Fiddler - PowerPoint PPT Presentation

thina
fiddler n.
Skip this Video
Loading SlideShow in 5 Seconds..
Fiddler PowerPoint Presentation
play fullscreen
1 / 10
Download Presentation
142 Views
Download Presentation

Fiddler

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Fiddler Ana Bozianu Cristian Sumănaru

  2. History • First released in 2003 – supported most viewing tasks • v1.x retired in 2007 • v1.x had the following features: • Performance statistics • Auto Responder • Request Builder • Authentication inspector • Filtering • Menu extensibility via script • v2.0 released in 2009 • v2.4.2.6 - Released 1/21/2013

  3. Features • HTTP/HTTPS traffic recording • Capture traffic • View metrics • Filter captured traffic • Playback recorded traffic • Web debugging • Analyze session data • Decrypt and decompress web sessions

  4. Features • Web session manipulation • Manipulate any HTTP(s) request or response • Set breakpoints • Compose HTTP(s) requests • Simulate original HTTP(s) traffic • Performance testing • Profile the performance of the web app • Flag performance bottlenecks • Simulate HTTP compression • Timeline for performance analysis

  5. Features • Security testing • Automate SSL decryption • Security add-ons • Customizations • Create rules • Add inspectors • Extend with FiddlerScript and .NET code


  6. Some Security Add-ons • Watcher - Passive Security Auditor • Runtime passive-analysis tool for Web applications. • It detects Web-application security issues as well as operational configuration issues

  7. Some Security Add-ons • x5s - Automated XSS Security Testing Assistant • x5s aims to assist penetration testers in finding cross-site scripting vulnerabilities. • Its main goal is to help you identify the hotspots where XSS might occur by: • Detecting where safe encodings were not applied to emitted user-inputs • Detecting where Unicode character transformations might bypass security filters • Detecting where non-shortest UTF-8 encodings might bypass security filters

  8. Some Security Add-ons • Ammonite - Security Scanner (commercial) • Ammonite is a web application security scanner extension for Fiddler. • Ammonite detects common vulnerabilities such as SQL injection, OS command injection, cross-site scripting, file inclusion, and buffer overflows. • Ammonite includes unique features that make it particularly well suited for penetration testers and security professionals.

  9. Tool Comparison • Wireshark - Only captures packets + Better filtering • Firebug - Tracks each request in the browser - Mostly for client side debugging + Great javascript debugging

  10. Demo • http://www.bayden.com/sandbox/