2009 Aug 31, 4:22"This document is intended to describe a HTTP Archive format that should be used when exporting data from Firebug Net panel. The current version of the format isn't finalized and is open for
further proposals."
http fiddler debug format firebug technical via:mnot 2009 Aug 18, 4:19
Before we shipped IE8 there were no Accelerators, so we had some fun making our own for our favorite web services. I've got a small set of tips for creating Accelerators for other people's web
services. I was planning on writing this up as an IE blog post, but Jon wrote a post covering a
similar area so rather than write a full and coherent blog post I'll just list a few points:
- The first thing to try is looking for developer help for the web service, specifically if there's a REST-ful URL based API. For example, Bing Maps has great URL API documentation that would be enough to
create an Accelerator.
- The Accelerator XML is very similar to HTML forms. If you can find an HTML form for the web service for which you want to create an Accelerator, you can view the HTML source and create an
Accelerator based on that.
- I created the FormToAccelerator extension based on the previous idea. You can
use the extension to create an Accelerator from an HTML form, or just use it to create the start of one and edit it manually after.
- If the page doesn't use an HTML form, you can start up an HTTP debugger like Fiddler, use the web service from the normal web
page, and then in Fiddler see if you can find a REST-ful looking URL you can use.
- When looking to create a preview for your Accelerator, see if the web page for the web service has a mobile version or a version that's intended to embed in other web pages via an iframe. On
this same line, iPhone apps make great Accelerators usually with lovely previews.
- If there's no mobile or embeddable version and the only thing wrong with the normal web page for the web service is that the useful information doesn't fit in the preview window then see if you
can find an HTML tag with a name or id near the useful information, and stick a '#' fragment pointing to that tag onto the preview URL template.
- Without a reasonable REST-ful API you can use a combination of Google's "site:" and "I'm Feeling Lucky" to find the most relevant page on a particular site.
- The value of a name and value pair need not consist of only a single Accelerator variable. You can get creative and put other text in there. For instance, I implemented a Google currency conversion by setting the query to "{selection} in US Dollars".
technical accelerator ie8 ie 2009 May 3, 10:36
Looking at the HTTP traffic of Netflix under Fiddler I could see the HTTP request that added a movie to my queue and didn't see anything obvious that would
prevent a CSRF. Sure enough its pretty easy to create a page that, if the user has set Netflix to auto-login, will add movies to the user's queue without their knowledge. I thought this was pretty
neat, because I could finally get people to watch Primer. However, when I searched for Netflix CSRF I found that this issue has been known and reported to Netflix since 2006. Again my thoughts stolen from me and the
theif doesn't even have the common decency to let me have the thought first!
With this issue known for nearly three years its hard to continue calling it an issue. Really they should just document it in their API docs and be
done with it. Who knows what Netflix based web sites and services they'll break if they try to change this behavior? For instance, follow this link to add my Netflix recommended movies to your queue.
technical stolen-thoughts csrf netflix security 2008 Nov 9, 11:25
I've made an XSLT Meddler script in my continued
XSLT adventures. Meddler is a simple and easy web server that runs whatever JScript.NET code you give it. I wrote a script that takes an indicated
XSLT on the server, downloads an indicated XML from the Internet and returns the result of running that XML through the XSLT. This is useful when you want to work with something like the Zune
software or IE7's feed platform which only reads feeds over the HTTP protocol. I'll give more interesting and specific examples of how this could be useful in the future.
meddler technical xml script xslt 2007 Sep 11, 2:55There's been
some news recently on some guy hating on FireFox for its ad-blocking.
On a similar note here's a fun tip for IE7 users I got from Eric. You can get decent ad-blocking in IE7 by putting ad servers in the restricted zone. By default script inclusion is blocked between
different zones so you can put domains that serve up ads in your restricted zone after which, normal internet zone sites won't be able to include script from them. This covers most of the ads I run
into these days.
I use
Fiddler to figure out the domains that are serving up ads which incidentally also has an ad-blocking^H^H^H^H general purpose content blocking plugin. Here's
a screenshot of Slashdot and ArsTechnica from my browser. Notice the large blank areas in the screenshots:
ad-blocking personal ad ie7 technical browser tip ie 2007 Mar 15, 11:59An RDF vocab for describing HTTP. Eric should really be using this in Fiddler...
http ontology rdf semanticweb xml 2007 Mar 5, 2:13Scott uses Fiddler to automatically inject a report on HTML errors into webpages as you visit them.
fiddler tool hack html standard software blog article 2006 Nov 27, 11:23Fiddler2 is a free tool that lets you view and fiddle with HTTP and now HTTPS traffic! Supports automated modification of traffic using javascript as well as manual modification using breakpoints.
Very cool tool.
eric-lawrence tool tools free internet http debugger debug fiddler fiddler2 microsoft proxy 2005 Apr 10, 12:52A great debugging tool from Mr. Eric Lawrence himself
http development ie security tools web eric-lawrence fiddler