Fiddler

Articles
Resources
Alternatives

Issues with Teams and other programs
VPN

https://docs.telerik.com/fiddler/knowledge-base/keyboard - Shortcuts, very handy

[Fiddler] The connection to failed. A Firewall may be blocking Fiddler's traffic. Error: AccessDenied (0x271d). System.Net.Sockets.SocketException An attempt was made to access a socket in a way forbidden by its access permissions
https://fiddlerbook.com/fiddler/help/hookup.asp
https://serverfault.com/questions/679755/mock-proxy-server-on-local-with-fiddler-and-windows-firewall
https://gbatemp.net/threads/tutorial-fiddler-setup-guide-for-blocking-update-server.466328/
https://www.fiddlerbook.com/Fiddler/help/knownissues.asp
https://appuals.com/fix-an-attempt-was-made-to-access-a-socket-in-a-way-forbidden-by-its-access-permissions/

http://techie-mixture.blogspot.com/2017/03/capture-virtual-machine-traffic-from.html
https://blog.pedrofelix.org/2016/03/05/using-fiddler-for-an-android-and-windows-vm-development-environment/
http://www.telerik.com/forums/how-to-automatically-re-enable-fiddle-as-system-proxy
https://stackoverflow.com/questions/19572575/fiddler-causes-my-internet-access-to-stop-working

http://fiddlerbook.com/fiddler/dev/scriptsamples.asp
http://docs.telerik.com/fiddler/Generate-Traffic/Tasks/ReplayAutoresponder
http://fiddler2.com/r/?SYNTAXVIEWINSTALL
using .NET Fiddler plugins was a lot better than FiddlerScript
When the user mouseover an icon, Fiddler should display a tool tip explaining the meaning of the icon.

How can we compare two similar requests?

  1. Select the two requests that we want to compare by using CTRL+left click
  2. Right click on the selected requests and select "Compare". This will launch WinDiff. If WinDiff is not installed, or if we prefer another program, we may have to configure Fiddler to use our favorite diff program.

What is a breakpoint in Fiddler?

In Fiddler, we can set breakpoints which cause Fiddler to pause the requests / responses and thus allow us to modify the requests / responses. This is different from a breakpoint in JavaScript or any other languages. If you want to debug your CustomRules.js using a JavaScript debugger such as Chrome Developer, you can probably use the Chrome Developer, or Visual Studio.

How can we (limit / restrict ) capture traffic only from IE so that we do not see traffic from other applications being displayed in Fiddler?

In Fiddler's toolbar at the top, there is an icon is a cross inside a circle. Put your mouse on top of this icon and it says "Drag this icon to a window to show traffic from only that process. Right click to cancel the filter.".

Another way is to set up filters:

  1. Click on the Filters tab on the right hand side
  2. Check the checkbox "Use Filters"
  3. Examine all the fields on this tab. We can filter traffic for certain host, certain processes, and a ton of other parameters.

How can we tamper with the request or response?

  1. Click on Rules -> Automatic Breakpoints and select either "Before Request" or "After Response"
  2. When the breakpoint is hit, click on the request, and start tampering. See https://www.youtube.com/watch?v=QJccfVA80T4, https://www.youtube.com/watch?v=8bo5kXMAcV0

What are different ways to set breakpoints?

There are several ways to set a breakpoint:

  1. Using the Rules > Automatic breakpoints menu option
  2. Using the QuickExec box’s bpu or bpa commands
  3. Using the Filters tab
  4. Using the AutoResponder tab
  5. Using FiddlerScript/extensions to set a X-BreakRequest or X-BreakResponse Session flag

How can we set a breakpoint using the QuickExec box?

Approach #2 allows you to quickly set a request breakpoint (bpu example) or a response breakpoint (bpafter example) for Sessions’ whose URL contains the text you supply to the command. You can subsequently clear these breakpoints by issuing the command without an argument (e.g. bpu or bpafter). While this approach is far more surgical than the Automatic breakpoints feature, it has the downside that only two breakpoints may exist at one time—one request breakpoint and one response breakpoint. There’s also no easy way to see what breakpoints are currently active.

