SlideShare a Scribd company logo

Debugging with Fiddler

Download as PPTX, PDF
Ido Flatow
Ido Flatow

How to use Fiddler to inspect traffic, investigate performance of web applications and services, debug web applications, test applications, and support client issues.

TechnologyEntertainment & Humor
1 of 32
Ido Flatow Senior Architect Microsoft MVP SELA Group Debugging the Web with Fiddler @idoFLATOW http://bit.ly/flatow-blog This presentation: http://sdrv.ms/13mgEP9
www.devconnections.com DEBUGGING THE WEB WITH FIDDLER MEET FIDDLER…
www.devconnections.com DEBUGGING THE WEB WITH FIDDLER MEET FIDDLER…
www.devconnections.com DEBUGGING THE WEB WITH FIDDLER MEET FIDDLER…
www.devconnections.com DEBUGGING THE WEB WITH FIDDLER Application Network APIs Proxy Website WHAT IS FIDDLER?
www.devconnections.com DEBUGGING THE WEB WITH FIDDLER HOW FIDDLER WORKS… Internet Explorer WinINET Office CryptoAPI WinHTTP Fiddler Firefox Upstream Proxy Web Site Firewall
www.devconnections.com DEBUGGING THE WEB WITH FIDDLER FIDDLER FACTS  A proxy server  An HTTP/HTTPS Sniffer  An HTTP Debugger  Written in .NET 3.5 / 4  A free utility (for now, cross your fingers)  An extensible application  A must tool for web developers  Unfortunately, it doesn’t make coffee!
www.devconnections.com DEBUGGING THE WEB WITH FIDDLER SCENARIO: INSPECTING TRAFFIC  Web sessions  Inspectors  Filters  QuickExec
www.devconnections.com DEBUGGING THE WEB WITH FIDDLER THE SESSIONS LIST 9 Sequence and color coding Caching information Origin process Manual commentsResponse size
www.devconnections.com DEBUGGING THE WEB WITH FIDDLER FIDDLER TO THE RESCUE  Browsers (Static sites, ASP.NET, J2EE, PHP)  Desktop applications that use HTTP  Web services  Windows Phone Emulator  Any device that supports a proxy server ( )
www.devconnections.com DEBUGGING THE WEB WITH FIDDLER THE RIGHT INSPECTOR FOR THE JOB
www.devconnections.com DEBUGGING THE WEB WITH FIDDLER FILTER BY… By process type By specific process By host By process name/PID/svchost By URL By status code By MIME or size QuickExec
www.devconnections.com DEBUGGING THE WEB WITH FIDDLER FIDDLER AND HTTPS  HTTPS is secured - between two machines  Fiddler acts as a “machine-in-the-middle”  Generates certificates for web sites on-the-fly  Fiddler supports client certificates for authentication  Supports excluding problematic HTTPS sites
www.devconnections.com DEBUGGING THE WEB WITH FIDDLER IF YOU SEE THIS, DON’T PANIC
www.devconnections.com DEBUGGING THE WEB WITH FIDDLER SCENARIO: PERFORMANCE TUNING  Timeline  Statistics  More inspectors
www.devconnections.com DEBUGGING THE WEB WITH FIDDLER REMINDER UNDERSTANDING THE CONNECTION Application Network APIs Proxy Website Second connection From Fiddler to the server First connection From client to Fiddler
www.devconnections.com DEBUGGING THE WEB WITH FIDDLER VISUALIZE THE TRAFFIC WITH TIMELINE Start End Bar color = MIME Red = new connection Green = reused connection Disk = cached response Bar = begin receive Stripes = buffered by Fiddler Prefer stream over buffer Use buffer when editing responses
www.devconnections.com DEBUGGING THE WEB WITH FIDDLER STATISTICS ARE IMPORTANT  Single page statistics give info on performance  Client processing  Server processing  Network latency  Server time: ServerBeginResponse – ServerGotRequest  Upload time: ServerGotRequest – ClientDoneRequest  Download time: ServerDoneResponse – ServerBeginResponse  Watch out for misleading connection reuse
www.devconnections.com DEBUGGING THE WEB WITH FIDDLER DRAWING CONCLUSIONS  Reduce number of requests  Reduce traffic roundtrips  Reduce the size of requests and responses  Applying compression where needed  Identify non-cached responses  Use Fiddler to improve performance, not to measure it!
www.devconnections.com DEBUGGING THE WEB WITH FIDDLER SCENARIO: DEBUGGING  Replay  Composer  Breakpoints
www.devconnections.com DEBUGGING THE WEB WITH FIDDLER PLAY IT AGAIN, SAM  Why run the client scenario again, just to resend the request?  Simply click “Replay”  Reissue a single request  Reissue a set of requests  Reissue unconditionally (no cache headers)  Reissue multiple times
www.devconnections.com DEBUGGING THE WEB WITH FIDDLER CHANGING REQUESTS WITH COMPOSER  Create any request from scratch  Use previous requests with drag-n-drop  Don’t bother calculating content length www.bobthebuilder.com
www.devconnections.com DEBUGGING THE WEB WITH FIDDLER DEBUGGING LOCALHOST  In some cases, proxies are bypassed when using localhost (127.0.0.1) addresses  What to do?  Use the machine’s name  Use fictitious DNS names  ipv4.fiddler or ipv6.fiddler (converted to 127.0.0.1 / [::1])  localhost. or localhost.fiddler (converted to localhost)  Force the use of a proxy with netsh
www.devconnections.com DEBUGGING THE WEB WITH FIDDLER SCENARIO: TESTING  Save / Export  Auto responder
www.devconnections.com DEBUGGING THE WEB WITH FIDDLER WHAT DID YOU TYPE IN WRONG TO GET IT TO CRASH?  Save traffic to file  Save sessions as .SAZ (Zip) archive  .SAZ stores content and session info  Other archiving options:  HTTP Archive (HAR)  Visual Studio Web Test
www.devconnections.com DEBUGGING THE WEB WITH FIDDLER AUTO-RESPONDER AN IN-MEMORY WEBSITE  If URI matches… then respond with…  Respond with file/redirection/breakpoint/drop  Not only that, you can also:  Import sessions as responses  Edit stored responses  Use original latency time (updatable)  Export and import rules
www.devconnections.com DEBUGGING THE WEB WITH FIDDLER SCENARIO: CUSTOMERS  Reverse proxy  Fiddler Cap
www.devconnections.com DEBUGGING THE WEB WITH FIDDLER CAN’T FIDDLE THE CLIENT? FIDDLE THE SERVER Local Network Web ServerFiddler 8180 http://bit.ly/fiddler-reverse-proxy
www.devconnections.com DEBUGGING THE WEB WITH FIDDLER MINI FIDDLER, CUSTOMER-ORIENTED  Six simple steps  Install and run  Click 1. Start Capture  Browse the web site  [Take some screenshots]  Click 2. Stop Capture  Click 3. Save Capture  Email me the .SAZ file 29
www.devconnections.com DEBUGGING THE WEB WITH FIDDLER EXTENDING FIDDLER  Customize rules script  Create custom inspectors  Create requests and responses auto-modifiers  Create new exporter/importer  Extend QuickExec with new commands  Add menus and tabs
www.devconnections.com DEBUGGING THE WEB WITH FIDDLER FIDDLER IS MORE THAN A SNIFFER  Monitors traffic, yes, but also…  Controls traffic  Modifies traffic  Generates traffic  Easy to use  Extensible
www.devconnections.com DEBUGGING THE WEB WITH FIDDLER http://bit.ly/flatowblog @IdoFlatow idof@sela.co.il My Info Fiddler Website http://www.fiddler2.com http://groups.google.com/group/httpfiddler Fiddler Forum http://www.telerik.com/automated-testing-tools/blog/eric-lawrence.aspx http://blogs.msdn.com/b/fiddler (older blog) Fiddler Blog http://sdrv.ms/13mgEP9 This Presentation RESOURCES

