1 / 56

Become a Web Debugging Virtuoso with Fiddler

CL25. Become a Web Debugging Virtuoso with Fiddler. Eric Lawrence Program Manager Microsoft Corporation. Note: Session includes demos and code samples. For optimal viewing, please sit near the front!. Fiddler: Origins. Once upon a time…. Oh no! What happened?!?.

arleen
Download Presentation

Become a Web Debugging Virtuoso with Fiddler

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. CL25 Become a Web Debugging Virtuoso with Fiddler Eric Lawrence Program Manager Microsoft Corporation Note: Session includes demos and code samples. For optimal viewing, please sit near the front!

  2. Fiddler: Origins

  3. Once upon a time…

  4. Oh no! What happened?!?

  5. There must be a better way…

  6. Fiddler: Origins

  7. Fiddler: Origins

  8. Fiddler: Origins

  9. Fiddler: Origins +

  10. Fiddler: version 1 • The first Fiddler build was released in October 2003.

  11. Fiddler: Evolution Six years, ~17k lines of C#, 51+ release builds, and 700+ cans of Diet Mountain Dew later…

  12. Fiddler: Today

  13. Understanding Extensibility Fiddler 2 Inspector2 ExecAction.exe Inspector2 IFiddlerExtension Your Automation IFiddlerExtension Fiddler ScriptEngine Your FiddlerScript Fiddler Proxy Xceed*.dll Makecert.exe

  14. Getting to know Fiddler Demo A quick tour of the Fiddler UI

  15. Scenario Traffic Monitoring Browsers, applications, and devices

  16. Typical Architecture

  17. FiddlerHook for Firefox

  18. Debug Across Machines PC Mac Fiddler Internet Linux PocketPC

  19. Tips & Tricks • YourApp.exe.config<configuration>  <system.net>    <defaultProxy>      <proxy bypassonlocal="false" usesystemdefault="true" />    </defaultProxy>  </system.net></configuration> • or, use http://ipv4.fiddler

  20. Fiddler as a Reverse Proxy

  21. HTTPS Traffic Decryption • Fiddler dynamically generates interception certificates chained to a self-signed root.

  22. Scenario Traffic Archiving Store Requests and Responses

  23. Fiddler has many output options • Copy sessions to the clipboard • Store as a plaintext file • Extract binary response bodies • Archive to a database • Export a Visual Studio .WebTest file • Write your own…

  24. The SAZ file format Session Archive Zip files contain: • Request and response bytes • Timing and other metadata • HTML index file For security, SAZ files may be encrypted

  25. FiddlerCap – Lightweight capture tool http://www.fiddlercap.com

  26. Scenario Traffic Analysis Examine Requests and Responses

  27. Filtering Traffic • Ignore Images & CONNECTs • Application Type Filter • Process Filter • Using QuickExec • Using Find

  28. Spying on IE 8 Accelerators Demo

  29. Spying on IE8’s Visual Search Suggestions Demo

  30. Traffic Comparison • Use WinDiff to compare HTTP requests and responses.

  31. Automated (Passive) Analysis http://websecuritytool.codeplex.com/

  32. Scenario Traffic Manipulation Change the bytes

  33. Automated Rewrites • Simple Built-in Rules • The HOSTS extension

  34. Breakpoint Debugging • Use Fiddler inspectors to modify requests and responses….

  35. Simple Filters • Flag, modify or remove headers from all requests and responses.

  36. Request Builder • Create hand-built HTTP requests, or modify and reissue a request previously captured.

  37. AutoResponder • Replay previously captured or generated traffic.

  38. FiddlerScript

  39. FiddlerScript – Request Modification staticfunctionOnBeforeRequest(oS:Session){if(oS.uriContains(".aspx")){oS["ui-color"]="red";} if(m_DisableCaching){oS.oRequest.headers.Remove("If-None-Match");oS.oRequest.headers.Remove("If-Modified-Since"); oS.oRequest["Pragma"]="no-cache"; } }

  40. FiddlerScript – Response Modification • staticfunctionOnBeforeResponse(oS:Session){ • oS.utilDecodeResponse();oS.utilPrependToResponseBody("InjectedContent!"); }

  41. Scenario Performance Optimizing Performance with Fiddler

  42. Build faster websites and services • Reduce request & response size • Reduce roundtrips • Optimize Compression • Optimize Caching • Simulate Slower Speeds

  43. Expert Analysis with neXpert

  44. Beware the Observer Effect • Use Fiddler to improve performance • Be careful when using Fiddler to measure performance

  45. Streaming Mode Timeline view of Buffering Mode Timeline view of Streaming Mode

  46. NetMon + VRTA To minimize Observer Effect when taking low-level timing measurements, prefer packet-sniffer tools.

  47. Scenario Test Integration Integrating Fiddler into your tools

  48. ExecAction.exe • Calls into OnExecActionin script or extensions • Alternatively, invoke directly by sending a Windows Message: oCDS.dwData = 61180; // Magic Cookie oCDS.cbData= strlen(sData); oCDS.lpData= sData; SendMessage( FindWindow(NULL, "Fiddler - HTTP Debugging Proxy"), WM_COPYDATA, NULL, (LPARAM) &oCDS );

  49. Fiddler application with extensions Your application hosting FiddlerCore Fiddler 2 YourApp.exe Inspector2 ExecAction.exe Inspector2 IFiddlerExtension IFiddlerExtension Fiddler ScriptEngine Your FiddlerScript FiddlerCore FiddlerCore Xceed*.dll Makecert.exe Makecert.exe

  50. Programming with FiddlerCore // Call Startup to tell FiddlerCore to begin // listening on the specified port, register as // the system proxy and decrypt HTTPS traffic. Fiddler.FiddlerApplication.Startup(8877, true, true); • Fiddler.FiddlerApplication.BeforeResponse += delegate(Fiddler.SessionoS) { Console.WriteLine("{0}:HTTP {1} for {2}", oS.id, oS.responseCode, oS.fullUrl); }; // Call Shutdown to tell FiddlerCore to stop // listening and unregister as the system proxy Fiddler.FiddlerApplication.Shutdown();

More Related