Document

Download Report

Transcript Document 

Fiddler and Your Website
Robert Boedigheimer
About Me
•
•
•
•
•
Web developer since 1995
Columnist for aspalliance.com
Pluralsight Author
3rd Degree Black Belt, Tae Kwon Do
ASP.NET MVP
• http://aspadvice.com/blogs/robertb/
• [email protected]
• @boedie
www.devreach.com
HTTP
• HyperText Transfer Protocol
– http://www.ietf.org/rfc/rfc2068.txt
• Request/response paradigm
– Header and body
www.devreach.com
HTTP Request
GET http://devreach.com/ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://devreach.com/schedule/day/day-2
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: devreach.com
www.devreach.com
HTTP Response
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sun, 23 Sep 2012 23:11:52 GMT
Content-Length: 111261
<!DOCTYPE html>
…
www.devreach.com
What is Fiddler?
• Tracing tool built specifically for HTTP
• Recently acquired by Telerik
• Eric Lawrence (@ericlaw)
• http://fiddler2.com (free)
• C#
www.devreach.com
How Does Fiddler Work?
• Proxy
• Adjusts browser’s proxy configuration
to intercept traffic
www.devreach.com
Why Use Fiddler?
• Troubleshoot problems
• Performance review
– Visualize page requests (timeline)
•
•
•
•
Site review
Security testing
Periodic site reviews
Learn how things work
www.devreach.com
Web Sessions
• Web Session – single request and
response
•
•
•
•
Mark, Comment, Screenshot
Properties
Compare sessions
Search
www.devreach.com
Decrypt SSL Traffic
• Fiddler is “Man in the Middle”
• Off by default, turn on in “Fiddler
Options -> HTTPS -> Decrypt HTTPS
Traffic”
www.devreach.com
Filters
• Can save and load filters
• Show and hide sessions
• Block
– Images, scripts, CSS
• Help -> Troubleshoot Filters
www.devreach.com
Composer
• How Fiddler got its name… Can
“fiddle” with requests
– Create manually
– Easier to make a request, drag to
composer, modify as desired
• Breakpoints
– Interrupt for specific request or response
– Opportunity to modify request or response
www.devreach.com
AutoResponder
• Since fiddler is a proxy, it can return information
without actually contacting the web server
• Rules
– Used in order
– Literals, regular expressions, exact matches
– Actions
• Specific status codes
• Files
• Other URLs
• “Unmatched requests passthrough”
www.devreach.com
Trace Devices
• Works for devices and platforms where
can’t run Fiddler
• Configure client’s proxy with IP address
and port on Windows machine
• “Reverse Proxy”
– http://tinyurl.com/859dc4e
www.devreach.com
Trace Services
• Web.config <defaultProxy>
• Web Service (.asmx)
– .Proxy setting
• WCF Service
– Configure Endpoints
www.devreach.com
Common Issues
• Limited processes
• File -> Capture Traffic
• No proxy set
• Browser does not automatically support
using “localhost” or “127.0.0.1”
– ipv4.fiddler, ipv6.fiddler
www.devreach.com
Fiddler Script
• Intercept and modify traffic
• JScript.NET
• Common functions
– OnBeforeResponse( )
– OnBeforeRequest( )
– OnExecAction( )
www.devreach.com
Fiddler Extensions
• Syntax Highlighting
– Color code syntax for HTML, JavaScript, and CSS
• JavaScript Formatter
– Nicely format and un-minify
• Content Blocker
– Use to test what happens if firewall blocked, down, etc
• Gallery
– See thumbnails of all selected sessions that contain
images
• Can write your own
www.devreach.com
FiddlerCap
• Non-technical people can perform
captures, developer can read in Fiddler
– Download and install
(http://www.fiddlercap.com)
– Step 1, start capture
– Step 2, stop capture
– Step 3, save capture
www.devreach.com
Miscellaneous
•
•
•
•
•
Save raw files
Encrypt .saz files
Fiddler.exe -viewer archiveName.saz
Text Wizard for conversions
HTTP Sandbox
(http://www.fiddler2.com/sandbox/)
• Custom Inspectors
• Fiddler Core
• QuickExec
www.devreach.com
Resources
• Pluralsight Course – Fiddler
– http://tinyurl.com/78pbozy
• http://www.fiddler2.com
• “Debugging with Fiddler: The complete
reference from the creator of the Fiddler Web
Debugger” (http://tinyurl.com/6vx6wnc)
• @ericlaw, Eric Lawrence
www.devreach.com
Thank you!
@boedie
blogs.aspadvice.com/robertb
[email protected]
Robert Boedigheimer