Recommended

how to use fiddler (Ver eng)
how to use fiddler (Ver eng)how to use fiddler (Ver eng)
how to use fiddler (Ver eng)
용진 조
 
Fiddler web testing tool
Fiddler web testing toolFiddler web testing tool
Fiddler web testing tool
HimaniChauhan
 
Salty OPS – Saltstack Introduction
Salty OPS – Saltstack IntroductionSalty OPS – Saltstack Introduction
Salty OPS – Saltstack Introduction
Walter Liu
 
Red Dragon's CYBER Security RSS Feed .docx version
Red Dragon's CYBER Security RSS Feed .docx versionRed Dragon's CYBER Security RSS Feed .docx version
Red Dragon's CYBER Security RSS Feed .docx version
Bill Hagestad II
 
Watir
WatirWatir
Watir
Sai Venkat
 
From Java 17 to 21- A Showcase of JDK Security Enhancements
From Java 17 to 21- A Showcase of JDK Security EnhancementsFrom Java 17 to 21- A Showcase of JDK Security Enhancements
From Java 17 to 21- A Showcase of JDK Security Enhancements
Ana-Maria Mihalceanu
 
Scylla Summit 2022: How to Migrate a Counter Table for 68 Billion Records
Scylla Summit 2022: How to Migrate a Counter Table for 68 Billion RecordsScylla Summit 2022: How to Migrate a Counter Table for 68 Billion Records
Scylla Summit 2022: How to Migrate a Counter Table for 68 Billion Records
ScyllaDB
 
Next-Generation Cloud Native Apps with Spring Cloud and Kubernetes
Next-Generation Cloud Native Apps with Spring Cloud and KubernetesNext-Generation Cloud Native Apps with Spring Cloud and Kubernetes
Next-Generation Cloud Native Apps with Spring Cloud and Kubernetes
VMware Tanzu
 

Recommended

how to use fiddler (Ver eng)
how to use fiddler (Ver eng)how to use fiddler (Ver eng)
how to use fiddler (Ver eng)
용진 조
 
