Abhishek Basavaraj

How to analyze requests/response using a proxy - Fiddler

Blog Post created by Abhishek Basavaraj Employee on Jun 9, 2015

What is Fiddler?

 

Fiddler is a Web Debugging Proxy which logs all HTTP traffic between your computer and the Internet. Fiddler is a freeware and it is  used to inspect and debug traffic from virtually any application that supports a proxy/IE/FF/Chrome/Opera etc

 

Fiddler is a web proxy, it can be used on any application or device that can talk to a proxy

 

How Fiddler works:

Screen Shot 2015-06-09 at 9.30.42 PM.png

 

Traffic Capturing:

Open any browser and GoTo the website you want to capture traffic for. EX: www.google.com - In the lower left corner of the below screenshot, you will see "Capturing," which means that it is recording HTTP traffic. To toggle recording on and off, you can click the Capturing label

 

Below is Fiddler UI

Screen Shot 2015-06-09 at 9.32.25 PM.png


If the screen ever gets too cluttered to work with, you can select the web sessions and right click to get the menu, you can choose Remove Selected sessions to make sure the selected web sessions have been deleted from the display. Each line on the left represents an HTTP connection that was made. By selecting a line, you can inspect its contents. Make sure that Decode at the top of the screen is selected so that any compressed HTTP traffic is showed decompressed. Look to the right half of the screen for the details.

 

Web Session Pane:

Below is a screenshot of Web session Pane where we get the info of each HTTP request response made to the server.

Screen Shot 2015-06-09 at 9.35.26 PM.png

Key fields: You can drag the important fields to left or to right of the pane. Brief on some Key fields – Most of them are self explanatory

Screen Shot 2015-06-09 at 9.36.09 PM.png

    # - An ID of the request generated by Fiddler for your convenience

    Result - The Result code from the HTTP Response

    Protocol - The Protocol (HTTP/HTTPS/FTP) used by this session

    Host - The host name of the server to which the request was sent

    URL - The path and file requested from the server

    Body - The number of bytes in the Response body

    Caching - Values from the Response's Expires or Cache-Control headers

    Process - The local Windows Process from which the traffic originated

    Content-Type - The Content-Type header from the Response

    IP – The  IP address of the server

 

Different modules to understand each HTTP request/response:

On the top right corner, you see a window pane with many tabs – These tabs provide particular info about the web session selected.

 

Statistics: The first tab on the right pane – this tab gives info on the selected web sessions like Overall request count/bytes received etc.

Screen Shot 2015-06-09 at 9.38.23 PM.png

Inspectors:

Another important tab called Inspectors - it visualizes requests or response content in meaningful ways.

 

Screen Shot 2015-06-09 at 9.39.10 PM.png

Request Inspectors

Headers—Shows request headers and status.

TextView—Shows the request body in a text box.

HexView—Shows the request body in a hexadecimal view.

XML—Shows the request body as an XML DOM in a tree view.

Response Inspectors

Transformer—Removes GZip, DEFLATE, and CHUNKED encodings for easier debugging.

Headers—Shows response headers and status.

TextView—Shows the response body in a text box.

HexView—Shows the response body in a hexadecimal view.

ImageView—Shows the response body as an Image. Supports all .NET image formats.

XML—Shows the response body as an XML DOM in a tree view.

 

Host Remapping: You can spoof your hostname to an IP/hostname – Click on Tools->Hosts

 

Screen Shot 2015-06-09 at 9.40.15 PM.png


Capturing HTTPS Traffic: Click on Tools->Fiddler Options-> HTTPS Tab and Checkbox enable on Capture HTTPS Connects and Decrypt HTTPs traffic

Screen Shot 2015-06-09 at 9.41.20 PM.png

Quick Check Tips:

 

Caching: In inspectors tab, clicking on "Headers" tab - we can get the info for request and response headers. PFB the screenshot to validate if the object was cached.

Screen Shot 2015-06-09 at 9.42.07 PM.png

Compression:

Click on a web session for which you want to check if the response was compressed or not. Do not decode the web session as it will uncompress the response.

Screen Shot 2015-06-09 at 9.42.49 PM.png

Outcomes