  1. bpu: Create a breakpoint on the selected URLs (pause before the request is sent to the server). Use CTRL+I to insert the selected URL.
  2. bpafter: Create a breakpoint on the selected URLs (pause after the response is received from the server). Use CTRL+I to insert the selected URL.

How can we set breakpoints using the AutoResponse tab?

The AutoResponder tab allows you to create a list of request and response breakpoints and easily enable and disable them using the checkboxes to the left of each rule. Additionally, you can use the full matching functionality of the AutoResponder engine, which means you can breakpoint Sessions based on regular expressions, the HTTP method, or text in the request body. When creating breakpoints in this way, be sure to leave the Unmatched requests passthrough box checked at the top of the tab.

You can also export your list breakpoints using the Export all… command on the list’s context menu. The only downside to breakpointing with the AutoResponder is that there’s no way to breakpoint based on an attribute of the response – for instance, you cannot create a response breakpoint based on the Content-Type returned by the server.

How can we set breakpoints using Fiddler script?

Lastly, if all else fails, you can use approach #5 and set breakpoints using FiddlerScript or an extension based on any criteria you choose. Simply add code to the OnBeforeRequest, OnPeekAtResponseHeaders, or OnBeforeResponse events to set the X-BreakRequest or X-BreakResponse flags on the Session objects that match your target criteria. For instance:

if (oSession.uriContains("/sandbox/")) {
    oSession["x-breakrequest"] = "FiddlerScript: URI contains sandbox";
}

or

// Place in OnPeekAtResponseHeaders
if (oSession.uriContains("app.com") &&
   oSession.oResponse.MIMEType.Contains("script"))
{
    oSession["x-breakrequest"] = "FiddlerScript: app.com returned script";
}

What happens when Fiddler pauses on a "before request" breakpoint?

We have to click on the request, and then we are immediately taken to the "Text" view. We can still switch to other views to examine the request, but we can use the Text view to make changes to the request. The Form tab is read-only, but the other tabs are editable. In the Headers tab, if we want to change a header, just double click on it. If we want to delete a header, click on it, and hit the delete key. Notice that in the middle of the screen, we have the "Break on Response" button, the "Run to Completion" button, and the "Choose Response" dropdown box.

When Fiddler pauses on a breakpoint, how can we distinguish whether it is a "before request" breakpoint or a "breakpoint after"?

The screen look very similar. However, when it is a "breakpoint after", I think the tabs in the top part of the screen are all read-only. The other difference is that, with a "breakpoint after", we can see the response in the bottom part of the screen, and we can modify the bottom part (the response).

How can we capture localhost traffic?

On Windows, traffic for localhost does not go through the network (TCP/IP) stack. To capture local traffic, we need to force it through the network stack by using your host's IP address (or assign your host a name using its IP address). Instead of using http://localhost or http://127.0.0.1, use your machine name. For example, instead of using http://localhost:8081/mytestpage.aspx, use http://machinename:8081/mytestpage.aspx, or use:

How can we cause Fiddler to returns a different file?

I need to investigate an issue on an environment where I did not have direct access to the file so I could not make change to the file. I download the file to my local environment, reformat it, make necessary change, and instruct Fiddler so that whenever a request is made to the original URL, Fiddler will return my locally modified file. To do this, in Fiddler:

  1. Find the request that you want to tamper
  2. Click on AutoResponder
  3. Check the checkbox "Enable automatic responses"
  4. In the middle section, if there were any previous rules, click on those rule, and hit the delete key
  5. Click on "Add Rule"
  6. At the bottom, in the "Rule Editor" section, click the bottom dropdown, and select "Find a file …"
  7. Select the appropriate file you want to return

Remove all previous requests from Fiddler. Refresh the page, and you see that Fiddler returns the locally modified file.

How can we capture traffic from another machine?

  1. Go to Fiddler Options -> Connections
  2. Note the port number in the Fiddler listens on port: box. The default port is 8888.
  3. Select the Allow remote computers to connect check box
  4. On the other machine, set the proxy settings to the machine name of the Fiddler server at port 8888. Open Internet Explorer > Options > Internet Options > Connections > LAN Settings. Click the check box by Use a proxy server for your LAN. Type the address and port number for the Fiddler machine. See Capture Traffic from Another Machine

How can we chain fiddler to an upstream proxy?

