Introduction to using Fiddler for monitoring HTTP(s) requests.

Introduction to Fiddler

Fiddler is a web debugging proxy that logs all HTTP(s) traffic between your client machine and a server. It allows you to inspect the HTTP requests and responses in the raw format that in which is it sent and received.

It's also used for performance testing, session manipulation, security testing and can even be used to act as a reverse proxy allowing you to inspect traffic between the web and your phone / tablet / IoT device.

As part of this introduction, we'll only be focusing on the following:

• Installing Fiddler
• Configuring Fiddler
• Filtering logs
• Sending requests
• Inspecting:
  • Requests
  • Responses

Installing Fiddler

In your web browser, navigate to:
https://www.telerik.com/download/fiddler

Fill the form, accept the license, download and install.

Alternatively, you can download directly from here too:
https://telerik-fiddler.s3.amazonaws.com/fiddler/FiddlerSetup.exe

Configuring Fiddler

When Fiddler is first executed, it will pop up windows concerning WinConfig containers, don't worry about it for now and opt out, its outside of the scope of this introduction.

Once the popups have been dealt with you should be seeing something like this:

The first thing we need to do is enable logging for HTTPS traffic, Fiddler will not do that out of the box as it needs to have its root certificate trusted and till then will ignore all HTTPS traffic, so to enable it, click on the following top menu:

Tools > Options

Click on the HTTPS tab.

Click on the Decrypt HTTPS traffic check box

You will receive a pop up asking you whether you wish to trust the Fiddler Root certificate, click Yes . Fiddler decrypts HTTPS sessions by re-signing traffic using the certificate its asking you to trust, without which it wont work.

After clicking on YES` to all the pop ups that follow regarding the certificate, on the HTTPS tab there's a section called Protocols , click on the existing protocols and append tls1.1;tls1.2; .

Once everything has been configured, it should look like this.

Thats it, we can now close the Options window.

Filtering logs (optional)

As you'll notice, Fiddler logs everything , and it can get difficult to keep track of what it is you're attempting to track and debug in the first place because of it.

To filter out all the noise, we use something called "Filters", I've pointed out where you can locate it below.

Once you're on the Filters tab, click on Use Filters , then on the drop down menu -No Host Filter- , select Show only the following Hosts

Enter the following into the text box below it.

*.example.com

The Filters tab should now look like this.

Next you need to click on the Actions button in the top right corner and click on Run filter set now

From here on, only request to the example.com domain and subdomains will be present in our logs.

Inspecting

Open up your favourite browser, and simply navigate to example.com

You'll see the requests sent to example.com in the section containing list of sessions, (the left pane)

After selecting one of those sessions, click on Inspectors tab, then the Raw tabs, as highlighted below with the red arrows.

And thats all there is to get started with Fiddler.

If there's anything I've missed or you're experiencing any trouble following the article, please leave a comment below.