Fiddler web testing tool
Fiddler web testing toolFiddler web testing tool
Fiddler web testing tool
HimaniChauhan
 
Salty OPS – Saltstack Introduction
Salty OPS – Saltstack IntroductionSalty OPS – Saltstack Introduction
Salty OPS – Saltstack Introduction
Walter Liu
 
Red Dragon's CYBER Security RSS Feed .docx version
Red Dragon's CYBER Security RSS Feed .docx versionRed Dragon's CYBER Security RSS Feed .docx version
Red Dragon's CYBER Security RSS Feed .docx version
Bill Hagestad II
 
Watir
WatirWatir
Watir
Sai Venkat
 
From Java 17 to 21- A Showcase of JDK Security Enhancements
From Java 17 to 21- A Showcase of JDK Security EnhancementsFrom Java 17 to 21- A Showcase of JDK Security Enhancements
From Java 17 to 21- A Showcase of JDK Security Enhancements
Ana-Maria Mihalceanu
 
Scylla Summit 2022: How to Migrate a Counter Table for 68 Billion Records
Scylla Summit 2022: How to Migrate a Counter Table for 68 Billion RecordsScylla Summit 2022: How to Migrate a Counter Table for 68 Billion Records
Scylla Summit 2022: How to Migrate a Counter Table for 68 Billion Records
ScyllaDB
 
Next-Generation Cloud Native Apps with Spring Cloud and Kubernetes
Next-Generation Cloud Native Apps with Spring Cloud and KubernetesNext-Generation Cloud Native Apps with Spring Cloud and Kubernetes
Next-Generation Cloud Native Apps with Spring Cloud and Kubernetes
VMware Tanzu
 
Optimizing Kubernetes Resource Requests/Limits for Cost-Efficiency and Latenc...
Optimizing Kubernetes Resource Requests/Limits for Cost-Efficiency and Latenc...Optimizing Kubernetes Resource Requests/Limits for Cost-Efficiency and Latenc...
Optimizing Kubernetes Resource Requests/Limits for Cost-Efficiency and Latenc...
Henning Jacobs
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
Soroush Dalili
 
F5 ASM v12 DDoS best practices
F5 ASM v12 DDoS best practices F5 ASM v12 DDoS best practices
F5 ASM v12 DDoS best practices
Lior Rotkovitch
 
Encoded Attacks And Countermeasures
Encoded Attacks And CountermeasuresEncoded Attacks And Countermeasures
Encoded Attacks And Countermeasures
Marco Morana
 
FreeSWITCH Cluster by K8s
FreeSWITCH Cluster by K8sFreeSWITCH Cluster by K8s
FreeSWITCH Cluster by K8s
Chien Cheng Wu
 
Linux Profiling at Netflix
Linux Profiling at NetflixLinux Profiling at Netflix
Linux Profiling at Netflix
Brendan Gregg
 
Docker Networking Overview
Docker Networking OverviewDocker Networking Overview
Docker Networking Overview
Sreenivas Makam
 
HTTP Request Smuggling via higher HTTP versions
HTTP Request Smuggling via higher HTTP versionsHTTP Request Smuggling via higher HTTP versions
HTTP Request Smuggling via higher HTTP versions
neexemil
 
HTTP Analytics for 6M requests per second using ClickHouse, by Alexander Boc...
HTTP Analytics for 6M requests per second using ClickHouse, by Alexander Boc...HTTP Analytics for 6M requests per second using ClickHouse, by Alexander Boc...
HTTP Analytics for 6M requests per second using ClickHouse, by Alexander Boc...
Altinity Ltd
 
RoR Workshop - Web applications hacking - Ruby on Rails example
RoR Workshop - Web applications hacking - Ruby on Rails exampleRoR Workshop - Web applications hacking - Ruby on Rails example
RoR Workshop - Web applications hacking - Ruby on Rails example
Railwaymen
 
Apache Kafka from 0.7 to 1.0, History and Lesson Learned
Apache Kafka from 0.7 to 1.0, History and Lesson LearnedApache Kafka from 0.7 to 1.0, History and Lesson Learned
Apache Kafka from 0.7 to 1.0, History and Lesson Learned
Guozhang Wang
 
Building ClickHouse and Making Your First Contribution: A Tutorial_06.10.2021
Building ClickHouse and Making Your First Contribution: A Tutorial_06.10.2021Building ClickHouse and Making Your First Contribution: A Tutorial_06.10.2021
Building ClickHouse and Making Your First Contribution: A Tutorial_06.10.2021
Altinity Ltd
 
Kafka Tutorial: Kafka Security
Kafka Tutorial: Kafka SecurityKafka Tutorial: Kafka Security
Kafka Tutorial: Kafka Security
Jean-Paul Azar
 
Docker, LinuX Container
Docker, LinuX ContainerDocker, LinuX Container
Docker, LinuX Container
Araf Karsh Hamid
 
