ApplicationsNetwork

APIsProxy Website

+

Fiddler 2

Fiddler ScriptEngineFiddler ScriptEngine

Inspector2Inspector2

Inspector2Inspector2

IFiddlerExtension

IFiddlerExtension

IFiddlerExtension

IFiddlerExtension

Fiddler ProxyFiddler Proxy

Your FiddlerScript

Your FiddlerScript

Xceed*.dllXceed*.dll Makecert.exeMakecert.exe

You

r A

uto

mati

on

You

r A

uto

mati

on

Internet Explorer

WinINET

Office

CryptoAPI WinHTTP

Fiddler

Firefox

Upstream Proxy

example.com

Firewall

Fiddler InternetInternet

Internet Explorer

WinINET

Office

CryptoAPI WinHTTP

Fiddler(Port 80)

Firefox

Upstream Proxy

IIS or Apache(Port 81)

Firewall

Fiddler dynamically generates interception certificates chained to a self-signed root.

Use WinDiff to compare HTTP requests and responses.

http://websecuritytool.codeplex.com/

Use Fiddler inspectors to

modify requests and responses….

Flag, modify or remove headers from all requests and

responses.

Create hand-built HTTP requests, or

modify and reissue a request previously captured.

Replay previously captured or generated traffic.

static function OnBeforeRequest(oS: Session){

if (oS.uriContains(".aspx")) { oS["ui-color"] = "red";}

if (m_DisableCaching){ oS.oRequest.headers.Remove("If-None-Match"); oS.oRequest.headers.Remove("If-Modified-Since"); oS.oRequest["Pragma"] = "no-cache"; }}

static function OnBeforeResponse(oS: Session) {

oS.utilDecodeResponse(); oS.utilPrependToResponseBody("Injected Content!");

}

Timeline view of Buffering Mode

Timeline view of Streaming Mode

oCDS.dwData = 61180; // Magic CookieoCDS.cbData = strlen(sData);oCDS.lpData = sData;

SendMessage( FindWindow(NULL, "Fiddler - HTTP Debugging Proxy"),WM_COPYDATA,NULL,(LPARAM) &oCDS);

>>FUTURE

Fiddler 2

Fiddler ScriptEngineFiddler ScriptEngine

Inspector2Inspector2

Inspector2Inspector2

IFiddlerExtension

IFiddlerExtension

IFiddlerExtension

IFiddlerExtension

FiddlerCoreFiddlerCore

YourApp.exeYourApp.exe

FiddlerCoreFiddlerCore

Fiddler application with extensions

Your application hosting FiddlerCore

Your FiddlerScript

Your FiddlerScript

Xceed*.dll

Xceed*.dll

Makecert.exe

Makecert.exe Makecert.ex

eMakecert.ex

e

// Call Startup to tell FiddlerCore to begin // listening on the specified port, register as // the system proxy and decrypt HTTPS traffic.Fiddler.FiddlerApplication.Startup(8877, true, true);

Fiddler.FiddlerApplication.BeforeResponse += delegate(Fiddler.Session oS) { Console.WriteLine("{0}:HTTP {1} for {2}", oS.id, oS.responseCode, oS.fullUrl); }; // Call Shutdown to tell FiddlerCore to stop// listening and unregister as the system proxyFiddler.FiddlerApplication.Shutdown();

>>FUTURE

Built by Developers for Developers….

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.