What is Fiddler: Key Components and Step-by-Step Guidance
Fiddler is a web debugging proxy tool utilized to capture and analyze HTTP and HTTPS traffic between a computer and the internet. It enables users to monitor, manipulate, and inspect web traffic for debugging, performance testing, and security testing purposes. Fiddler provides features like recording HTTP/HTTPS traffic, performance profiling, and modifying requests and responses. It's commonly employed by developers, testers, and security professionals to diagnose and troubleshoot web applications and services.
Fiddler Classic Main UI:
Fiddler Classic comprises several essential components:
Web Session List: Displays captured web sessions, showing details like URL, status, size, and timing.
Web Session Inspector: Lets users view and inspect individual web sessions, including request and response headers, content, and timing.
Composer: Allows manual creation and sending of HTTP requests to servers for testing and debugging web applications.
AutoResponder: Enables the creation of rules to automatically respond to specific HTTP requests, aiding in testing and simulating server responses.
Timeline: Provides a graphical representation of the timing and sequence of network requests, aiding in performance analysis.
Statistics: Offers various metrics about web traffic, such as total bytes transferred, average response times, and status code distribution.
Filters: Allows users to apply filters to the web session list, focusing on specific requests or domains for analysis.
Step-by-Step Guide to Capturing and Decrypting Traffic with Fiddler:
By default, Fiddler captures HTTP requests, but to capture HTTPS traffic, you need to enable the option to decrypt HTTPS traffic. Let's explore how to enable this feature.
Step 1: Go to Tools > Option > Select HTTPS and Enable the Decrypt HTTPS traffic check box.
Fiddler’s Tool Section:
Step 2: When prompted to enable the dialog box, click "Yes" to install the Fiddler Root certificate.
Step 3: Enable the option "Ignore Server certificate errors (Unsafe)" and close the Options window.
Step 4: Open any browser to begin capturing the traffic.
Captured HTTPS Traffic:
Step 5: To inspect HTTPS traffic, double-click on any HTTPS protocol entry. This action will open the request headers, allowing you to view the raw data of the captured traffic.
Step-by-Step Guide to Testing APIs with Fiddler:
After capturing the traffic, we can save and analyze it offline using the AutoResponder and Composer features.
Step 1: Go to AutoResponder and enable rules. Once enabled, traffic capture will stop, resulting in a 404 Error.
Fiddler’s AutoResponder:
Step 2: Now navigate to Inspector to see the results using Syntaxview.
Fiddler’s Inspector:
Step 3: Select the captured traffic, right-click and select "Replay" > "Reissue from Composer".
Fiddler’s Replay Feature:
Step 4: Instead of GET, Replace with Post to perform the API Call testing.
Fiddler’s Parsed - Post Action Feature:
After sending the request, Fiddler captures the API response. You can review the response headers, status code, and body content to confirm the success of the API call and analyze the data provided by the server.
Step 5: Once we parse the traffic, we can able to get the results in different formats, which one is convenient, you can select and see the results and proceed further.
API Test Results:
If you encounter any issues or errors, utilize Fiddler's debugging tools to troubleshoot the problem. This may examine the request and response details, pinpointing errors or irregularities, and making necessary adjustments.
Happy Learning !!!