{"id":309,"date":"2016-01-14T08:36:33","date_gmt":"2016-01-14T07:36:33","guid":{"rendered":"http:\/\/oso.com.pl\/?p=309"},"modified":"2016-01-14T08:42:32","modified_gmt":"2016-01-14T07:42:32","slug":"tester-toolbox-101-fiddler","status":"publish","type":"post","link":"https:\/\/oso.com.pl\/?p=309&lang=en","title":{"rendered":"Tester toolbox 101 – Fiddler"},"content":{"rendered":"

\"27windows-live-writer-announcing-the-new-fiddler-logo_efdd-image_3-png-png\"<\/a><\/p>\n

Fiddler<\/a>\u00a0is my favorite web debugging proxy.\u00a0It is Windows-only<\/a>, but in my opinion it justifies keeping a Windows VM just to be able to use it. What I do is I have a VMware Fusion or Oracle VM VirtualBox running on my Mac, with one of the Windows VMs dedicated to running Fiddler.<\/p>\n

See below for some of typical use cases of this tool.<\/p>\n

Disclaimer:\u00a0some steps described\u00a0below may affect your computer’s or network’s security. So be sure to know what you are doing.<\/em><\/p>\n

Monitor local applications<\/h3>\n

This\u00a0happens right out of the box. You may want to enable the HTTPS inspection as one of the first options after starting the tool:<\/p>\n

\"2016-01-04_0114\"<\/a><\/p>\n

Fiddler may prompt you to trust the certificate<\/a> it generated. It is required for HTTPS inspection.<\/p>\n

Fiddler2 requires additional steps<\/a> to monitor Metro-style apps. But with Fiddler4 all should just work automagically<\/em>.<\/p>\n

Monitor remote\u00a0applications<\/h3>\n

To monitor the traffic from other computers (like Mac) you need to allow remote computers to connect in Fiddler’s options:<\/p>\n

\"2016-01-04_0116\"<\/a><\/p>\n

Take a note of the port Fiddler listens on in the same options page (8888 in my case). The only other information you need is the IP address of the system running the proxy.\u00a0Then set the other computer to use this\u00a0IP and port as the proxy. Here’s how<\/a> to do it on Mac. At this point you should see all the remote traffic going through Fiddler.<\/p>\n

For HTTPS inspection from remote computers, remember to export the Fiddler’s root certificate and import it as a trusted Root CA on the remote computer. Otherwise you will get security prompts or your applications may refuse to contact their servers.<\/p>\n

\"2016-01-04_0131\"<\/a><\/p>\n

iOS and Android<\/h3>\n

The setup<\/a> here is similar to\u00a0the monitoring remote applications case – you need to allow remote computers to connect. Next,\u00a0install\u00a0the CertMaker for iOS and Android<\/a> add-on. After that you have to restart Fiddler. Once it comes back online – change your mobile device settings to use the Fiddler machine as proxy. Last, visit the\u00a0http:\/\/<Fiddler.machine.ipv4.address>:8888\/ page from your mobile device – and install the root certificate from this website.<\/p>\n

Modify\u00a0the traffic on the fly<\/h3>\n

FiddlerScript<\/a> is very powerful. One useful case might be simulating server errors.<\/p>\n

When I wanted to test whether my application handles server outages gracefully, I was adding rules\u00a0to OnBeforeResponse function that would fake service issue:
\noSession.oResponse.headers.HTTPResponseCode = 503;<\/code><\/p>\n

Troubleshooting<\/h3>\n

The one very common issue I have seen with Fiddler is that it may leave the proxy enabled on the local system, even if it is not running. It may not break some applications (Firefox maintains its own proxy settings, for example) but will affect others (IE, Chrome etc.). So if you see network-related issues when Fiddler is not running, check your Control Panel > Internet Options and disable the proxy if needed.<\/p>\n

\"2016-01-04_0133\"<\/a><\/p>\n

The add-ons<\/h3>\n

The list<\/a> just keeps going on. My favorites are:<\/p>\n