Kafka monitoring using Prometheus and Grafana
Kafka monitoring using Prometheus and GrafanaKafka monitoring using Prometheus and Grafana
Kafka monitoring using Prometheus and Grafana
wonyong hwang
 
How to be Successful with Scylla
How to be Successful with ScyllaHow to be Successful with Scylla
How to be Successful with Scylla
ScyllaDB
 
ClickHouse Keeper
ClickHouse KeeperClickHouse Keeper
ClickHouse Keeper
Altinity Ltd
 
Cucumber and Spock Primer
Cucumber and Spock PrimerCucumber and Spock Primer
Cucumber and Spock Primer
John Ferguson Smart Limited
 
mise en place de wordpresss sous Ubuntu 22.04
mise en place de wordpresss sous Ubuntu 22.04mise en place de wordpresss sous Ubuntu 22.04
mise en place de wordpresss sous Ubuntu 22.04
ImnaTech
 
F5 BIG-IP Misconfigurations
F5 BIG-IP MisconfigurationsF5 BIG-IP Misconfigurations
F5 BIG-IP Misconfigurations
Denis Kolegov
 
2015 03 06 lmtv wtf http webcast
2015 03 06 lmtv wtf http webcast2015 03 06 lmtv wtf http webcast
2015 03 06 lmtv wtf http webcast
Tony Fortunato
 
2015 02 24 lmtv baselining
2015 02 24 lmtv baselining2015 02 24 lmtv baselining
2015 02 24 lmtv baselining
Tony Fortunato
 

More Related Content

What's hot

WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
Soroush Dalili
 
Encoded Attacks And Countermeasures
Encoded Attacks And CountermeasuresEncoded Attacks And Countermeasures
Encoded Attacks And Countermeasures
Marco Morana
 

What's hot (20)

Optimizing Kubernetes Resource Requests/Limits for Cost-Efficiency and Latenc...
Optimizing Kubernetes Resource Requests/Limits for Cost-Efficiency and Latenc...Optimizing Kubernetes Resource Requests/Limits for Cost-Efficiency and Latenc...
Optimizing Kubernetes Resource Requests/Limits for Cost-Efficiency and Latenc...
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
 
F5 ASM v12 DDoS best practices
F5 ASM v12 DDoS best practices F5 ASM v12 DDoS best practices
F5 ASM v12 DDoS best practices
 
Encoded Attacks And Countermeasures
Encoded Attacks And CountermeasuresEncoded Attacks And Countermeasures
Encoded Attacks And Countermeasures
 
FreeSWITCH Cluster by K8s
FreeSWITCH Cluster by K8sFreeSWITCH Cluster by K8s
FreeSWITCH Cluster by K8s
 
Linux Profiling at Netflix
Linux Profiling at NetflixLinux Profiling at Netflix
Linux Profiling at Netflix
 
Docker Networking Overview
Docker Networking OverviewDocker Networking Overview
Docker Networking Overview
 
HTTP Request Smuggling via higher HTTP versions
HTTP Request Smuggling via higher HTTP versionsHTTP Request Smuggling via higher HTTP versions
HTTP Request Smuggling via higher HTTP versions
 
HTTP Analytics for 6M requests per second using ClickHouse, by Alexander Boc...
HTTP Analytics for 6M requests per second using ClickHouse, by Alexander Boc...HTTP Analytics for 6M requests per second using ClickHouse, by Alexander Boc...
HTTP Analytics for 6M requests per second using ClickHouse, by Alexander Boc...
 
RoR Workshop - Web applications hacking - Ruby on Rails example
RoR Workshop - Web applications hacking - Ruby on Rails exampleRoR Workshop - Web applications hacking - Ruby on Rails example
RoR Workshop - Web applications hacking - Ruby on Rails example
 
Apache Kafka from 0.7 to 1.0, History and Lesson Learned
Apache Kafka from 0.7 to 1.0, History and Lesson LearnedApache Kafka from 0.7 to 1.0, History and Lesson Learned
Apache Kafka from 0.7 to 1.0, History and Lesson Learned
 
Building ClickHouse and Making Your First Contribution: A Tutorial_06.10.2021
Building ClickHouse and Making Your First Contribution: A Tutorial_06.10.2021Building ClickHouse and Making Your First Contribution: A Tutorial_06.10.2021
Building ClickHouse and Making Your First Contribution: A Tutorial_06.10.2021
 
Kafka Tutorial: Kafka Security
Kafka Tutorial: Kafka SecurityKafka Tutorial: Kafka Security
Kafka Tutorial: Kafka Security
 
Docker, LinuX Container
Docker, LinuX ContainerDocker, LinuX Container
Docker, LinuX Container
 
Kafka monitoring using Prometheus and Grafana
Kafka monitoring using Prometheus and GrafanaKafka monitoring using Prometheus and Grafana
Kafka monitoring using Prometheus and Grafana
 
How to be Successful with Scylla
How to be Successful with ScyllaHow to be Successful with Scylla
How to be Successful with Scylla
 
