debugging the web with fiddler
TRANSCRIPT
![Page 1: Debugging the Web with Fiddler](https://reader036.vdocuments.site/reader036/viewer/2022062412/586f72db1a28ab10258b554f/html5/thumbnails/1.jpg)
Debugging the Web with Fiddler
Ido FlatowSenior Architect
Microsoft MVP & RD Sela Group
![Page 2: Debugging the Web with Fiddler](https://reader036.vdocuments.site/reader036/viewer/2022062412/586f72db1a28ab10258b554f/html5/thumbnails/2.jpg)
Meet Fiddler…
![Page 3: Debugging the Web with Fiddler](https://reader036.vdocuments.site/reader036/viewer/2022062412/586f72db1a28ab10258b554f/html5/thumbnails/3.jpg)
Application Network APIs Proxy Website
What is Fiddler?
![Page 4: Debugging the Web with Fiddler](https://reader036.vdocuments.site/reader036/viewer/2022062412/586f72db1a28ab10258b554f/html5/thumbnails/4.jpg)
Fiddler Facts• A proxy server• An HTTP/HTTPS Sniffer • An HTTP Debugger• Written in .NET / Mono• A free utility (for now, cross your fingers)• An extensible application• A must tool for web developers
• Unfortunately, it doesn’t make coffee!
![Page 5: Debugging the Web with Fiddler](https://reader036.vdocuments.site/reader036/viewer/2022062412/586f72db1a28ab10258b554f/html5/thumbnails/5.jpg)
How Fiddler Works…
Internet Explorer WinINET
Office
CryptoAPI WinHTTP
Fiddler
Firefox
Upstream Proxy Web Site
Firewall
![Page 6: Debugging the Web with Fiddler](https://reader036.vdocuments.site/reader036/viewer/2022062412/586f72db1a28ab10258b554f/html5/thumbnails/6.jpg)
Fiddler by Scenarios
Traffic Inspection
PerformanceTuning
DebuggingTesting
![Page 7: Debugging the Web with Fiddler](https://reader036.vdocuments.site/reader036/viewer/2022062412/586f72db1a28ab10258b554f/html5/thumbnails/7.jpg)
Scenario: Inspecting Traffic
![Page 8: Debugging the Web with Fiddler](https://reader036.vdocuments.site/reader036/viewer/2022062412/586f72db1a28ab10258b554f/html5/thumbnails/8.jpg)
Fiddler to the Rescue• Browsers (Static sites, ASP.NET, J2EE, PHP)• Desktop applications that use HTTP• Web services• Phone emulators• Any device that supports
a proxy server ( )
![Page 9: Debugging the Web with Fiddler](https://reader036.vdocuments.site/reader036/viewer/2022062412/586f72db1a28ab10258b554f/html5/thumbnails/9.jpg)
The Sessions List
Sequence and color coding
Caching information
Origin process
Manual commentsResponse size
![Page 10: Debugging the Web with Fiddler](https://reader036.vdocuments.site/reader036/viewer/2022062412/586f72db1a28ab10258b554f/html5/thumbnails/10.jpg)
Inspectors• See the content of messages (requests & responses)• View both headers and body• Transform content to viewable form XML, Image, JSON, JavaScript, Binary• Create your own inspectors
![Page 11: Debugging the Web with Fiddler](https://reader036.vdocuments.site/reader036/viewer/2022062412/586f72db1a28ab10258b554f/html5/thumbnails/11.jpg)
Inspectors, Now with Web Sockets
![Page 12: Debugging the Web with Fiddler](https://reader036.vdocuments.site/reader036/viewer/2022062412/586f72db1a28ab10258b554f/html5/thumbnails/12.jpg)
Filter by…
By process type
By specific process
By host
By process name/PID/svchost
By URL
By status code
By MIME or size
QuickExec
![Page 13: Debugging the Web with Fiddler](https://reader036.vdocuments.site/reader036/viewer/2022062412/586f72db1a28ab10258b554f/html5/thumbnails/13.jpg)
Fiddler and HTTPS• Fiddler acts as a “machine-in-the-middle”• Generates certificates for web sites on-the-fly• Supports excluding sensitive HTTPS sites• Basic support for client certificates
![Page 14: Debugging the Web with Fiddler](https://reader036.vdocuments.site/reader036/viewer/2022062412/586f72db1a28ab10258b554f/html5/thumbnails/14.jpg)
Scenario: Performance Tuning
![Page 15: Debugging the Web with Fiddler](https://reader036.vdocuments.site/reader036/viewer/2022062412/586f72db1a28ab10258b554f/html5/thumbnails/15.jpg)
Reminder:Understanding the Connection
Application Network APIs Proxy Website
Second connectionFrom Fiddler to the server
First connectionFrom client to Fiddler
![Page 16: Debugging the Web with Fiddler](https://reader036.vdocuments.site/reader036/viewer/2022062412/586f72db1a28ab10258b554f/html5/thumbnails/16.jpg)
Visualize the Traffic with Timeline
Start End
Bar color = MIME
Red = new connection
