Eric Lawrence ericlaw Lets talk about you How did I end up here Once upon a time Oh no What happened There must be a better way A simple idea takes shape All problems in computer science can be solved by another level of ID: 282902
Download Presentation The PPT/PDF document "Debugging with Fiddler" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Debugging with Fiddler
Eric Lawrence@ericlawSlide2
Let’s talk about you…Slide3
How did I end up here?Slide4Slide5
Once upon a time…Slide6
Oh no! What happened?Slide7
There must be a better way…Slide8
A simple idea takes shape…
All problems in computer science can be solved by another level of
indirection.
-
David Wheeler Slide9
Only two problems
Don’t know HTTP
Don’t know C#Slide10
Fiddler: Evolution
Eleven
years,~35k lines of C#,
160
+ release builds,
one full-length paperback,
a cross-country move to Telerik,
and two new supported platforms later… Slide11
New Website
New Documentation
New Platforms
Enhanced User-InterfaceSlide12
My current side-projectSlide13
A quick tour
around Fiddler…Slide14
UI Evolution – The Web Sessions ListSlide15
Fiddler on Linux (Mint/Ubuntu)Slide16
Fiddler on Mac OSX
It works, but due to UI glitches, you’re usually better off using
VirtualBox / Parallels / FusionSlide17
Traffic MonitoringSlide18
Typical ArchitectureSlide19
Debug Across Devices
Fiddler
Windows/Linux
Mac
Internet
iOS
Phones
PC
TabletsSlide20
Fiddler as a Reverse Proxy
http://fiddler2.com/r/?reverseproxySlide21
Win8/8.1 “Immersive” Apps & IE11
AppContainer
blocks “loopback” network connections. For debugging purposes, you can disable that blocking.
Ctrl+Click
to exempt all
AppContainersSlide22
.NET Applications
<configuration>
<system.net> <
defaultProxy
>
<
proxy
bypassonlocal
="false"
usesystemdefault
=“false"
proxyaddress
=
"http://127.0.0.1:8888"
/>
</
defaultProxy
>
</system.net>
</configuration>
YourApp.exe.config
or
machine.configSlide23
node.js
var
http = require('http');var options = {
host
:
'127.0.0.1'
,
port
:
8888
,
path
: 'https://bayden.com/echo.aspx',
headers
:
{ Host
: "
bayden.com“ },
method
: 'POST'
};
var
req
=
http.request
(options, function(res) {
console.log('STATUS: ' +
res.statusCode
+ ‘ HEADERS
: '
+
JSON.stringify
(
res.headers
));
res.setEncoding
('utf8');
res.on
('data', function (chunk)
{
console.log('BODY: ' + chunk
);
});
});
req.write
(‘Post Data\n
');
req.end
();
Different libraries offer different approaches…Slide24
ProtocolsSlide25
For security reasons, proxies cannot normally “see” HTTPS requests. To enable traffic decryption, Fiddler performs a “man-in-the-middle” attack.
HTTPS Traffic Decryption
Decrypting CONNECT tunnel to
www.fiddler2.com
GET /fiddler2/
GET /Fiddler2/Fiddler.css
GET /Fiddler/images/FiddlerLogo.pngSlide26
HTML5
WebSockets
WebSockets
enable bi-directional socket communications over a connection established using HTTP or
HTTPS.Slide27
FTP
Fiddler supports FTP traffic via a built-in FTP gateway. FTP proxy is off-by-default.
Fiddler recognizes and tags SPDY connections if HTTPS-decryption is disabled.
SPDY / HTTP2Slide28
Fiddler cannot support SPDY until .NET’s
SslStream
supports ALPN. Please vote for my bug on CONNECT:
https://
connect.microsoft.com/VisualStudio/feedback/ViewFeedback.aspx?FeedbackID=812003
Also,
please vote for
this other
SslStream
bug:
https://
connect.microsoft.com/VisualStudio/feedback/details/811998/system-net-security-sslstream-calls-localcertificateselection-callback-unconditionally-even-if-server-never-sends-certificaterequest-tls-message
SPDY / HTTP2Slide29
Protocol Violations
prefs
set
fiddler.lint.HTTP
True Slide30
Store & Load TrafficSlide31
Output Formats
Fiddler Session Archive
Visual Studio .WebTest
HTML5
AppCache
Manifest
WCAT Load Test
cURL
Script
HTTP
Archive Format (HAR
)
Meddler Script
Copy
to
the clipboard
Store as a plaintext file
Extract
binary response bodies
Archive to a databaseSlide32
Or write your own…Slide33
Session Archive Zip files contain
:
Request and response bytesTiming and other metadataWebSocket
messages
HTML index file
For security, SAZ files may be encrypted using AES
The SAZ file formatSlide34
http://www.fiddlercap.com
FiddlerCap – Simple captures
User-interface localized to:
English
|
Français
|
Español
|
Português
|
日本語
|
русскийSlide35
Import Formats
HTTP Archive Format (HAR)
Internet Explorer F12 Developer Tools (NETXML)Telerik Test Studio LoadTest
Packet Capture (
WireShark
,
tcpdump
,
NetMon
)
…or write your ownSlide36
PCAP ImportSlide37
Traffic AnalysisSlide38
TextWizard
Convert text between popular web encodings.Slide39
Traffic Comparison
Use
WinDiff
or the differ of your choice to compare Sessions’ requests and responses.Slide40
Traffic Comparison
Use the Differ Extension to compare
groups
of
Sessions
at once.Slide41
Filtering Traffic
Ignore Images & CONNECTs
Application Type Filter
Process Filter
Troubleshooting with Help menu
Selecting Traffic
Using QuickExec
Using
FindSlide42
Regular Expression SupportSlide43
SyntaxView
ReformattingSlide44
ImageView
DataURL SupportSlide45
ImageView
Tools IntegrationSlide46
Metadata &
GeoLocationSlide47
HTML5 Media & Font previewsSlide48
X-Download-Initiator
https://fiddler2.com/dl/EnableDownloadInitiator.reg
cols add @
request.X
-Download-Initiator Slide49
Traffic ManipulationSlide50
Automated Rewrites
Simple built-in Rules
The
HOSTS
commandSlide51
Breakpoint Debugging
Use Fiddler
Inspectors to modify requests and responses….Slide52
Simple Filters
Flag, modify or remove headers from all requests and responses.Slide53
Request Composer
Create hand-built
requests, or modify and reissue a request previously captured.