ClickHouse Keeper
ClickHouse KeeperClickHouse Keeper
ClickHouse Keeper
 
Cucumber and Spock Primer
Cucumber and Spock PrimerCucumber and Spock Primer
Cucumber and Spock Primer
 
mise en place de wordpresss sous Ubuntu 22.04
mise en place de wordpresss sous Ubuntu 22.04mise en place de wordpresss sous Ubuntu 22.04
mise en place de wordpresss sous Ubuntu 22.04
 
F5 BIG-IP Misconfigurations
F5 BIG-IP MisconfigurationsF5 BIG-IP Misconfigurations
F5 BIG-IP Misconfigurations
 

Viewers also liked

Wireshark Traffic Analysis
Wireshark Traffic AnalysisWireshark Traffic Analysis
Wireshark Traffic Analysis
David Sweigert
 
Wireshark
WiresharkWireshark
Wireshark
btohara
 
Powershell For Developers
Powershell For DevelopersPowershell For Developers
Powershell For Developers
Ido Flatow
 

Viewers also liked (20)

2015 03 06 lmtv wtf http webcast
2015 03 06 lmtv wtf http webcast2015 03 06 lmtv wtf http webcast
2015 03 06 lmtv wtf http webcast
 
2015 02 24 lmtv baselining
2015 02 24 lmtv baselining2015 02 24 lmtv baselining
2015 02 24 lmtv baselining
 
CapAnalysis - Deep Packet Inspection
CapAnalysis - Deep Packet InspectionCapAnalysis - Deep Packet Inspection
CapAnalysis - Deep Packet Inspection
 
Deep Packet Inspection technology evolution
Deep Packet Inspection technology evolutionDeep Packet Inspection technology evolution
Deep Packet Inspection technology evolution
 
Wireshark Traffic Analysis
Wireshark Traffic AnalysisWireshark Traffic Analysis
Wireshark Traffic Analysis
 
Wireshark
WiresharkWireshark
Wireshark
 
Network Packet Analysis with Wireshark
Network Packet Analysis with WiresharkNetwork Packet Analysis with Wireshark
Network Packet Analysis with Wireshark
 
Wireshark Basics
Wireshark BasicsWireshark Basics
Wireshark Basics
 
Powershell For Developers
Powershell For DevelopersPowershell For Developers
Powershell For Developers
 
Production debugging web applications
Production debugging web applicationsProduction debugging web applications
Production debugging web applications
 
Introduction to HTTP/2
Introduction to HTTP/2Introduction to HTTP/2
Introduction to HTTP/2
 
4.2. Web analyst fiddler
4.2. Web analyst fiddler4.2. Web analyst fiddler
4.2. Web analyst fiddler
 
张所勇:前端开发工具推荐
张所勇:前端开发工具推荐张所勇:前端开发工具推荐
张所勇:前端开发工具推荐
 
EF Core (RC2)
EF Core (RC2)EF Core (RC2)
EF Core (RC2)
 
What's New in WCF 4.5
What's New in WCF 4.5What's New in WCF 4.5
What's New in WCF 4.5
 
The Essentials of Building Cloud-Based Web Apps with Azure
The Essentials of Building Cloud-Based Web Apps with AzureThe Essentials of Building Cloud-Based Web Apps with Azure
The Essentials of Building Cloud-Based Web Apps with Azure
 
Debugging the Web with Fiddler
Debugging the Web with FiddlerDebugging the Web with Fiddler
Debugging the Web with Fiddler
 
ASP.NET Core 1.0
ASP.NET Core 1.0ASP.NET Core 1.0
ASP.NET Core 1.0
 
IIS for Developers
IIS for DevelopersIIS for Developers
IIS for Developers
 
Testing Microservices with a Citrus twist
Testing Microservices with a Citrus twistTesting Microservices with a Citrus twist
Testing Microservices with a Citrus twist
 

Similar to Debugging with Fiddler

Windows Azure & How to Deploy Wordress
Windows Azure & How to Deploy WordressWindows Azure & How to Deploy Wordress
Windows Azure & How to Deploy Wordress
George Kanellopoulos
 
Jon Arne Sæterås - Give Responsive Design a mobile performance boost
Jon Arne Sæterås - Give Responsive Design a mobile performance boost Jon Arne Sæterås - Give Responsive Design a mobile performance boost
Jon Arne Sæterås - Give Responsive Design a mobile performance boost
DevConFu
 
"Running CF in a Shared Hosting Environment"
"Running CF in a Shared Hosting Environment""Running CF in a Shared Hosting Environment"
"Running CF in a Shared Hosting Environment"
webhostingguy
 
Building a Global-Scale Multi-Tenant Cloud Platform on AWS and Docker: Lesson...
Building a Global-Scale Multi-Tenant Cloud Platform on AWS and Docker: Lesson...Building a Global-Scale Multi-Tenant Cloud Platform on AWS and Docker: Lesson...
Building a Global-Scale Multi-Tenant Cloud Platform on AWS and Docker: Lesson...
Felix Gessert
 

