Skip to main content

Decrypt HTTP traffic with web debugger Fiddler

Most people just couldn’t fathom how complicated the web is. From the time a user types the URL into the browser’s address bar and hits Enter, to the time the web page opens – a period barely a few seconds long, a thousand different things happen. Your request goes through thousands of kilometers of undersea optical fiber cable, across several continents, through hundreds of computers performing millions of calculations till it reaches the destination, and then makes the same trip back home. All this happens before you can even say “Internet”.

Now, it wouldn't be possible to espy on the whole journey, but we can certainly find out what data goes through to and fro using a web proxy. Fiddler is a great tool in this regard. It’s particularly useful when we have reasons to be suspicious about a website. Where is a page retrieving it's content from? Is it sending back data to places it isn’t supposed to? Is the page doing funny things on your computer?

fiddler

Fiddler is a free web debugging proxy which logs all HTTP/HTTPS traffic between your computer and the Internet, and allows you to inspect and “fiddle” with the incoming and outgoing traffic.

Fiddler is available as a plug-in for Internet Explorer, meaning you can only use it to debug sites opened in IE. Traffic via other browsers are not intercepted by Fiddler. Just discovered, it works with Firefox too.

Once you open the site you want to debug, launch Fiddler using the icon in IE’s toolbar or via the start menu. Here you can see all HTTP requests sent from your computer. You can click on any request and get a detailed report on it – bytes transferred, time taken for DNS lookup, time taken to reach each server on it’s way etc. If you want to dig further, click on the “Inspector” tab. Here you can view the headers, authorization data if any, or the hex codes. The data is available in various different formats like text, XML or raw.

fiddler3

This is useful if you want find out if the website behaves suspiciously, like sneaking in a cookie or communicating with another site or server. The response from the server is displayed in the bottom half of the window. Here too you can inspect the headers, see what external files are being transmitted etc.

The amount of information is actually quite overwhelming. So there is a solution – filters. You can filter out traffic you are not interested in. Since a single page can output so much data, the filters will come extremely helpful when you are actually debugging. For instance, you can filter out the images and style sheet and concentrate only on JavaScript or ActiveX elements. You can even intercept the data, modify it and see what response you received from the server.

Fiddler also supports plug-ins and there are a handful available that brings various features like Syntax highlighting, gallery for images, content blocking where you can altogether block certain contents from appearing on the site.

On Fiddler’s website you can find a couple of very demonstrative videos which will walk you through each and every tool in the program. There are also a few documentations and a discussion board.

Comments

  1. Nice app but I still prefer Wireshark

    ReplyDelete
  2. This seems cool. Does it require WinPcap? If so what version?

    ReplyDelete

Post a Comment

Popular posts from this blog

How to Record CPU and Memory Usage Over Time in Windows?

Whenever the computer is lagging or some application is taking too long to respond, we usually fire up task manager and look under the Performance tab or under Processes to check on processor utilization or the amount of free memory available. The task manager is ideal for real-time analysis of CPU and memory utilization. It even displays a short history of CPU utilization in the form of a graph. You get a small time-window, about 30 seconds or so, depending on how large the viewing area is.

How to Schedule Changes to Your Facebook Page Cover Photo

Facebook’s current layout, the so called Timeline, features a prominent, large cover photo that some people are using in a lot of different creative ways. Timeline is also available for Facebook Pages that people can use to promote their website or business or event. Although you can change the cover photo as often as you like, it’s meant to be static – something which you design and leave it for at least a few weeks or months like a redesigned website. However, there are times when you may want to change the cover photo frequently and periodically to match event dates or some special promotion that you are running or plan to run. So, here is how you can do that.

Diagram 101: Different Types of Diagrams and When To Use Them

Diagrams are a great way to visualize information and convey meaning. The problem is that there’s too many different types of diagrams, so it can be hard to know which ones you should use in any given situation. To help you out, we’ve created this diagram that lays out the 7 most common types of diagrams and when they’re best used: