Fiddler – Web Debugger Tool

This handy tool is a free release from Eric Lawrence and Microsoft, and it’s the best nonJava freeware HTTP proxy we’ve seen. It is quite adept at manipulating HTTP and HTTPS requests. Fiddler runs only on Windows and requires Microsoft’s .NET Framework 2.0 or later to be installed.

Fiddler’s interface is divided into three panes: on the left, you’ll see a list of sessions intercepted by Fiddler; the upper-right pane contains detailed information about the request; and the lower tracks data for the response. While browsing the Web as usual in an external browser, Fiddler records each request and response in the left pane (both are included on one line as a session). When clicking on a session, the right-hand panes display the request and response details.

In order to tamper with requests and responses, you have to enable Fiddler’s “breakpoints” feature, which is accessed using the Automatic Breakpoints entry under the Rules menu. Breakpoints are roughly analogous to Paros’ “trap” and WebScarab’s “intercept” functionality.

Breakpoints are disabled by default, and they can be set to occur automatically before each request or after each response. We typically set “before request,” which will then cause the browser to pause before each request, whereupon the last entry in the Fiddler session list will be visually highlighted in red. When selecting this session, a new bright red bar appears between the request and response panes on theright side. This bar has two buttons that control subsequent flow of the session: “break after response” or “run to completion.”

Now you can tamper with any of the data in the request before pressing either of these buttons to submit the manipulated request.

Fiddler automatically configures Internet Explorer to use its local proxy, but other browsers like Firefox may have to be manually configured to localhost:8888.

Related posts

How to Improve Your Cyber Resilience by Strengthening User Privileges

The Dark Side of Viral Content: How Negative Reviews Can Snowball

Testing Gaming Monetization: Walking the Line Between Profit and Player Experience