONSE
• PROTOCOL - THE PROTOCOL (HTTP/HTTPS/FTP) USED BY THIS SESSION
• HOST - THE HOSTNAME OF THE SERVER TO WHICH THE REQUEST WAS SENT
• URL - THE PATH AND FILE REQUESTED FROM THE SERVER
• BODY - THE NUMBER OF BYTES IN THE RESPONSE BODY
CONTINUED...
• CACHING - VALUES FROM THE RESPONSE'S EXPIRES OR CACHE-CONTROL
HEADERS
• PROCESS - THE LOCAL WINDOWS PROCESS FROM WHICH THE TRAFFIC
ORIGINATED
• CONTENT-TYPE - THE CONTENT-TYPE HEADER FROM THE RESPONSE
• CUSTOM - A TEXT FIELD YOU CAN SET VIA SCRIPTING
• COMMENTS - A TEXT FIELD YOU CAN SET FROM SCRIPTING OR THE SESSION'S
CONTEXT MENU
CHECK STATISTICS OF THE REQUEST
STATISTICS(CONT…)
CHART VIEW
CHECK FIDDLER INSPECTORS
REQUEST INSPECTORS
• HEADERS—SHOWS REQUEST HEADERS AND STATUS.
• TEXT VIEW—SHOWS THE REQUEST BODY IN A TEXT BOX
• HEX VIEW—SHOWS THE REQUEST BODY IN A HEXADECIMAL VIEW.
• XML—SHOWS THE REQUEST BODY AS AN XML DOM IN A TREE VIEW.
RESPONSE INSPECTORS
• TRANSFORMER—REMOVES ZIP, DEFLATE, AND CHUNKED ENCODINGS FOR EASIER DEBUGGING.
• HEADERS—SHOWS RESPONSE HEADERS AND STATUS.
• TEXT VIEW—SHOWS THE RESPONSE BODY IN A TEXT BOX.
• HEX VIEW—SHOWS THE RESPONSE BODY IN A HEXADECIMAL VIEW.
• IMAGE VIEW—SHOWS THE RESPONSE BODY AS AN IMAGE. SUPPORTS ALL .NET IMAGE FORMATS.
RESPONSE HEADER(IMAGE VIEW)
TIMELINE
TRAFFIC COMPARISON
• ONE LITTLE KNOWN AWESOME FEATURE OF WEB SESSIONS IS THE ABILITY TO
COMPARE TWO SESSIONS. TO COMPARE TWO SESSIONS SELECT THEM IN THE
WEB SESSIONS PANE, RIGHT CLICK AND CHOOSE 'COMPARE' ITEM FROM THE
MENU.
COMPARE SESSION MENU
COMPARE SESSION RESULT
FIDDLER AND HTTPS
• HTTPS IS SECURED BETWEEN TWO MACHINES
• ACTS AS A MAN-IN –THE-MIDDLE
• GENERATE CERTIFICATE FOR MACHINES ON THE FLY
• FIDDLER SUPPORTS CLIENT CERTIFICATES FOR AUTHENTICATION
• FIDDLER USES A HACKING TECHNIQUE CALLED MAN-IN-THE-MIDDLE ATTACK
TO DECRYPT HTTPS TRAFFIC:
LOCATING SPECIFIC TRAFFIC
• MARKING SESSIONS MANUALLY
• FILTER BY APPLICATION TYPE/PROCESS
• FIND SESSIONS DIALOG
• FLAGGING SPECIAL REQUESTS
MARK SESSIONS TO VIEW LATER ON
FIND OPTION
FILTER
SUMMARY
• FIDDLER IS A WEB DEBUGGING TOOL
• IT ALLOWS YOU TO WATCH HTTP TRAFFIC USING WEB SESSIONS AND COMPARE
TWO SESSIONS
• IT SHOWS YOU STATISTICS ABOUT THE SELECTED SESSIONS
• YOU CAN INSPECT REQUESTS AND RESPONSES USING INSPECTORS
• IT CAN DECRYPT HTTPS TRAFFIC USING THE MAN-IN-THE-MIDDLE ATTACK
REFERENCES
• FIDDLER TUTORIAL
• FIDDLER LECTURE OF IDO FLATOW
• FIDDLER QUICK START GUIDE
• WWW.FIDDLER2.COM
THANK YOU !!!
Top Related