Upload
china
View
126
Download
0
Tags:
Embed Size (px)
DESCRIPTION
PDC09-CL25. Become a Web Debugging Virtuoso with Fiddler. Eric Lawrence Program Manager Microsoft Corporation. Fiddler: Origins. Once upon a time…. Oh no! What happened?!?. There must be a better way…. Fiddler: Origins. Fiddler: Origins. Fiddler: Origins. Fiddler: Origins. +. - PowerPoint PPT Presentation
Citation preview
ApplicationsNetwork
APIsProxy Website
+
Fiddler 2
Fiddler ScriptEngineFiddler ScriptEngine
Inspector2Inspector2
Inspector2Inspector2
IFiddlerExtension
IFiddlerExtension
IFiddlerExtension
IFiddlerExtension
Fiddler ProxyFiddler Proxy
Your FiddlerScript
Your FiddlerScript
Xceed*.dllXceed*.dll Makecert.exeMakecert.exe
You
r A
uto
mati
on
You
r A
uto
mati
on
Internet Explorer
WinINET
Office
CryptoAPI WinHTTP
Fiddler
Firefox
Upstream Proxy
example.com
Firewall
Fiddler InternetInternet
Internet Explorer
WinINET
Office
CryptoAPI WinHTTP
Fiddler(Port 80)
Firefox
Upstream Proxy
IIS or Apache(Port 81)
Firewall
Fiddler dynamically generates interception certificates chained to a self-signed root.
Use WinDiff to compare HTTP requests and responses.
http://websecuritytool.codeplex.com/
Use Fiddler inspectors to
modify requests and responses….
Flag, modify or remove headers from all requests and
responses.
Create hand-built HTTP requests, or
modify and reissue a request previously captured.
Replay previously captured or generated traffic.
static function OnBeforeRequest(oS: Session){
if (oS.uriContains(".aspx")) { oS["ui-color"] = "red";}
if (m_DisableCaching){ oS.oRequest.headers.Remove("If-None-Match"); oS.oRequest.headers.Remove("If-Modified-Since"); oS.oRequest["Pragma"] = "no-cache"; }}
static function OnBeforeResponse(oS: Session) {
oS.utilDecodeResponse(); oS.utilPrependToResponseBody("Injected Content!");
}
Timeline view of Buffering Mode
Timeline view of Streaming Mode
oCDS.dwData = 61180; // Magic CookieoCDS.cbData = strlen(sData);oCDS.lpData = sData;
SendMessage( FindWindow(NULL, "Fiddler - HTTP Debugging Proxy"),WM_COPYDATA,NULL,(LPARAM) &oCDS);
>>FUTURE
Fiddler 2
Fiddler ScriptEngineFiddler ScriptEngine
Inspector2Inspector2
Inspector2Inspector2
IFiddlerExtension
IFiddlerExtension
IFiddlerExtension
IFiddlerExtension
FiddlerCoreFiddlerCore
YourApp.exeYourApp.exe
FiddlerCoreFiddlerCore
Fiddler application with extensions
Your application hosting FiddlerCore
Your FiddlerScript
Your FiddlerScript
Xceed*.dll
Xceed*.dll
Makecert.exe
Makecert.exe Makecert.ex
eMakecert.ex
e
// Call Startup to tell FiddlerCore to begin // listening on the specified port, register as // the system proxy and decrypt HTTPS traffic.Fiddler.FiddlerApplication.Startup(8877, true, true);
Fiddler.FiddlerApplication.BeforeResponse += delegate(Fiddler.Session oS) { Console.WriteLine("{0}:HTTP {1} for {2}", oS.id, oS.responseCode, oS.fullUrl); }; // Call Shutdown to tell FiddlerCore to stop// listening and unregister as the system proxyFiddler.FiddlerApplication.Shutdown();
>>FUTURE
Built by Developers for Developers….
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.