Note: Session includes demos and code samples. For optimal viewing, please sit near the front! Advanced Web Debugging with Fiddler Eric Lawrence Program Manager Internet Explorer [email protected]

Report
Note: Session includes demos and code samples.
For optimal viewing, please sit near the front!
Advanced Web Debugging
with Fiddler
Eric Lawrence
Program Manager
Internet Explorer
[email protected]
GET /data HTTP/1.1
TRAFFIC CAPTURE
Typical Architecture
Firewall
Firefox
CryptoAPI
WinHTTP
Internet
Explorer
WinINET
Office
Fiddler
Upstream
Proxy
example.com
Mac
PC
Debug Across Devices
Linux
SmartPhone
Fiddler
Internet
FiddlerHook for Firefox
Fiddler, FiddlerCap, and IE9
TRAFFIC IMPORT
FiddlerCap
FiddlerCap is a lightweight capture tool
IE9 Developer Tools
IE9’s Developer Tools include a “Network” tab
Examine Requests and Responses
TRAFFIC ANALYSIS
Filtering Traffic
•Ignore Images & CONNECTs
•Application Type Filter
•Process Filter
•Using QuickExec
•Using Find
Output Options
•
•
•
•
•
•
•
Copy sessions to the clipboard
Store as a plaintext file
Extract binary response bodies
Archive to a database
Export a Visual Studio .WebTest file
Write your own…
Fiddler’s native “Session Archive ZIP” (SAZ)
Format
Traffic Comparison
Use WinDiff to compare
HTTP requests and
responses.
Traffic Comparison
“Viewer” mode allows examining multiple
captures side-by-side.
fiddler.exe -viewer
Rewriting HTTP(S) Traffic
TRAFFIC MODIFICATION
Automated Rewrites
•Simple Built-in Rules
•The HOSTS extension
Breakpoint Debugging
Use Fiddler inspectors
to modify requests and
responses….
Understanding Streaming
Timeline view of Buffering Mode
Timeline view of Streaming Mode
Request Builder
Create hand-built HTTP
requests, or modify
and reissue a request
previously captured.
Simple Filters
Flag, modify or remove headers from
all requests and responses.
AutoResponder
Replay previously captured or
generated traffic.
Powering Up Fiddler
SCRIPTING AND EXTENSIBILITY
Understanding Extensibility
Fiddler 2
ExecAction.exe
Your Automation
Inspector2
Inspector2
IFiddlerExtension
IFiddlerExtension
Fiddler ScriptEngine
Your FiddlerScript
Fiddler Proxy
Xceed*.dll
Makecert.exe
Lightweight extensibility using JavaScript
FIDDLERSCRIPT
FiddlerScript
FiddlerScript:
Request Modification
static function OnBeforeRequest(oS: Session){
if (oS.uriContains(".aspx"))
{
oS["ui-color"] = "red";
}
if (m_DisableCaching){
oS.oRequest.headers.Remove("If-None-Match");
oS.oRequest.headers.Remove("If-ModifiedSince");
oS.oRequest["Pragma"] = "no-cache";
}
}
FiddlerScript:
Response Modification
static function OnBeforeResponse(oS: Session)
{
oS.utilDecodeResponse();
oS.utilPrependToResponseBody("Injected Content!");
}
Powerful extensibility using any .NET Language
EXTENSIONS
neXpert
Watcher
Automated (passive) security analysis
http://websecuritytool.codeplex.com/
Integrating Fiddler into your tools
TEST INTEGRATION
ExecAction
The ExecAction.exe command line utility calls
into the OnExecAction function in script and
Fiddler extensions.
FiddlerCore
Fiddler application with extensions
Fiddler 2
Your application hosting FiddlerCore
YourApp.exe
ExecAction.exe
Inspector2
Inspector2
IFiddlerExtension
IFiddlerExtension
Fiddler ScriptEngine
Your FiddlerScript
FiddlerCore
Xceed*.dll
Makecert.exe
FiddlerCore
Makecert.exe
Programming with FiddlerCore
// Call Startup to tell FiddlerCore to begin
// listening on the specified port, register as
// the system proxy and decrypt HTTPS traffic.
Fiddler.FiddlerApplication.Startup(8877, true, true);
Fiddler.FiddlerApplication.BeforeResponse +=
delegate(Fiddler.Session oS) {
Console.WriteLine("{0}:HTTP {1} for {2}", oS.id,
oS.responseCode, oS.fullUrl);
};
// Call Shutdown to tell FiddlerCore to stop
// listening and unregister as the system proxy
Fiddler.FiddlerApplication.Shutdown();
Call To Action
• Try the Watcher & neXpert extensions
• Use FiddlerCap to collect traffic from the field
• Check out import from the IE9 Developer Tools
Questions and Resources
Please fill out an evaluation form
for this session (FT-50).
Thank you!
Resources
o Meet the IE Team in the MIX “Commons”
o http://www.fiddler2.com/mix/
o [email protected]

similar documents