Fiddler Web Debugger - Mehdi Khalili

Fiddler Web Debugger - Mehdi Khalili

Mehdi Khalili Readify Live Backchannel: #dddbrisbane #web01 Advanced Web Debugging with Fiddler Advanced Web Debugging with Fiddler Mehdi Khalili Readify

B l o g : w w w. M e h d i - K h a l i l i . c o m Tw i t t e r : @ M e h d i K h a l i l i Email: [email protected] Please leave your questions to the end Tight schedule Your answer may be in the next slide We will have a Q&A at the end If we run out of time: Do not hesitate to shoot me an email with your questions You can also read an extensive two part tutorial on my

blog: http://www.mehdi-khalili.com/fiddler-in-action/part-1 http://www.mehdi-khalili.com/fiddler-in-action/part-2 Fiddler Web Debugger Agenda What is Fiddler and how does it work? Alternative tools

Fiddler features FiddlerCore and FiddlerCap Quick tour of remaining features Q&A Lots of positive feedback and tweets from you ;-) Fiddler Web Debugger What is Fiddler? A Web Debugging Proxy

It is free and has millions of users A necessary tool in a developers toolbox!! Fiddler Web Debugger Fiddler features in a nutshell With Fiddler you can perform: HTTP(S) traffic monitoring and Analysis HTTP request and response modification

Fiddler Web Debugger What is HTTP again? A networking protocol In the application layer Sits on top of TCP protocol (usually) Fiddler Web Debugger HTTP Session An HTTP communication is called a session

An example of that is web browsing: 1. 2. 3. 4. 5. 6. 7. You type an address in your browser Your browser does a DNS lookup for the URL Then creates a TCP connection to the server

And creates and sends an HTTP request The server receives the request Processes it (and optionally maps it to a resource) And creates and returns an HTTP response Fiddler Web Debugger HTTP Request An HTTP request is composed of: A request line Header lines A blank line

An optional body GET http://www.google.com.au/ HTTP/1.1 Host: www.google.com.au Connection: keep-alive Accept: text/html,application/xhtml+xml,application/xml; Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Fiddler Web Debugger HTTP Response An HTTP response is composed of: A status code

Header lines An optional body HTTP/1.1 200 OK Date: Tue, 22 Nov 2011 20:38:20 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=UTF-8 Server: gws Content-Length: 57556 Fiddler Web Debugger Back to Fiddler: Where to get it from?

http://www.fiddler2.com Application Documentation Fiddler extensions Fiddler Web Debugger How does it work? Firewall Firefox CryptoAPI

WinHTTP Internet Explorer WinINET Office Fiddler Web Debugger

Fiddler CorpNET Proxy example.com Demo FIDDLER AND WININET Mobil

Mobil ee Linu Linu xx Ma Ma cc PC

PC If you can use a proxy you can use Fiddler Fiddler Web Debugger Fiddler Web Server What is next? What is Fiddler and how does it work?

Alternative tools Fiddler features FiddlerCore and FiddlerCap Quick tour of remaining features Q&A Lots of positive feedback and tweets from you ;-) Fiddler Web Debugger Alternatives and similar tools

Packet Analysers: WireShark NetMon Proxies: Charles Burp Suite Browser Dev Tools: HttpWatch for IE and FireFox

FireBug for FireFox Chrome developer tools and FireBug Lite for Chrome IE Dev Tools Fiddler Web Debugger Sniffer vs Proxy vs Browser Dev Tools Feature HTTP only Nice visualisation From all processes

Local traffic Cached traffic Fiddler Web Debugger Sniffer Proxy Browser Tools No No

Yes Yes Yes Yes Yes Yes No No

Yes No Only Browser session Yes Yes What is next? What is Fiddler and how does it work? Alternative tools

Fiddler features FiddlerCore and FiddlerCap Quick tour of remaining features Q&A Lots of positive feedback and tweets from you ;-) Fiddler Web Debugger HTTP(S) Traffic