Supports:
Automatic authentication
File Uploads
Redirect chasing
Sequential URL
Crawling
CURL commandsSlide54
AutoResponder
Replay previously-captured or generated traffic.Slide55
FiddlerScriptSlide56
FiddlerScript – Request Modification
static
function
OnBeforeRequest
(
oS
:
Session
)
{
if
(
oS
.
uriContains
(
".
aspx
"
))
{
oS
[
"
ui
-color"
]
=
"red"
;
}
if
(
m_DisableCaching
)
{
oS
.
oRequest
.
headers
.
Remove
(
"If-None-Match"
);
oS
.
oRequest
.
headers
.
Remove
(
"If-Modified-Since"
);
oS
.
oRequest
[
"Pragma"
]
=
"no-cache"
;
}
}Slide57
FiddlerScript – Response Modification
static
function
OnBeforeResponse
(
oS
:
Session
) {
oS
.
utilDecodeResponse
();
oS
.
utilPrependToResponseBody
(
"
Injected
Content!"
);
}Slide58
PowerupsSlide59
Understanding Extensibility
Each component in red is
your
code…
Fiddler.exe
Fiddler ScriptEngine
Inspector2
Inspector2
IFiddlerExtension
IFiddlerExtension
FiddlerCore
ExecAction.exe
Your FiddlerScript
Xceed*.dll
Makecert.exe
Script / Batch fileSlide60
Understanding UI Extensibility
RulesOptions
ToolsActions
Custom menus
Custom columns
ContextActions
QuickExec
handlers
Views
Request Inspectors
Response Inspectors
Import & Export TranscodersSlide61
Type-specific InspectorsSlide62
Expert
Perf Analysis with neXpertSlide63
intruder21 Web Fuzzer
By yamagata21 Slide64
Watcher & x5s Security Auditors
http://websecuritytool.codeplex.com
/
http
://xss.codeplex.com
/
Slide65
WCF Binary InspectorSlide66
IntegrationSlide67
ExecAction.exe
Calls into
OnExecAction in script or extensions Alternatively, invoke directly by sending a Windows Message:
oCDS.dwData
= 61181; // Magic Cookie
oCDS.cbData
=
lstrlen
(
wzData
*
sizeof
(WCHAR));
oCDS.lpData
=
wzData
;
SendMessage
(
FindWindow
(NULL, "
Fiddler - HTTP Debugging Proxy
"),
WM_COPYDATA,
NULL,
(LPARAM) &
oCDS
); Slide68
Fiddler.exe
Fiddler ScriptEngine
Inspector2
Inspector2
IFiddlerExtension
IFiddlerExtension
FiddlerCore
ExecAction.exe
YourApp.exe
FiddlerCore
Fiddler application with extensions
Your application hosting
FiddlerCore
Your FiddlerScript
Xceed*.dll
Makecert.exe
CertMaker.dll
DotNetZipSlide69
Programming with FiddlerCore
// Call Startup to tell
FiddlerCore
to begin
// listening on the specified port, register as
// the system proxy and decrypt HTTPS traffic.
Fiddler.FiddlerApplication.Startup
(
8877
,
true
,
true
);
Fiddler.FiddlerApplication.BeforeResponse
+=
delegate(
Fiddler.Session
oS
) {
Console.WriteLine
("{0}:
HTTP/{
1} for {2}", oS.id,
oS.responseCode
,
oS.fullUrl
);
};
//
Later, call
Shutdown to tell
FiddlerCore
to stop
// listening and unregister as the system proxy
Fiddler.FiddlerApplication.Shutdown
();Slide70
Fiddler Futures
WebSockets
UISPDY/HTTP2UI EnhancementsYou tell me!Slide71
//fiddlerbook.com
~300 pages.
Paper or DRM-free PDF.
Thank you!!!
Eric Lawrence
@
ericlaw