FT50_ Advanced Web Debugging with Fiddler - MSDN by hcj

VIEWS: 0 PAGES: 36

									             Note: Session includes demos and code samples.
               For optimal viewing, please sit near the front!




         Advanced Web Debugging
                    with Fiddler

Eric Lawrence
Program Manager
Internet Explorer
ericlaw@microsoft.com
GET /data HTTP/1.1

TRAFFIC CAPTURE
                          Typical Architecture
                                           Firewall

 Firefox




CryptoAPI   WinHTTP



Internet                        Upstream
            WinINET   Fiddler                         example.com
Explorer                         Proxy



 Office
              Debug Across Devices
PC
Mac




             Fiddler     Internet
SmartPhone
Linux
FiddlerHook for Firefox
Fiddler, FiddlerCap, and IE9

TRAFFIC IMPORT
                                     FiddlerCap
FiddlerCap is a lightweight capture tool
                        IE9 Developer Tools
IE9’s Developer Tools include a “Network” tab
Examine Requests and Responses

TRAFFIC ANALYSIS
                            Filtering Traffic

•Ignore Images & CONNECTs
•Application Type Filter
•Process Filter
•Using QuickExec
•Using Find
                                Output Options

•   Copy sessions to the clipboard
•   Store as a plaintext file
•   Extract binary response bodies
•   Archive to a database
•   Export a Visual Studio .WebTest file
•   Write your own…
•   Fiddler’s native “Session Archive ZIP” (SAZ)
    Format
                         Traffic Comparison

Use WinDiff to compare
  HTTP requests and
     responses.
                        Traffic Comparison
“Viewer” mode allows examining multiple
captures side-by-side.




              fiddler.exe -viewer
Rewriting HTTP(S) Traffic

TRAFFIC MODIFICATION
                         Automated Rewrites
•Simple Built-in Rules
•The HOSTS extension
                     Breakpoint Debugging


 Use Fiddler inspectors
to modify requests and
     responses….
                    Understanding Streaming
Timeline view of Buffering Mode




Timeline view of Streaming Mode
                         Request Builder



Create hand-built HTTP
  requests, or modify
 and reissue a request
 previously captured.
                         Simple Filters




Flag, modify or remove headers from
      all requests and responses.
                   AutoResponder




Replay previously captured or
      generated traffic.
Powering Up Fiddler

SCRIPTING AND EXTENSIBILITY
                  Understanding Extensibility

                                          Fiddler 2
                                           Inspector2

                  ExecAction.exe           Inspector2
Your Automation




                                        IFiddlerExtension

                                        IFiddlerExtension

                                     Fiddler ScriptEngine
                                        Your FiddlerScript

                                          Fiddler Proxy


                                   Xceed*.dll      Makecert.exe
Lightweight extensibility using JavaScript

FIDDLERSCRIPT
FiddlerScript
                               FiddlerScript:
                        Request Modification
static function OnBeforeRequest(oS: Session){

if (oS.uriContains(".aspx"))
{
  oS["ui-color"] = "red";
}

if (m_DisableCaching){
  oS.oRequest.headers.Remove("If-None-Match");
  oS.oRequest.headers.Remove("If-Modified-
Since");
  oS.oRequest["Pragma"] = "no-cache";
  }
}
                                FiddlerScript:
                        Response Modification


static function OnBeforeResponse(oS: Session)
{

 oS.utilDecodeResponse();
 oS.utilPrependToResponseBody("Injected Content!");

}
Powerful extensibility using any .NET Language

EXTENSIONS
neXpert
                                         Watcher
Automated (passive) security analysis




      http://websecuritytool.codeplex.com/
Integrating Fiddler into your tools

TEST INTEGRATION
                                    ExecAction

The ExecAction.exe command line utility calls
  into the OnExecAction function in script and
  Fiddler extensions.
                                                                   FiddlerCore
                 Fiddler application with extensions   Your application hosting FiddlerCore



                               Fiddler 2                         YourApp.exe
                                Inspector2

                                Inspector2
ExecAction.exe




                             IFiddlerExtension

                             IFiddlerExtension

                          Fiddler ScriptEngine
                             Your FiddlerScript

                               FiddlerCore                          FiddlerCore

                        Xceed*.dll      Makecert.exe                 Makecert.exe
                 Programming with FiddlerCore

// Call Startup to tell FiddlerCore to begin
// listening on the specified port, register as
// the system proxy and decrypt HTTPS traffic.
Fiddler.FiddlerApplication.Startup(8877, true, true);

Fiddler.FiddlerApplication.BeforeResponse +=
delegate(Fiddler.Session oS) {
Console.WriteLine("{0}:HTTP {1} for {2}", oS.id,
oS.responseCode, oS.fullUrl);
};

// Call Shutdown to tell FiddlerCore to stop
// listening and unregister as the system proxy
Fiddler.FiddlerApplication.Shutdown();
                                 Call To Action

• Try the Watcher & neXpert extensions
• Use FiddlerCap to collect traffic from the field
• Check out import from the IE9 Developer Tools
                Questions and Resources

 Please fill out an evaluation form
      for this session (FT-50).

                Thank you!
Resources
  o Meet the IE Team in the MIX “Commons”
  o http://www.fiddler2.com/mix/
  o ericlaw@microsoft.com

								
To top