1 / 71

Debugging with Fiddler

Debugging with Fiddler. Eric Lawrence @ ericlaw. Let’s talk about you…. How did I end up here?. Once upon a time…. Oh no! What happened?. There must be a better way…. A simple idea takes shape…. All problems in computer science can be solved by another level of indirection.

karena
Download Presentation

Debugging with Fiddler

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Debugging with Fiddler Eric Lawrence @ericlaw

  2. Let’s talk about you…

  3. How did I end up here?

  4. Once upon a time…

  5. Oh no! What happened?

  6. There must be a better way…

  7. A simple idea takes shape… All problems in computer science can be solved by another level of indirection. - David Wheeler

  8. Only two problems • Don’t know HTTP • Don’t know C#

  9. Fiddler: Evolution Eleven years, ~35k lines of C#, 160+ release builds, one full-length paperback, a cross-country move to Telerik, and two new supported platforms later…

  10. New Website • New Documentation • New Platforms • Enhanced User-Interface

  11. My current side-project

  12. A quick tour around Fiddler…

  13. UI Evolution – The Web Sessions List

  14. Fiddler on Linux (Mint/Ubuntu)

  15. Fiddler on Mac OSX • It works, but due to UI glitches, you’re usually better off using VirtualBox / Parallels / Fusion

  16. Traffic Monitoring

  17. Typical Architecture

  18. Debug Across Devices PC Mac iOS Fiddler Windows/Linux Internet Tablets Phones

  19. Fiddler as a Reverse Proxy http://fiddler2.com/r/?reverseproxy

  20. Win8/8.1 “Immersive” Apps & IE11 AppContainer blocks “loopback” network connections. For debugging purposes, you can disable that blocking. Ctrl+Click to exempt all AppContainers

  21. .NET Applications YourApp.exe.config or machine.config <configuration>  <system.net>    <defaultProxy>      <proxy bypassonlocal="false"usesystemdefault=“false"proxyaddress= "http://127.0.0.1:8888" />    </defaultProxy>  </system.net></configuration>

  22. node.js Different libraries offer different approaches… var http = require('http'); var options = { host: '127.0.0.1', port: 8888, path: 'https://bayden.com/echo.aspx', headers: { Host: "bayden.com“ }, method: 'POST' }; varreq = http.request(options, function(res) { console.log('STATUS: ' + res.statusCode + ‘ HEADERS: ' + JSON.stringify(res.headers)); res.setEncoding('utf8'); res.on('data', function (chunk) { console.log('BODY: ' + chunk); }); }); req.write(‘Post Data\n'); req.end();

  23. Protocols

  24. HTTPS Traffic Decryption For security reasons, proxies cannot normally “see” HTTPS requests. To enable traffic decryption, Fiddler performs a “man-in-the-middle” attack. Decrypting CONNECT tunnel to www.fiddler2.com GET /fiddler2/ GET /Fiddler2/Fiddler.css GET /Fiddler/images/FiddlerLogo.png

  25. HTML5 WebSockets WebSockets enable bi-directional socket communications over a connection established using HTTP or HTTPS.

  26. FTP Fiddler supports FTP traffic via a built-in FTP gateway. FTP proxy is off-by-default. SPDY / HTTP2 Fiddler recognizes and tags SPDY connections if HTTPS-decryption is disabled.

  27. SPDY / HTTP2 Fiddler cannot support SPDY until .NET’s SslStream supports ALPN. Please vote for my bug on CONNECT: https://connect.microsoft.com/VisualStudio/feedback/ViewFeedback.aspx?FeedbackID=812003 Also, please vote for this other SslStream bug: https://connect.microsoft.com/VisualStudio/feedback/details/811998/system-net-security-sslstream-calls-localcertificateselection-callback-unconditionally-even-if-server-never-sends-certificaterequest-tls-message

  28. Protocol Violations prefs set fiddler.lint.HTTP True

  29. Store & Load Traffic

  30. Output Formats • Fiddler Session Archive • Visual Studio .WebTest • HTML5 AppCache Manifest • WCAT Load Test • cURL Script • HTTP Archive Format (HAR) • Meddler Script • Copy to the clipboard • Store as a plaintext file • Extract binary response bodies • Archive to a database

  31. Or write your own…

  32. The SAZ file format Session Archive Zip files contain: • Request and response bytes • Timing and other metadata • WebSocket messages • HTML index file For security, SAZ files may be encrypted using AES

  33. FiddlerCap – Simple captures http://www.fiddlercap.com User-interface localized to: English |Français|Español| Português|日本語 |русский

  34. Import Formats • HTTP Archive Format (HAR) • Internet Explorer F12 Developer Tools (NETXML) • Telerik Test Studio LoadTest • Packet Capture (WireShark, tcpdump, NetMon) • …or write your own

  35. PCAP Import

  36. Traffic Analysis

  37. TextWizard Convert text between popular web encodings.

  38. Traffic Comparison Use WinDiff or the differ of your choice to compare Sessions’ requests and responses.

  39. Traffic Comparison Use the Differ Extension to compare groupsof Sessions at once.

  40. Filtering Traffic • Ignore Images & CONNECTs • Application Type Filter • Process Filter • Troubleshooting with Help menu Selecting Traffic • Using QuickExec • Using Find

  41. Regular Expression Support

  42. SyntaxView Reformatting

  43. ImageViewDataURL Support

  44. ImageView Tools Integration

  45. Metadata & GeoLocation

  46. HTML5 Media & Font previews

  47. X-Download-Initiator https://fiddler2.com/dl/EnableDownloadInitiator.reg cols add @request.X-Download-Initiator

  48. Traffic Manipulation

  49. Automated Rewrites • Simple built-in Rules • The HOSTS command

More Related