Similar to Debugging with Fiddler (20)

Realtime with websockets
Realtime with websocketsRealtime with websockets
Realtime with websockets
 
Windows Azure & How to Deploy Wordress
Windows Azure & How to Deploy WordressWindows Azure & How to Deploy Wordress
Windows Azure & How to Deploy Wordress
 
0.Web Application Architecture.ppt
0.Web Application Architecture.ppt0.Web Application Architecture.ppt
0.Web Application Architecture.ppt
 
Windows Server 2008 R2 Dev Session 03
Windows Server 2008 R2 Dev Session 03Windows Server 2008 R2 Dev Session 03
Windows Server 2008 R2 Dev Session 03
 
Caching in Windows Azure
Caching in Windows AzureCaching in Windows Azure
Caching in Windows Azure
 
Jon Arne Sæterås - Give Responsive Design a mobile performance boost
Jon Arne Sæterås - Give Responsive Design a mobile performance boost Jon Arne Sæterås - Give Responsive Design a mobile performance boost
Jon Arne Sæterås - Give Responsive Design a mobile performance boost
 
Brocade AWS user group Sydney presentation
Brocade AWS user group Sydney presentationBrocade AWS user group Sydney presentation
Brocade AWS user group Sydney presentation
 
Websockets
WebsocketsWebsockets
Websockets
 
EVOLVE'14 | Enhance | Anshul Chhabra & Akhil Aggrawal | Cisco - AEM High Avai...
EVOLVE'14 | Enhance | Anshul Chhabra & Akhil Aggrawal | Cisco - AEM High Avai...EVOLVE'14 | Enhance | Anshul Chhabra & Akhil Aggrawal | Cisco - AEM High Avai...
EVOLVE'14 | Enhance | Anshul Chhabra & Akhil Aggrawal | Cisco - AEM High Avai...
 
Novosco: Citrix tips and best practices
Novosco: Citrix tips and best practicesNovosco: Citrix tips and best practices
Novosco: Citrix tips and best practices
 
"Running CF in a Shared Hosting Environment"
"Running CF in a Shared Hosting Environment""Running CF in a Shared Hosting Environment"
"Running CF in a Shared Hosting Environment"
 
Working with WebServices.ppt
Working with WebServices.pptWorking with WebServices.ppt
Working with WebServices.ppt
 
ColdFusion 10
ColdFusion 10ColdFusion 10
ColdFusion 10
 
Building a Global-Scale Multi-Tenant Cloud Platform on AWS and Docker: Lesson...
Building a Global-Scale Multi-Tenant Cloud Platform on AWS and Docker: Lesson...Building a Global-Scale Multi-Tenant Cloud Platform on AWS and Docker: Lesson...
Building a Global-Scale Multi-Tenant Cloud Platform on AWS and Docker: Lesson...
 
Drone Continuous Integration
Drone Continuous IntegrationDrone Continuous Integration
Drone Continuous Integration
 
Site Speed Fundamentals
Site Speed FundamentalsSite Speed Fundamentals
Site Speed Fundamentals
 
Pres Db2 native rest json and z/OS connect
Pres Db2 native rest json and z/OS connect Pres Db2 native rest json and z/OS connect
Pres Db2 native rest json and z/OS connect
 
Web Hacking
Web HackingWeb Hacking
Web Hacking
 
FATC UK - Real time collaborative Flex apps
FATC UK - Real time collaborative Flex appsFATC UK - Real time collaborative Flex apps
FATC UK - Real time collaborative Flex apps
 
Web Performance Internals explained for Developers and other stake holders.
Web Performance Internals explained for Developers and other stake holders.Web Performance Internals explained for Developers and other stake holders.
Web Performance Internals explained for Developers and other stake holders.
 

More from Ido Flatow

ASP.NET Web API and HTTP Fundamentals
ASP.NET Web API and HTTP FundamentalsASP.NET Web API and HTTP Fundamentals
ASP.NET Web API and HTTP Fundamentals
Ido Flatow
 
Advanced WCF Workshop
Advanced WCF WorkshopAdvanced WCF Workshop
Advanced WCF Workshop
Ido Flatow
 

More from Ido Flatow (14)

Google Cloud IoT Core
Google Cloud IoT CoreGoogle Cloud IoT Core
Google Cloud IoT Core
 
Introduction to HTTP/2
Introduction to HTTP/2Introduction to HTTP/2
Introduction to HTTP/2
 
Production Debugging War Stories
Production Debugging War StoriesProduction Debugging War Stories
Production Debugging War Stories
 
From VMs to Containers: Introducing Docker Containers for Linux and Windows S...
From VMs to Containers: Introducing Docker Containers for Linux and Windows S...From VMs to Containers: Introducing Docker Containers for Linux and Windows S...
From VMs to Containers: Introducing Docker Containers for Linux and Windows S...
 
