The Fiddler web sniffer software is one of several well-known HTTP debugging proxies. It works well, and the proxy nature of the sniffer makes it stand out among other web sniffing tools.
Fiddler2 is the version using the .NET 2.0 framework (now .NET 4.0), and we are reviewing this very Fiddler2 sniffer, though always mentioning it as simply ‘Fiddler’.

Overview

Once you start Fiddler, on the right side of the program there is an HTTP sessions list, showing all the HTTP traffic running through Fiddler as proxy. Choosing (clicking on) a particular session gives you the left side Session Inspector panel activation with all the attributes of the HTTP request and response available. Besides the Inspector, there are also the session Statistics tab, the Filter options tab, Composer for composing HTTP requests and more.

Automatic Setting by Fiddler for web sniffing

The Fiddler web debugger registers itself as the system proxy for Microsoft Windows Internet Services (WinINet), the HTTP layer API used by products under MS Windows. As the system proxy, all HTTP requests from WinINet flow through Fiddler before reaching the target web servers. Similarly, all HTTP responses flow through Fiddler before being returned to the client application. The HTTP process chain can be shown in this way: Client – Fiddler – Gateway – Web.

Features of the Fiddler sniffer

  1. Session Inspector displays the HTTP traffic pertaining to the particular session. The contents of a recorded web session for both request and response are: status, headers, caching, cookies, URLs, protocols, type of compression used, redirects and others.
  2. In addition, Fiddler allows varied filtering on captured traffic. Go to the Filter tab.
  3. Fiddler also profiles the performance of web applications. The Statistics tab gives the stats about a set of requests (just highlight them in the session list beforehand), such as the bytes sent/received, actual performance, response codes and more.
  4. Fiddler allows checking the compression level of the responses (Inspector tab -> responses down area -> Transformer sub-tab). So, through the Transformer one can examine and modify the compressed or chunked responses.
  5. The web sniffer makes possible archiving and playing back recorded traffic. This is applicable for other computers too, where saved sessions can be imported.
  6. Fiddler also shows the images loaded. In the response area choose the ImageView tab:

Fiddler to sniff HTTPS Traffic

To enable HTTPS traffic sniffing one needs to do a couple of steps:

  1. Configure Fiddler to Decrypt HTTPS Traffic. For ‘How to Enable HTTPS traffic decryption’, read here.
  2. Configure Windows Client to trust the Fiddler Root Certificate. To intercept HTTPS traffic, Fiddler generates a unique root certificate. Read the details here.

Fiddler configuring

For various Fiddler configuring options read here. Even A PHP/cURL application can be configured to send web traffic to Fiddler; read here.

Fiddler Add-ons and 3d party extensions

The Fiddler sniffer is not perfect for all environments, and so more functionality might be needed for the sniffer. Therefore some Add-ons have been written for Fiddler, some of which we mention below:

  • ‘CertMaker for iOS and Android’ add-on: causes iOS (through Virtual Machine) and Android devices to function with the certificates issued by Fiddler
  • JavaScript Formatter is a tool for formatting JavaScript
  • Content-Blocking add-on
  • FiddlerHook, the FireFox add-on: points FF at Fiddler for smoother configuring
  • Windows 8 AppContainer Loopback Utility provides additional configuration for Win 8 to work with Fiddler

The full list of add-ons and 3-d party utilities is here.

Conclusion

Fiddler is a good multi-function proxy web debugging tool. It is simple and behaves well for HTTP traffic capture, including HTTPS traffic. One of its outstanding features is that Fiddler issues its own Root Certificate Authority certificates for HTTPS debugging. The configuring of it is not difficult, so I can recommend it for web developers’ use.