Introducing Fiddler HTTPHTTPS Debugger Runs as a proxy server on the local machine or on a remote server Written in C NET Framework v20 Freely available from httpwwwfiddler2com How does Fiddler work ID: 282896
Download Presentation The PPT/PDF document "Fiddler" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
FiddlerSlide2
Introducing Fiddler
HTTP/HTTPS Debugger
Runs as a proxy server on the local machine or on a remote server
Written in C# (.NET Framework v2.0)
Freely available from
http://www.fiddler2.comSlide3
How does Fiddler work?Slide4
Debugging non-Windows clients
Fiddler
Mac
Internet
Linux
PocketPC
PCSlide5
Who uses Fiddler?
Microsoft engineers
Support teams
Lots of external web developers (10K+ downloads per week)
Security researchers
Some bad guys
Slide6
What can Fiddler do?
HTTP/HTTPS
t
raffic monitoring and analysis
Request and response modification
Timing and network manipulationSlide7
HTTPS Traffic DecryptionSlide8
Fiddler UI: Session List
Lists
all traffic
URLs, size, and key headers
Icons show status of request/response
Icons show status of request/responseSlide9
Fiddler UI: Inspectors
Inspectors allow you to visualize requests and responses in meaningful ways.Slide10
FiddlerScript Rules
Rules are where Fiddler gets
really
fun!
Use JavaScript
to manipulate request or response headers or
entity body.Slide11
Extending Fiddler UI
FiddlerScript
and extensions can add new menu items or tabs.Slide12
Using Simple Filters
Flag, modify
or remove headers from all requests and responses.Slide13
AutoResponder
Replay previously captured or generated traffic.Slide14
Request Builder
Create hand-built HTTP requests, or modify and reissue a request previously captured.Slide15
Traffic Comparison
Use
WinDiff
to compare HTTP requests and responses.Slide16
QuickExec
QuickExec allows you to issue textual commands directly…Slide17
Search Traffic
Search for strings in all captured traffic.Slide18
Text Encoding / Decoding
Convert text between popular web encodings.Slide19
SAZ Files
“Session Archive ZIP” files store raw traffic.
SAZ files are compressed and may be password protected.
SAZ files can be reopened by Fiddler or standard ZIP utilities.
FiddlerCap allows capture of SAZ files by non-technical, often remote, users.Slide20
FiddlerCap
Use FiddlerCap for remote collection of evidence.
www.fiddlercap.comSlide21
Fiddler 2
Fiddler ScriptEngine
Inspector2
Inspector2
IFiddlerExtension
IFiddlerExtension
FiddlerCore
ExecAction.exe
YourApp.exe
FiddlerCore
Fiddler application with extensions
Your application hosting FiddlerCore
Your FiddlerScript
Xceed*.dll
Makecert.exe
Xceed*.dll
Makecert.exeSlide22
©
2009 Microsoft
Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries
. The
information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT
MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Questions?
https://www.fiddler2.com