If you are in an environment where you do not have direct connection to the Internet (there is a corporate proxy between your computer and the Internet), you may need to do this.

  1. Close Fiddler.
  2. Open Internet Explorer > Options > Internet Options > Connections > LAN Settings.
  3. Click the check box by Use a proxy server for your LAN.
  4. Type the address and port number for the upstream proxy.
  5. Restart Fiddler. Note that Fiddler currently does not support upstream proxy configuration scripts that are accessed using the FILE:// protocol, only those accessed using the HTTP or HTTPS protocols.

How can we configure Java application to use Fiddler?

Add the following options to the command line:

-DproxySet=true 
-DproxyHost=127.0.0.1 
-DproxyPort=8888 
-Dhttp.proxyHost=127.0.0.1 
-Dhttp.proxyPort=8888 
-Dhttps.proxyHost=127.0.0.1 
-Dhttps.proxyPort=8888
-Djavax.net.ssl.trustStore=C:\dev\tools\jdk18\jre\lib\security\cacerts 
-Djavax.net.ssl.trustStorePassword=changeit

In the above example, the last two options are needed if we need to capture HTTPS traffic. In Eclipse:

  1. Click on Run -> "Run Configurations"
  2. On the left, select the appropriate configuration
  3. On the right, click on the Arguments tab
  4. Add the above to the VM Arguments box (in the bottom part)

See the below links for the exact steps:

How can we configure PHP / curl to use Fiddler?

To configure a PHP/cURL application to send web traffic to Fiddler, add this line of code before the application sends requests, where $ch is the handle returned by curl_init():

curl_setopt($ch, CURLOPT_PROXY, '127.0.0.1:8888');

Or add option to command line:

curl --proxy 127.0.0.1:8888

How can we configure Perl to use Fiddler?

use HTTP::Request::Common;
use LWP::UserAgent;
use Time::HiRes qw/usleep/;

$ua = LWP::UserAgent->new;
$ua->proxy(['http', 'https'], 'http://127.0.0.1:8888/');

my $cnt = 0;
my $successCnt = 0;
my $failureCnt = 0;
open (MYFILE, 'FirstPass.txt');
open (OUTFILE, '>>UnableToAuthenticate.txt');
<MYFILE>;
while (<MYFILE>) {
     chomp;
    $cnt = $cnt + 1;
    $line = $_;
    if (! testAuthentication($line)) {
        print OUTFILE $line, "\n";
        $failureCnt = $failureCnt + 1;
    } else {
        $successCnt = $successCnt + 1;
    }
}
close (MYFILE); 
close (OUTFILE);
print "Success: $successCnt, Failure: $failureCnt, Total: $cnt\n";

sub testAuthentication {
    my ($line) = @_;
    my $loginID, $lastName, $firstName, $dn;
    ($loginID, $lastName, $firstName, $dn) = split /\|/,$line;
    $loginID = $loginID . '@sjhc.com';
    print "$loginID\n$dn\n----\n";

    my $response = $ua->request(POST 'some URL', [param1=> value1, param2=> value2]);
    if ($response->is_success) {
        $body = $response->decoded_content;
        if ($body =~ /LDAP Authentication Failure/) {
            return 0;
        } elsif ($body =~ /Unknown Error/) {
            return 0;
        } elsif ($body !~ /MyCQIBody/) {
            print $body, "\n";
            exit;
        } else {
            return 1;
        }
    } else {
        return 0;
    }
    usleep(100);
}

How can we configure Node to use Fiddler?

https_proxy=http://127.0.0.1:8888 
http_proxy=http://127.0.0.1:8888
NODE_TLS_REJECT_UNAUTHORIZED=0

See:

