FIDDLERPERFORMANCE/STRESS TESTING

TOOL

COORDINATOR: PRESENTED BY:

DR. ANOJ KUMAR HIMANI CHAUHAN

CSED,MNNIT ALLAHABAD

TABLE OF CONTENT

• WHY WE SELECT FIDDLER

• WHAT IS FIDDLER

• WHAT CAN FIDDLER DO

• KEY FEATURES

• HOW DOES IT WORK

• WEB SESSIONS

• INSPECTORS

• STATICS

• TIMELINE

WHY WE SELECT FIDDLER

• WORKS WITH ALMOST ANY HTTP CLIENT NOT JUST FIREFOX AND IE

• CAN INTERCEPT TRAFFIC FROM CLIENTS ON NON-WINDOWS PLATFORMS, E.G.

MOBILE DEVICES

• SUPPORTS PLUGINS TO ADD EXTRA FUNCTIONALITY

• IT WILL PROVIDE SPECIFIC DATA ABOUT ALL THE INTERNET TRAFFIC THAT GOES

THROUGH TO THE PC.

• ITS USER INTERFACE IS KNOWN TO MAKE IT EASY TO MONITOR HTTP REQUESTS.

WHAT IS FIDDLER

• FIDDLER IS A WEB DEBUGGING TOOL WHICH LOGS ALL HTTP(S) TRAFFIC

BETWEEN YOUR COMPUTER AND THE INTERNET.

• FIDDLER ALLOWS YOU TO INSPECT TRAFFIC, SET BREAKPOINTS, AND "FIDDLE"

WITH INCOMING OR OUTGOING DATA.

• FIDDLER IS FREEWARE AND CAN DEBUG TRAFFIC FROM VIRTUALLY ANY

APPLICATION THAT SUPPORTS A PROXY, INCLUDING INTERNET EXPLORER,

GOOGLE CHROME, MOZILLA FIREFOX, OPERA, AND THOUSANDS MORE.

FIDDLER IS…

• AN HTTP DEBUGGER

• WRITTEN IN .NET2/3.5

• EXTENSIBLE

• FREE OF CHARGE

• A MUST TOOL FOR EVERY WEB DEVELOPER

WHAT CAN FIDDLER DO?

• TRACK HTTP/HTTPS TRAFFIC

• INSPECT MESSAGE CONTENT

• MANIPULATE REQUESTS AND RESPONSES

• EXPORT WEB SESSIONS FOR LATER INSPECTION

• OFFER EXTENSIBILITY THROUGH SCRIPT AND CODE

KEY FEATURES

• WEB DEBUGGING

• WEB SESSION MANIPULATION

• PERFORMANCE TESTING

• SECURITY TESTING

• HTTP/HTTPS TRAFFIC RECORDING

• CUSTOMIZING FIDDLER

HOW DOES IT WORK?

WATCHING TRAFFIC

• WEB SESSIONS

• STATISTICS

• INSPECTORS

• TIMELINE

LET’S GET STARTED WITH FIDDLER

WEB SESSIONS

KEY INFORMATION

• # - AN ID# OF THE REQUEST GENERATED BY FIDDLER FOR YOUR CONVENIENCE

• RESULT - THE RESULT CODE FROM THE HTTP RESPONSE

• PROTOCOL - THE PROTOCOL (HTTP/HTTPS/FTP) USED BY THIS SESSION

• HOST - THE HOSTNAME OF THE SERVER TO WHICH THE REQUEST WAS SENT

• URL - THE PATH AND FILE REQUESTED FROM THE SERVER

• BODY - THE NUMBER OF BYTES IN THE RESPONSE BODY

CONTINUED...

• CACHING - VALUES FROM THE RESPONSE'S EXPIRES OR CACHE-CONTROL

HEADERS

• PROCESS - THE LOCAL WINDOWS PROCESS FROM WHICH THE TRAFFIC

ORIGINATED

• CONTENT-TYPE - THE CONTENT-TYPE HEADER FROM THE RESPONSE

• CUSTOM - A TEXT FIELD YOU CAN SET VIA SCRIPTING

• COMMENTS - A TEXT FIELD YOU CAN SET FROM SCRIPTING OR THE SESSION'S

CONTEXT MENU

CHECK STATISTICS OF THE REQUEST

STATISTICS(CONT…)

CHART VIEW

CHECK FIDDLER INSPECTORS

REQUEST INSPECTORS

• HEADERS—SHOWS REQUEST HEADERS AND STATUS.

• TEXT VIEW—SHOWS THE REQUEST BODY IN A TEXT BOX

• HEX VIEW—SHOWS THE REQUEST BODY IN A HEXADECIMAL VIEW.

• XML—SHOWS THE REQUEST BODY AS AN XML DOM IN A TREE VIEW.

RESPONSE INSPECTORS

• TRANSFORMER—REMOVES ZIP, DEFLATE, AND CHUNKED ENCODINGS FOR EASIER DEBUGGING.

• HEADERS—SHOWS RESPONSE HEADERS AND STATUS.

• TEXT VIEW—SHOWS THE RESPONSE BODY IN A TEXT BOX.

• HEX VIEW—SHOWS THE RESPONSE BODY IN A HEXADECIMAL VIEW.

• IMAGE VIEW—SHOWS THE RESPONSE BODY AS AN IMAGE. SUPPORTS ALL .NET IMAGE FORMATS.

RESPONSE HEADER(IMAGE VIEW)

TIMELINE

TRAFFIC COMPARISON

• ONE LITTLE KNOWN AWESOME FEATURE OF WEB SESSIONS IS THE ABILITY TO

COMPARE TWO SESSIONS. TO COMPARE TWO SESSIONS SELECT THEM IN THE

WEB SESSIONS PANE, RIGHT CLICK AND CHOOSE 'COMPARE' ITEM FROM THE

MENU.

COMPARE SESSION MENU

COMPARE SESSION RESULT

FIDDLER AND HTTPS

• HTTPS IS SECURED BETWEEN TWO MACHINES

• ACTS AS A MAN-IN –THE-MIDDLE

• GENERATE CERTIFICATE FOR MACHINES ON THE FLY

• FIDDLER SUPPORTS CLIENT CERTIFICATES FOR AUTHENTICATION

• FIDDLER USES A HACKING TECHNIQUE CALLED MAN-IN-THE-MIDDLE ATTACK

TO DECRYPT HTTPS TRAFFIC:

LOCATING SPECIFIC TRAFFIC

• MARKING SESSIONS MANUALLY

• FILTER BY APPLICATION TYPE/PROCESS

• FIND SESSIONS DIALOG

• FLAGGING SPECIAL REQUESTS

MARK SESSIONS TO VIEW LATER ON

FIND OPTION

FILTER

SUMMARY

• FIDDLER IS A WEB DEBUGGING TOOL

• IT ALLOWS YOU TO WATCH HTTP TRAFFIC USING WEB SESSIONS AND COMPARE

TWO SESSIONS

• IT SHOWS YOU STATISTICS ABOUT THE SELECTED SESSIONS

• YOU CAN INSPECT REQUESTS AND RESPONSES USING INSPECTORS

• IT CAN DECRYPT HTTPS TRAFFIC USING THE MAN-IN-THE-MIDDLE ATTACK

REFERENCES

• FIDDLER TUTORIAL

• FIDDLER LECTURE OF IDO FLATOW

• FIDDLER QUICK START GUIDE

• WWW.FIDDLER2.COM

THANK YOU !!!