fiddler - Dave's Blog


Retweet of ericlaw

1 day ago
For the second time today, I've added a new feature to Fiddler only to discover it was already there.

David_Risney: Just put up CSP Fiddler extension to help figure out minimum required CSP rules for web pages.

Jan 24, 5:32
David Risney @David_Risney :
Just put up CSP Fiddler extension … to help figure out minimum required CSP rules for web pages.

The Fiddler Book: "Debugging with Fiddler: The official reference from the developer of Fiddler"

2012 Jun 23, 9:19

THE Fiddler Book straight from the source, EricLaw - the developer of Fiddler!

Fiddler is a wonderful tool with never ending extensibility. With this book I shall master it!

PermalinkCommentstechnical programming book ericlaw fiddler http

Show request's timestamp in Fiddler? - Stack Overflow

2012 Jan 13, 2:33PermalinkCommentstechnical fiddler http debug tool timestamp

Glimpse of the future: Fiddler and HTML5 WebSockets

2011 Nov 24, 5:00PermalinkCommentstechnical fiddler websockets html5

WPAD Server Fiddler Extension Update v1.0.1

2011 Jun 12, 3:34
As it turns out the WPAD Server Fiddler Extension I made a while back actually has a non-malicious purpose. Apparently its useful for debugging HTTP on the WP7 phone (or so I'm told). Anyway I took some requests and I've fixed a few minor bugs (start button not updating correctly), changed the dialog to be a Fiddler tab so you can use it non-modally, and the WPAD server is now always off when Fiddler starts.
PermalinkCommentsextension fiddler technical update wpad

Capturing HTTPS with FiddlerCore

2011 Apr 6, 10:00

I used FiddlerCore in GeolocMock to edit HTTPS responses and ran into two stumbling blocks that I'll document here. The first is that I didn't check if the Fiddler root cert existed or was installed, which of course is necessary to edit HTTPS traffic. The following is my code where I check for the certs.

    if (!Fiddler.CertMaker.rootCertExists())
if (!Fiddler.CertMaker.createRootCert())
throw new Exception("Unable to create cert for FiddlerCore.");

if (!Fiddler.CertMaker.rootCertIsTrusted())
if (!Fiddler.CertMaker.trustRootCert())
throw new Exception("Unable to install FiddlerCore's cert.");

The second problem I had (which would have been solved had I read all the sample code first) was that my changes weren't being applied. In my app I only need the BeforeResponse but in order to modify the response I must also sign up for the BeforeRequest event and mark the bBufferResponse flag on the session before the response comes back. For example:

    Fiddler.FiddlerApplication.BeforeRequest += new SessionStateHandler(FiddlerApplication_BeforeRequest);
Fiddler.FiddlerApplication.BeforeResponse += new SessionStateHandler(FiddlerApplication_BeforeResponse);
private void FiddlerApplication_BeforeRequest(Session oSession)
if (IsInterestingSession(oSession))
oSession.bBufferResponse = true;
PermalinkCommentshttp fiddler technical https geolocmock programming fiddlercore

GeolocMock Tool - Tell IE9 Where You Are

2011 Apr 3, 12:00

I've made GeolocMock. If your PC has no geolocation devices, IE9 uses a webservice to determine your location. GeolocMock uses FiddlerCore to intercept the response from the webservice and allows the user to replace the location in the response with another. This was a fun weekend project in order to play with FiddlerCore, the W3C Geoloc APIs in IE9, hosting the IE9 WebOC in a .NET app, and the Bing Maps APIs.

PermalinkCommentsfiddler technical geoloc ie9 fiddlercore

DVD Ripping and Viewing in Windows Media Center

2010 Aug 17, 3:05

I've just got a new media center PC connected directly to my television with lots of HD space and so I'm ripping a bunch of my DVDs to the PC so I don't have to fuss with the physical media. I'm ripping with DVD Rip, viewing the results in Windows 7's Windows Media Center after turning on the WMC DVD Library, and using a powershell script I wrote to copy over cover art and metadata.

My powershell script follows. To use it you must do the following:

  1. Run Windows Media Center with the DVD in the drive and view the disc's metadata info.
  2. Rip each DVD to its own subdirectory of a common directory.
  3. The name of the subdirectory to which the DVD is ripped must have the same name as the DVD name in the metadata. An exception to this are characters that aren't allowed in Windows paths (e.g. <, >, ?, *, etc)
  4. Run the script and pass the path to the common directory containing the DVD rips as the first parameter.
Running WMC and viewing the DVD's metadata forces WMC to copy the metadata off the Internet and cache it locally. After playing with Fiddler and reading this blog post on WMC metadata I made the following script that copies metadata and cover art from the WMC cache to the corresponding DVD rip directory.

Download copydvdinfo.ps1

PermalinkCommentspowershell wmc technical tv dvd windows-media-center

Access Hulu from Outside the U.S. Without a Proxy Server

2010 Jul 12, 7:11How to get around Hulu's physical location filtering: Use something like Fiddler to add the X-Forwarded-For header that HTTP proxies with an IP address associated with a phyiscal location you desire and block your port 1935 which Flash uses for RTMP (see proxy security tv howto technical

WPAD Server Fiddler Extension

2010 Jan 5, 7:42

I've made a WPAD server Fiddler extension and in a fit of creativity I've named it: WPAD Server Fiddler Extension.