  1. https://blogs.msdn.microsoft.com/zhiqing/2017/03/09/use-fiddler-to-capture-websocket-packet-within-non-browser-runtime-like-node-js/#solution
  2. http://anyproxy.io/en/#options
  3. https://www.vanamco.com/2014/06/24/proxy-requests-in-node-js/
  4. https://www.npmjs.com/package/https-proxy-agent
  5. https://stackoverflow.com/questions/8165570/https-proxy-server-in-node-js
  6. http://codingmiles.com/node-js-making-https-request-via-proxy/
  7. https://weblogs.asp.net/dixin/use-fiddler-with-node-js
  8. https://medium.com/@jecelynyeen/capturing-npm-traffic-with-fiddler-a9e39399cc12
  9. http://docs.myget.org/docs/reference/capturing-traffic-with-fiddler
  10. https://gist.github.com/JulienFolliot/372cb3ca05bc4ecc5747
  11. https://github.com/axa-ch/style-guide/wiki/solve-proxy-problems
  12. https://stackoverflow.com/questions/8697344/can-a-proxy-like-fiddler-be-used-with-node-jss-clientrequest

How can we replay a Fiddler capture in a browser?

  1. http://blogs.msdn.com/b/askie/archive/2013/01/06/how-to-use-fiddler-autoresponder-to-replay-a-fiddler-trace.aspx
  2. http://www.telerik.com/blogs/better-repro-playback-with-fiddler
  3. http://docs.telerik.com/fiddler/Generate-Traffic/Tasks/ReplayAutoresponder

How can we log a message to the Fiddler log from inside the CustomRules.js file for debugging?

While working with the CustomRules.js file, we can log a message to the Fiddler's log file using:

FiddlerObject.log("PathAndQuery:" + oSession.PathAndQuery);

In Fiddler, on the right hand side where we normally inspect the request / response, look for a tab named "Log". This is where we can see the log messages.

How can we look at the Fiddler log?

On the top right hand side, there is a tab named "Log". On this tab, you can see all the log messages, not just the selected request.

In what ways can we customize Fiddler?

We can:

  1. add custom columns to the Fiddler UI
  2. modify requests or responses
  3. test application performance
  4. do a variety of other custom tasks

How can we change or add rules to fiddler?

To add rules to Fiddler's JScript.NET CustomRules.js, do the following:

  1. Click Rules > Customize Rules…. This will create the CustomRules.js in your home directory and open it in a text editor for editing. The location for this file is C:\Users\kdoan\My Documents\Fiddler2\Scripts\CustomRules.js.
  2. Enter FiddlerScript code inside the appropriate function. If we need to alter the request, add your code to the OnBeforeRequest function. If you need to alter the response, add your code to the OnBeforeResponse function.
  3. Save the file.

Fiddler will automatically reload the rules.

The OnBeforeRequest is called before each request, and OnBeforeResponse is called before each response. It is not possible to access the response objects inside OnBeforeRequest as they have not yet been created. It is possible to use objects from the request inside OnBeforeResponse, however, any changes you make to those objects will not be seen by the server, as it has already received the request.

How can we change the response header?

Add to OnBeforeResponse:

if (oSession.responseCode == 302) {
    oSession.oResponse["Location"] = oSession.oResponse["Location"].replace(/QMISRxV2QA01/, '...');
}

How can we change the response body?

Add to OnBeforeResponse:

var bodystr=oSession.GetResponseBodyAsString();
bodystr = bodystr.replace(/QMISRxV2QA01/, '...');
oSession.utilSetResponseBody(bodystr);

How can we intercept HTTPS requests to a certain server and route it to non-HTTPS on another server?

Add the following:

if (oSession.HTTPMethodIs("CONNECT") && (oSession.hostname == "www.companyname.com")) { 
    oSession["x-replywithtunnel"] = "FakeTunnel";
    return;
}

if (oSession.hostname == "www.companyname.com") {
    oSession.fullUrl = "http://192.168.41.155:7001" +  oSession.PathAndQuery;
}

to the OnBeforeRequest method in your CustomRules.js file. In the above code, I am not sure why we need the FakeTunnel thing, but apparently it is required. Otherwise, it does not work.

How can we restore the default rules?

  1. Delete the C:\Users\kdoan\My Documents\Fiddler2\Scripts\CustomRules.js
  2. Restart Fiddler
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License