Building IoT and Big Data Solutions on Azure
Building IoT and Big Data Solutions on AzureBuilding IoT and Big Data Solutions on Azure
Building IoT and Big Data Solutions on Azure
 
Migrating Customers to Microsoft Azure: Lessons Learned From the Field
Migrating Customers to Microsoft Azure: Lessons Learned From the FieldMigrating Customers to Microsoft Azure: Lessons Learned From the Field
Migrating Customers to Microsoft Azure: Lessons Learned From the Field
 
Introduction to HTTP/2
Introduction to HTTP/2Introduction to HTTP/2
Introduction to HTTP/2
 
Debugging your Way through .NET with Visual Studio 2015
Debugging your Way through .NET with Visual Studio 2015Debugging your Way through .NET with Visual Studio 2015
Debugging your Way through .NET with Visual Studio 2015
 
Introducing HTTP/2
Introducing HTTP/2Introducing HTTP/2
Introducing HTTP/2
 
Learning ASP.NET 5 and MVC 6
Learning ASP.NET 5 and MVC 6Learning ASP.NET 5 and MVC 6
Learning ASP.NET 5 and MVC 6
 
IaaS vs. PaaS: Windows Azure Compute Solutions
IaaS vs. PaaS: Windows Azure Compute SolutionsIaaS vs. PaaS: Windows Azure Compute Solutions
IaaS vs. PaaS: Windows Azure Compute Solutions
 
ASP.NET Web API and HTTP Fundamentals
ASP.NET Web API and HTTP FundamentalsASP.NET Web API and HTTP Fundamentals
ASP.NET Web API and HTTP Fundamentals
 
Advanced WCF Workshop
Advanced WCF WorkshopAdvanced WCF Workshop
Advanced WCF Workshop
 
Automating Windows Azure
Automating Windows AzureAutomating Windows Azure
Automating Windows Azure
 

Recently uploaded

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Recently uploaded (20)