Of course you know about Fiddler, Eric's awesome HTTP debugger tool, the HTTP proxy that lets you inspect, visualize and modify the HTTP traffic that flows through it. And on the subject you've probably definitely heard of WPAD, the Web Proxy Auto Discovery protocol that allows web browsers like IE to use DHCP or DNS to automatically discover HTTP proxies on their network. While working on a particularly nasty WPAD bug towards the end of IE8 I really wished I had a way to see the WPAD requests and responses and modify PAC responses in Fiddler. Well the wishes of me of the past are now fulfilled by present day me as this Fiddler extension will respond to WPAD DHCP requests telling those clients (by default) that Fiddler is their proxy.

When I started working on this project I didn't really understand how DHCP worked especially with respect to WPAD. I won't bore you with my misconceptions: it works by having your one DHCP server on your network respond to regular DHCP requests as well as WPAD DHCP requests. And Windows I've found runs a DHCP client service (you can start/stop it via Start|Run|'services.msc', scroll to DHCP Client or via the command line with "net start/stop 'DHCP Client'") that caches DHCP server responses making it just slightly more difficult to test and debug my extension. If a Windows app uses the DHCP client APIs to ask for the WPAD option, this service will send out a DHCP request and take the first DHCP server response it gets. That means that if you're on a network with a DHCP server, my extension will be racing to respond to the client. If the DHCP server wins then the client ignores the WPAD response from my extension.

Various documents and tools I found useful while working on this:

PermalinkCommentsproxy fiddler http technical debug wpad pac tool dhcp

Get cached images from your visitors | Diovo

2009 Dec 15, 2:01"Jeff Atwood (Coding Horror fame) was in for a horror when he realized that his server crashed and his data was gone and due to some reason, the backup mechanism was not working. ... So what should Jeff do now? Since Coding horror is a high traffic blog, I think there is a way to get back at least some of the images." Reconstruct the HTML from Google's cache, change the HTTP server to tell the client it has the correct cached image for all the images, add script to the HTML to grab the images and send them back. Awesome idea. Of course now I want to setup Fiddler to swap in random images...PermalinkCommentsvia:ericlaw jeff-atwood backup web http cache image javascript technical

Become a Web Debugging Virtuoso with Fiddler :: Sessions :: Microsoft PDC09

2009 Nov 19, 3:32Eric's talk at PDC on Fiddler.PermalinkCommentshttp eric-lawrence fiddler pdc video proxy microsoft windows debug debugger technical

HTTP Tracing - Export Format - Firebug Working Group | Google Groups

2009 Aug 31, 4:22"This document is intended to describe a HTTP Archive format that should be used when exporting data from Firebug Net panel. The current version of the format isn't finalized and is open for further proposals."PermalinkCommentshttp fiddler debug format firebug technical via:mnot

Creating Accelerators for Other People's Web Services

2009 Aug 18, 4:19

Before we shipped IE8 there were no Accelerators, so we had some fun making our own for our favorite web services. I've got a small set of tips for creating Accelerators for other people's web services. I was planning on writing this up as an IE blog post, but Jon wrote a post covering a similar area so rather than write a full and coherent blog post I'll just list a few points:

PermalinkCommentstechnical accelerator ie8 ie

Netflix CSRF - Stolen Thoughts

2009 May 3, 10:36

Looking at the HTTP traffic of Netflix under Fiddler I could see the HTTP request that added a movie to my queue and didn't see anything obvious that would prevent a CSRF. Sure enough its pretty easy to create a page that, if the user has set Netflix to auto-login, will add movies to the user's queue without their knowledge. I thought this was pretty neat, because I could finally get people to watch Primer. However, when I searched for Netflix CSRF I found that this issue has been known and reported to Netflix since 2006. Again my thoughts stolen from me and the theif doesn't even have the common decency to let me have the thought first!

With this issue known for nearly three years its hard to continue calling it an issue. Really they should just document it in their API docs and be done with it. Who knows what Netflix based web sites and services they'll break if they try to change this behavior? For instance, follow this link to add my Netflix recommended movies to your queue.

PermalinkCommentstechnical stolen-thoughts csrf netflix security

XSLT Meddler Script

2008 Nov 9, 11:25

I've made an XSLT Meddler script in my continued XSLT adventures. Meddler is a simple and easy web server that runs whatever JScript.NET code you give it. I wrote a script that takes an indicated XSLT on the server, downloads an indicated XML from the Internet and returns the result of running that XML through the XSLT. This is useful when you want to work with something like the Zune software or IE7's feed platform which only reads feeds over the HTTP protocol. I'll give more interesting and specific examples of how this could be useful in the future.

PermalinkCommentsmeddler technical xml script xslt

Ad Blocking built into IE7

2007 Sep 11, 2:55There's been some news recently on some guy hating on FireFox for its ad-blocking.

On a similar note here's a fun tip for IE7 users I got from Eric. You can get decent ad-blocking in IE7 by putting ad servers in the restricted zone. By default script inclusion is blocked between different zones so you can put domains that serve up ads in your restricted zone after which, normal internet zone sites won't be able to include script from them. This covers most of the ads I run into these days.

I use Fiddler to figure out the domains that are serving up ads which incidentally also has an ad-blocking^H^H^H^H general purpose content blocking plugin. Here's a screenshot of Slashdot and ArsTechnica from my browser. Notice the large blank areas in the screenshots:
PermalinkCommentsad-blocking personal ad ie7 technical browser tip ie

HTTP Vocabulary in RDF

2007 Mar 15, 11:59An RDF vocab for describing HTTP. Eric should really be using this in Fiddler...PermalinkCommentshttp ontology rdf semanticweb xml

Software Development With Scott: Using Fiddler as an HTML Testing Tool

2007 Mar 5, 2:13Scott uses Fiddler to automatically inject a report on HTML errors into webpages as you visit them.PermalinkCommentsfiddler tool hack html standard software blog article
Older Entries Creative Commons License Some rights reserved.