Result - The Result code Protocol - HTTP/HTTPS/FTP Host - The hostname URL - The path and file requested from the server Body - The number of bytes in the response body Caching - Response's Expires or Cache-Control headers Process - The local Windows Process Content-Type - The Content-Type header Fiddler Web Debugger

Demo H TT P T R AFFIC Traffic Comparison Compare sessions using a diff tool Fiddler Web Debugger Demo

T R A F F I C C O M PA R I S O N Traffic Comparison It allows you to compare two sessions If you want to compare two traffic profiles then use Traffic Differ extension Fiddler Web Debugger Statistics

Get a "total page weight and wait" the number of requests and the bytes transferred. Fiddler Web Debugger Demo S TAT I S T I C S TA B

Quick Exec Fiddler Web Debugger Demo A FEW HANDY QUICKEXEC COMMANDS Inspectors Inspectors allow you to visualize requests and responses in meaningful ways.

Fiddler Web Debugger Demo INSPECTORS HTTPS Traffic Decryption Fiddler can decrypt HTTPS traffic using the Man-In-The-Middle attack Fiddler Web Debugger

HTTPS Traffic Decryption Fiddler can decrypt HTTPS traffic using the Man-In-The-Middle attack 1 Client MITM 2 Serve

r Man In The Middle Attack Fiddler Web Debugger HTTPS Traffic Decryption Fiddler can decrypt HTTPS traffic using the Man-In-The-Middle attack 1 Client

4 2 MITM 3 Serve r

Man In The Middle Attack Fiddler Web Debugger Demo S E TT I N G U P H TT P S D E C RY P T I O N Changing the traffic on the fly You can set breakpoints and change the request and/or response on the fly. Fiddler is the MITM.

Fiddler Web Debugger Demo HOW TO SET BREAKPOINTS AND CHANGE REQUESTS AND/OR RESPONSES Changing the traffic on the fly Test your JavaScript code with less than perfect response

Test your website for security holes Troubleshoot your third party web client Troubleshoot your third party web service Fiddler Web Debugger Auto Responder Create a fake web server using Auto Responder Fiddler Web Debugger

Demo HOW TO SETUP AND USE AUTO RESPONDER Auto Responder Replace a JavaScript or css or image file Replace an entire traffic Force a redirection Work without a connection! Fiddler Web Debugger

Request Builder Create a fake web client using Request Builder Avoid coding html pages or test clients. Use Request Builder instead to send a hand rolled request to your server/service Fiddler Web Debugger Demo HOW TO SETUP AND USE REQUEST

BUILDER Filters Filter and flag traffic and perform some lightweight modifications Fiddler Web Debugger Demo Q U I C K T O U R O F F I LT E R S

Filters Clean up your Web Sessions page Filter out some status codes Filter out traffic from some urls Flag some of the traffic Very useful on a high traffic server/machine Fiddler Web Debugger What is next? What is Fiddler and how does it work? Alternative tools

Fiddler features FiddlerCore and FiddlerCap Quick tour of remaining features Q&A Lots of positive feedback and tweets from you ;-) Fiddler Web Debugger Fiddler Core Fiddler application with extensions

Fiddler 2 Your application hosting FiddlerCore YourApp.exe ExecAction.exe ExecAction.exe Inspector2 Inspector2

IFiddlerExtension IFiddlerExtension Fiddler ScriptEngine Your FiddlerScript FiddlerCore Xceed*.dll Makecert.exe Fiddler Web Debugger

FiddlerCore Xceed*.dll Makecert.exe FiddlerCap Built on top of FiddlerCore It is bin deployable A handy tool for production support

Fiddler Web Debugger Demo FIDDLER CAP Quick Summary As a quick summary here is the list of Fiddler features you are likely to use more Requirement Feature

Watch the traffic Web Sessions Compare two sessions Web Sessions -> compare Run commands QuickExec

Inspect requests & responses Inspectors Fiddle with the traffic Breakpoints + Inspectors Return an HTTP response locally Auto Responder Make an HTTP request

Request Builder Filter and flag sessions Filters Fiddler for end user FiddlerCap Fiddler Web Debugger