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 

Debugging with Fiddler

  • 1. Ido Flatow Senior Architect Microsoft MVP SELA Group Debugging the Web with Fiddler @idoFLATOW http://bit.ly/flatow-blog This presentation: http://sdrv.ms/13mgEP9
  • 2. www.devconnections.com DEBUGGING THE WEB WITH FIDDLER MEET FIDDLER…
  • 3. www.devconnections.com DEBUGGING THE WEB WITH FIDDLER MEET FIDDLER…
  • 4. www.devconnections.com DEBUGGING THE WEB WITH FIDDLER MEET FIDDLER…
  • 5. www.devconnections.com DEBUGGING THE WEB WITH FIDDLER Application Network APIs Proxy Website WHAT IS FIDDLER?
  • 6. www.devconnections.com DEBUGGING THE WEB WITH FIDDLER HOW FIDDLER WORKS… Internet Explorer WinINET Office CryptoAPI WinHTTP Fiddler Firefox Upstream Proxy Web Site Firewall
  • 7. www.devconnections.com DEBUGGING THE WEB WITH FIDDLER FIDDLER FACTS  A proxy server  An HTTP/HTTPS Sniffer  An HTTP Debugger  Written in .NET 3.5 / 4  A free utility (for now, cross your fingers)  An extensible application  A must tool for web developers  Unfortunately, it doesn’t make coffee!
  • 8. www.devconnections.com DEBUGGING THE WEB WITH FIDDLER SCENARIO: INSPECTING TRAFFIC  Web sessions  Inspectors  Filters  QuickExec
  • 9. www.devconnections.com DEBUGGING THE WEB WITH FIDDLER THE SESSIONS LIST 9 Sequence and color coding Caching information Origin process Manual commentsResponse size
  • 10. www.devconnections.com DEBUGGING THE WEB WITH FIDDLER FIDDLER TO THE RESCUE  Browsers (Static sites, ASP.NET, J2EE, PHP)  Desktop applications that use HTTP  Web services  Windows Phone Emulator  Any device that supports a proxy server ( )
  • 11. www.devconnections.com DEBUGGING THE WEB WITH FIDDLER THE RIGHT INSPECTOR FOR THE JOB
  • 12. www.devconnections.com DEBUGGING THE WEB WITH FIDDLER FILTER BY… By process type By specific process By host By process name/PID/svchost By URL By status code By MIME or size QuickExec
  • 13. www.devconnections.com DEBUGGING THE WEB WITH FIDDLER FIDDLER AND HTTPS  HTTPS is secured - between two machines  Fiddler acts as a “machine-in-the-middle”  Generates certificates for web sites on-the-fly  Fiddler supports client certificates for authentication  Supports excluding problematic HTTPS sites
  • 14. www.devconnections.com DEBUGGING THE WEB WITH FIDDLER IF YOU SEE THIS, DON’T PANIC
  • 15. www.devconnections.com DEBUGGING THE WEB WITH FIDDLER SCENARIO: PERFORMANCE TUNING  Timeline  Statistics  More inspectors
  • 16. www.devconnections.com DEBUGGING THE WEB WITH FIDDLER REMINDER UNDERSTANDING THE CONNECTION Application Network APIs Proxy Website Second connection From Fiddler to the server First connection From client to Fiddler
  • 17. www.devconnections.com DEBUGGING THE WEB WITH FIDDLER VISUALIZE THE TRAFFIC WITH TIMELINE Start End Bar color = MIME Red = new connection Green = reused connection Disk = cached response Bar = begin receive Stripes = buffered by Fiddler Prefer stream over buffer Use buffer when editing responses
  • 18. www.devconnections.com DEBUGGING THE WEB WITH FIDDLER STATISTICS ARE IMPORTANT  Single page statistics give info on performance  Client processing  Server processing  Network latency  Server time: ServerBeginResponse – ServerGotRequest  Upload time: ServerGotRequest – ClientDoneRequest  Download time: ServerDoneResponse – ServerBeginResponse  Watch out for misleading connection reuse
  • 19. www.devconnections.com DEBUGGING THE WEB WITH FIDDLER DRAWING CONCLUSIONS  Reduce number of requests  Reduce traffic roundtrips  Reduce the size of requests and responses  Applying compression where needed  Identify non-cached responses  Use Fiddler to improve performance, not to measure it!
  • 20. www.devconnections.com DEBUGGING THE WEB WITH FIDDLER SCENARIO: DEBUGGING  Replay  Composer  Breakpoints
  • 21. www.devconnections.com DEBUGGING THE WEB WITH FIDDLER PLAY IT AGAIN, SAM  Why run the client scenario again, just to resend the request?  Simply click “Replay”  Reissue a single request  Reissue a set of requests  Reissue unconditionally (no cache headers)  Reissue multiple times
  • 22. www.devconnections.com DEBUGGING THE WEB WITH FIDDLER CHANGING REQUESTS WITH COMPOSER  Create any request from scratch  Use previous requests with drag-n-drop  Don’t bother calculating content length www.bobthebuilder.com
  • 23. www.devconnections.com DEBUGGING THE WEB WITH FIDDLER DEBUGGING LOCALHOST  In some cases, proxies are bypassed when using localhost (127.0.0.1) addresses  What to do?  Use the machine’s name  Use fictitious DNS names  ipv4.fiddler or ipv6.fiddler (converted to 127.0.0.1 / [::1])  localhost. or localhost.fiddler (converted to localhost)  Force the use of a proxy with netsh
  • 24. www.devconnections.com DEBUGGING THE WEB WITH FIDDLER SCENARIO: TESTING  Save / Export  Auto responder
  • 25. www.devconnections.com DEBUGGING THE WEB WITH FIDDLER WHAT DID YOU TYPE IN WRONG TO GET IT TO CRASH?  Save traffic to file  Save sessions as .SAZ (Zip) archive  .SAZ stores content and session info  Other archiving options:  HTTP Archive (HAR)  Visual Studio Web Test
  • 26. www.devconnections.com DEBUGGING THE WEB WITH FIDDLER AUTO-RESPONDER AN IN-MEMORY WEBSITE  If URI matches… then respond with…  Respond with file/redirection/breakpoint/drop  Not only that, you can also:  Import sessions as responses  Edit stored responses  Use original latency time (updatable)  Export and import rules
  • 27. www.devconnections.com DEBUGGING THE WEB WITH FIDDLER SCENARIO: CUSTOMERS  Reverse proxy  Fiddler Cap
  • 28. www.devconnections.com DEBUGGING THE WEB WITH FIDDLER CAN’T FIDDLE THE CLIENT? FIDDLE THE SERVER Local Network Web ServerFiddler 8180 http://bit.ly/fiddler-reverse-proxy
  • 29. www.devconnections.com DEBUGGING THE WEB WITH FIDDLER MINI FIDDLER, CUSTOMER-ORIENTED  Six simple steps  Install and run  Click 1. Start Capture  Browse the web site  [Take some screenshots]  Click 2. Stop Capture  Click 3. Save Capture  Email me the .SAZ file 29
  • 30. www.devconnections.com DEBUGGING THE WEB WITH FIDDLER EXTENDING FIDDLER  Customize rules script  Create custom inspectors  Create requests and responses auto-modifiers  Create new exporter/importer  Extend QuickExec with new commands  Add menus and tabs
  • 31. www.devconnections.com DEBUGGING THE WEB WITH FIDDLER FIDDLER IS MORE THAN A SNIFFER  Monitors traffic, yes, but also…  Controls traffic  Modifies traffic  Generates traffic  Easy to use  Extensible
  • 32. www.devconnections.com DEBUGGING THE WEB WITH FIDDLER http://bit.ly/flatowblog @IdoFlatow idof@sela.co.il My Info Fiddler Website http://www.fiddler2.com http://groups.google.com/group/httpfiddler Fiddler Forum http://www.telerik.com/automated-testing-tools/blog/eric-lawrence.aspx http://blogs.msdn.com/b/fiddler (older blog) Fiddler Blog http://sdrv.ms/13mgEP9 This Presentation RESOURCES