Debugging the Web with Fiddler Ido Flatow Senior Architect Microsoft ASP.NET/IIS MVP SELA Group @idoflatow #devconnections
About Me • Senior Architect, Sela Group • Co-author of courses and books • Microsoft ASP.NET/IIS MVP • Focus on server, web, cloud, and DevOps • Manager of the Israeli WebDev User Group
Fiddler Facts • A proxy server • An HTTP/HTTPS Sniffer • An HTTP Debugger • Written in .NET / Mono • A free utility (for now, cross your fingers) • An extensible application • A must tool for web developers • Unfortunately, it doesn’t make coffee!
Fiddler by Scenarios Debugging Traffic Inspection Performance Tuning Testing
The Sessions List Customizable Columns Manual comments Response size Sequence and color coding Caching information Origin process
Fiddler to the Rescue • Browsers (Static sites, ASP.NET, J2EE, PHP) • Desktop applications that use HTTP • Web services • Windows Phone Emulator • Any device that supports a proxy server ( )
Filter by… By specific process By host By process name/PID/svchost By URL By status code By MIME or size By process type QuickExec
Fiddler and HTTPS • HTTPS is secured - between two machines • Fiddler acts as a “machine-in-the-middle” • Generates certificates for web sites on-the-fly • Fiddler supports client certificates for authentication • Supports excludingproblematic HTTPS sites
Understanding the Connection First connection From client to Fiddler Second connection From Fiddler to the server
Visualize the Traffic with Timeline End Start Bar = begin receive Disk = cached response Red = new connection Green = reused connection Bar color = MIME Stripes = buffered by Fiddler Prefer stream over buffer. Use buffer when editing responses
Statistics are Important • Single page statistics give info on performance • Client processing • Server processing • Network latency • Server time: ServerBeginResponse – ServerGotRequest • Upload time: ServerGotRequest – ClientDoneRequest • Download time: ServerDoneResponse – ServerBeginResponse • Watch out for misleading connection reuse • Add timer columns instead of calculating
Performance-related inspectors • Transformer • Image view • Caching • Cookies • HTML Inspector (3rd party)
Drawing Conclusions • Reduce number of requests • Reduce traffic roundtrips • Reduce the size of requests and responses • Applying compression where needed • Identify non-cached responses • Use Fiddler to improve performance, not to measure it!
Manipulating Traffic with Rules • Simulate user-agents • Disable sending cache headers • HOSTS file remapping • Custom rules
Play it Again, Sam • Why run the client scenario again, just to resend the request? • Simply click “Replay” • Reissue a single request • Reissue a set of requests • Reissue unconditionally (no cache headers) • Reissue multiple times
Changing Requests with Composer • Create any request from scratch • Use previous requests with drag-n-drop • Use Scratchpad to store common requests www.bobthebuilder.com
Breakpoints – Human in the Middle • Manual control over request & response • Stop on any direction • Manipulate headers and body • Use built-in responses or file
Debugging Localhost • In some cases, proxies are bypassed when using localhost (127.0.0.1) addresses • What to do? • Use the machine’s name • Use fictitious DNS names • localhost. or localhost.fiddler(converted to localhost) • ipv4.fiddler or ipv6.fiddler (converted to 127.0.0.1 / [::1])
Debugging Services • Fiddler hooks to the interactive user • IIS App Pools and Windows Services runs using built-in users • Use network sniffers and export as PCAP • Download PsExec and run: PsExec.exe -i -u "nt authority\network service" "%ProgramFiles(x86)%\Fiddler2\Fiddler.exe"
If You See This, Don’t Panic When Fiddler crashes proxy setting are still in effect Before rebooting your machinetry running Fiddler again
“My Code is Perfect” • Save traffic to file • Save sessions as .SAZ (Zip) archive • .SAZ stores content and session info • Other archiving options: • HTTP Archive (HAR) • Visual Studio Web Test
Auto-Responder - an In-Memory Website • If URI matches… then respond with… • Respond with file/redirection/breakpoint/drop • Not only that, you can also: • Import sessions as responses • Edit stored responses • Use original latency time (updatable) • Export and import rules
Fiddler is More Than a Sniffer • Monitors traffic, yes, but also… • Controls traffic • Modifies traffic • Generates traffic • Easy to use • Extensible Enhance your web debugging with Fiddler today!
Resources Fiddler Website http://www.telerik.com/fiddler Fiddler Forum http://groups.google.com/group/httpfiddler Fiddler Blog http://www.telerik.com/automated-testing-tools/blog/eric-lawrence.aspxhttp://blogs.msdn.com/b/fiddler (older blog) My Info This Presentation http://bit.ly/flatowblog@IdoFlatow email@example.com http://1drv.ms/1kuiuGh
Rate with Mobile App: Rate This Session Now! Tell Us What You Thought of This Session Select the session from the Agenda or Speakers menus Select the Actions tab Click Rate Session Be Entered to WIN Prizes! Rate Using Our Website: Register at www.devconnections.com/logintoratesession Go to www.devconnections.com/ratesession Select this session from the list and rate it