What is next? What is Fiddler and how does it work? Alternative tools Fiddler features FiddlerCore and FiddlerCap Quick tour of remaining features Q&A Lots of positive feedback and tweets from you ;-) Fiddler Web Debugger

Demo Q U I C K T O U R O F W H AT I S N O T C O V E R E D Extensions SyntaxView WcfBinaryInspector Traffic Differ Gallery neXpert Performance Report Generator StresStimulus aids in load-testing

Find out more on Fiddler website Fiddler Web Debugger That is all from me What is Fiddler and how does it work? Alternative tools Fiddler features FiddlerCore and FiddlerCap Quick tour of remaining features Quick overview of useful extensions

Q&A Lots of positive feedback and tweets from you ;-) Fiddler Web Debugger Thanks for attending Q&A Tutorials:

http://www.mehdi-khalili.com/fiddler-in-action/part-1 http://www.mehdi-khalili.com/fiddler-in-action/part-2 Contact Details: Email: [email protected] Twitter: @MehdiKhalili Fiddler Web Debugger

Recently Viewed Presentations

  • #IAS2017 | @IAS_conferenc Economic evaluation of nonfinancial incentives

    #IAS2017 | @IAS_conferenc Economic evaluation of nonfinancial incentives

    University College London (UCL) Liverpool School of Tropical Medicine (LSTM) University of North Carolina at Chapel Hill (UNC-CH) Funding. Zimbabwe's ISP. ISP contributors (DFID, SIDA, Irish AID), through PSI Zimbabwe. Ethical approval. Medical Research Council of Zimbabwe (MRCZ) University College...
  • Temporal Structure of the Supernova Neutrino Signal

    Temporal Structure of the Supernova Neutrino Signal

    Neutron Stars, Supernova & Phases of Dense Quark Matter Seeking observable signatures for dense quark matter in astrophysics Sanjay Reddy Theoretical Division, LANL
  • Cessna 402 SID Development Program - Volarenvenezuela.com

    Cessna 402 SID Development Program - Volarenvenezuela.com

    Cessna Wing Spar Reinforcement Beth Gamble Cessna Aircraft Company Introduction Wing Spar Reinforcement Wing Spar Reinforcement Cessna has issued mandatory service bulletins to install wing main spar reinforcement straps to assure continued airworthiness of Cessna's Model 400 series airplanes The...
  • Topics in Information Display IMAGES DELETED CSE 510

    Topics in Information Display IMAGES DELETED CSE 510

    Topics in Information Display IMAGES DELETED CSE 510 Richard Anderson Ken Fishkin
  • ICOPS Minicourse on Plasma Processing Technology

    ICOPS Minicourse on Plasma Processing Technology

    ICOPS Minicourse on Plasma Processing Technology Part 1: Vacuum Basics Jeff Hopwood Northeastern University Goals To review basic vacuum technology Pressure, pumps, gauges To review gas flow and conductance To understand the flux of vapor phase material to a substrate...
  • GRAPHS OF TRIGONOMETRIC FUNCTIONS a sin(bx  c)  d

    GRAPHS OF TRIGONOMETRIC FUNCTIONS a sin(bx c) d

    x y x y x y x y x y 2 -2 Draw one full period of y = 2tan(x/2) a = 2 and b = 1/2 , 4b = 2 Asymptotes: Lets draw asymptotes Mark 2 and -2 on...
  • Standard 9.1 The Cold War

    Standard 9.1 The Cold War

    Standard 7.6b The Cold War Analyze the causes and consequences of social and cultural changes in postwar America, including educational programs, the consumer culture and expanding suburbanization, the advances in medical and agricultural technology that led to changes in the...
  • Molecular Electronics - Louisiana Tech University

    Molecular Electronics - Louisiana Tech University

    Nanostructures Nanotechnology is still very much in infant stages Characterization of the nanoscale sytems is necessary Knowledge of electrostatic interaction can provide a powerful insight into electronic properties "Plenty of Room at the Bottom" R. Metzger " Electrical Rectification by...