Fiddler – Web Debugger Tool

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn33

This handy tool is a free release from Eric Lawrence and Microsoft, and it’s the best nonJava freeware HTTP proxy we’ve seen. It is quite adept at manipulating HTTP and HTTPS requests. Fiddler runs only on Windows and requires Microsoft’s .NET Framework 2.0 or later to be installed.

Fiddler’s interface is divided into three panes: on the left, you’ll see a list of sessions intercepted by Fiddler; the upper-right pane contains detailed information about the request; and the lower tracks data for the response. While browsing the Web as usual in an external browser, Fiddler records each request and response in the left pane (both are included on one line as a session). When clicking on a session, the right-hand panes display the request and response details.

In order to tamper with requests and responses, you have to enable Fiddler’s “breakpoints” feature, which is accessed using the Automatic Breakpoints entry under the Rules menu. Breakpoints are roughly analogous to Paros’ “trap” and WebScarab’s “intercept” functionality.

Breakpoints are disabled by default, and they can be set to occur automatically before each request or after each response. We typically set “before request,” which will then cause the browser to pause before each request, whereupon the last entry in the Fiddler session list will be visually highlighted in red. When selecting this session, a new bright red bar appears between the request and response panes on theright side. This bar has two buttons that control subsequent flow of the session: “break after response” or “run to completion.”

Now you can tamper with any of the data in the request before pressing either of these buttons to submit the manipulated request.

Fiddler automatically configures Internet Explorer to use its local proxy, but other browsers like Firefox may have to be manually configured to localhost:8888.

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn33

Eslam Medhat

is a professional pen-tester with over 9 years of IT experience bringing a strong background in programming languages and application security, ranging from network and system administration to exploit research and development. He reported various vulnerabilities for high profile companies and vendors and was successfully acknowledged by them.

Leave a Reply