740 likes | 1.75k Views
Debugging with Fiddler. Eric Lawrence @ ericlaw. Let’s talk about you…. How did I end up here?. Once upon a time…. Oh no! What happened?. There must be a better way…. A simple idea takes shape…. All problems in computer science can be solved by another level of indirection.
E N D
Debugging with Fiddler Eric Lawrence @ericlaw
A simple idea takes shape… All problems in computer science can be solved by another level of indirection. - David Wheeler
Only two problems • Don’t know HTTP • Don’t know C#
Fiddler: Evolution Eleven years, ~35k lines of C#, 160+ release builds, one full-length paperback, a cross-country move to Telerik, and two new supported platforms later…
New Website • New Documentation • New Platforms • Enhanced User-Interface
Fiddler on Mac OSX • It works, but due to UI glitches, you’re usually better off using VirtualBox / Parallels / Fusion
Debug Across Devices PC Mac iOS Fiddler Windows/Linux Internet Tablets Phones
Fiddler as a Reverse Proxy http://fiddler2.com/r/?reverseproxy
Win8/8.1 “Immersive” Apps & IE11 AppContainer blocks “loopback” network connections. For debugging purposes, you can disable that blocking. Ctrl+Click to exempt all AppContainers
.NET Applications YourApp.exe.config or machine.config <configuration> <system.net> <defaultProxy> <proxy bypassonlocal="false"usesystemdefault=“false"proxyaddress= "http://127.0.0.1:8888" /> </defaultProxy> </system.net></configuration>
node.js Different libraries offer different approaches… var http = require('http'); var options = { host: '127.0.0.1', port: 8888, path: 'https://bayden.com/echo.aspx', headers: { Host: "bayden.com“ }, method: 'POST' }; varreq = http.request(options, function(res) { console.log('STATUS: ' + res.statusCode + ‘ HEADERS: ' + JSON.stringify(res.headers)); res.setEncoding('utf8'); res.on('data', function (chunk) { console.log('BODY: ' + chunk); }); }); req.write(‘Post Data\n'); req.end();
HTTPS Traffic Decryption For security reasons, proxies cannot normally “see” HTTPS requests. To enable traffic decryption, Fiddler performs a “man-in-the-middle” attack. Decrypting CONNECT tunnel to www.fiddler2.com GET /fiddler2/ GET /Fiddler2/Fiddler.css GET /Fiddler/images/FiddlerLogo.png
HTML5 WebSockets WebSockets enable bi-directional socket communications over a connection established using HTTP or HTTPS.
FTP Fiddler supports FTP traffic via a built-in FTP gateway. FTP proxy is off-by-default. SPDY / HTTP2 Fiddler recognizes and tags SPDY connections if HTTPS-decryption is disabled.
SPDY / HTTP2 Fiddler cannot support SPDY until .NET’s SslStream supports ALPN. Please vote for my bug on CONNECT: https://connect.microsoft.com/VisualStudio/feedback/ViewFeedback.aspx?FeedbackID=812003 Also, please vote for this other SslStream bug: https://connect.microsoft.com/VisualStudio/feedback/details/811998/system-net-security-sslstream-calls-localcertificateselection-callback-unconditionally-even-if-server-never-sends-certificaterequest-tls-message
Protocol Violations prefs set fiddler.lint.HTTP True
Output Formats • Fiddler Session Archive • Visual Studio .WebTest • HTML5 AppCache Manifest • WCAT Load Test • cURL Script • HTTP Archive Format (HAR) • Meddler Script • Copy to the clipboard • Store as a plaintext file • Extract binary response bodies • Archive to a database
The SAZ file format Session Archive Zip files contain: • Request and response bytes • Timing and other metadata • WebSocket messages • HTML index file For security, SAZ files may be encrypted using AES
FiddlerCap – Simple captures http://www.fiddlercap.com User-interface localized to: English |Français|Español| Português|日本語 |русский
Import Formats • HTTP Archive Format (HAR) • Internet Explorer F12 Developer Tools (NETXML) • Telerik Test Studio LoadTest • Packet Capture (WireShark, tcpdump, NetMon) • …or write your own
TextWizard Convert text between popular web encodings.
Traffic Comparison Use WinDiff or the differ of your choice to compare Sessions’ requests and responses.
Traffic Comparison Use the Differ Extension to compare groupsof Sessions at once.
Filtering Traffic • Ignore Images & CONNECTs • Application Type Filter • Process Filter • Troubleshooting with Help menu Selecting Traffic • Using QuickExec • Using Find
X-Download-Initiator https://fiddler2.com/dl/EnableDownloadInitiator.reg cols add @request.X-Download-Initiator
Automated Rewrites • Simple built-in Rules • The HOSTS command