Green = reused connection
Disk = cached responseBar = begin receive
Stripes = buffered by Fiddler
Prefer stream over bufferUse buffer when editing responses
![Page 17: Debugging the Web with Fiddler](https://reader036.vdocuments.site/reader036/viewer/2022062412/586f72db1a28ab10258b554f/html5/thumbnails/17.jpg)
Single Session Timeline• Server wait time• Time to receive headers and body• Time between body chunks
![Page 18: Debugging the Web with Fiddler](https://reader036.vdocuments.site/reader036/viewer/2022062412/586f72db1a28ab10258b554f/html5/thumbnails/18.jpg)
Statistics are Important• Single page statistics give info on performance
– Client processing– Server processing– Network latency
• Execution time: ServerBeginResponse – ServerGotRequest
• Upload time: ServerGotRequest – ClientDoneRequest
• Download time: ServerDoneResponse – ServerBeginResponse
• Watch out for misleading connection reuse• Add timer columns instead of calculating
![Page 19: Debugging the Web with Fiddler](https://reader036.vdocuments.site/reader036/viewer/2022062412/586f72db1a28ab10258b554f/html5/thumbnails/19.jpg)
Statistics are Important• Statistics is also supported for multiple sessions• Aggregative information
– Request count– Unique hosts– Bytes sent– Bytes received– Elapsed time– Response code statistics– Content statistics
![Page 20: Debugging the Web with Fiddler](https://reader036.vdocuments.site/reader036/viewer/2022062412/586f72db1a28ab10258b554f/html5/thumbnails/20.jpg)
Performance-related inspectors• Transformer• Image view• Caching• Cookies• HTML Inspector (3rd party)
![Page 21: Debugging the Web with Fiddler](https://reader036.vdocuments.site/reader036/viewer/2022062412/586f72db1a28ab10258b554f/html5/thumbnails/21.jpg)
Drawing Conclusions• Reduce number of requests• Reduce traffic roundtrips• Reduce the size of requests and responses• Applying compression where needed• Identify non-cached responses
• Use Fiddler to improve performance, not to measure it!
![Page 22: Debugging the Web with Fiddler](https://reader036.vdocuments.site/reader036/viewer/2022062412/586f72db1a28ab10258b554f/html5/thumbnails/22.jpg)
Scenario: Debugging
![Page 23: Debugging the Web with Fiddler](https://reader036.vdocuments.site/reader036/viewer/2022062412/586f72db1a28ab10258b554f/html5/thumbnails/23.jpg)
Manipulate Traffic with Rules• Simulate user-agents (IE, Mozila…)• Simulate network latency• Disable sending cache headers• HOSTS file remapping
• You can also write your own rules!http://fiddlerbook.com/Fiddler/dev/ScriptSamples.asp
![Page 24: Debugging the Web with Fiddler](https://reader036.vdocuments.site/reader036/viewer/2022062412/586f72db1a28ab10258b554f/html5/thumbnails/24.jpg)
Play it Again, Sam• Why run the client scenario again, just to resend the request?• Simply click “Replay”
– Reissue a single request– Reissue a set of requests– Reissue unconditionally (no cache headers)– Reissue multiple times
• What if the request needs a change before reissuing?
![Page 25: Debugging the Web with Fiddler](https://reader036.vdocuments.site/reader036/viewer/2022062412/586f72db1a28ab10258b554f/html5/thumbnails/25.jpg)
Changing Requests with Composer• Create any request from scratch• Use previous requests with drag-n-drop• Don’t bother calculating content length• Composed requests history
www.bobthebuilder.com
![Page 26: Debugging the Web with Fiddler](https://reader036.vdocuments.site/reader036/viewer/2022062412/586f72db1a28ab10258b554f/html5/thumbnails/26.jpg)
Breakpoints – Human in the Middle• Manual control over
request & response• Stop on any direction• Manipulate header and body• Auto reply instead of forwarding
request• Least used feature in Fiddler!!
![Page 27: Debugging the Web with Fiddler](https://reader036.vdocuments.site/reader036/viewer/2022062412/586f72db1a28ab10258b554f/html5/thumbnails/27.jpg)
Debugging Localhost• In some cases, proxies are bypassed when using
localhost (127.0.0.1) addresses• What to do?• Use the machine’s name• Use fictitious DNS names
– ipv4.fiddler or ipv6.fiddler (converted to 127.0.0.1 / [::1])– localhost. or localhost.fiddler (converted to localhost)
![Page 28: Debugging the Web with Fiddler](https://reader036.vdocuments.site/reader036/viewer/2022062412/586f72db1a28ab10258b554f/html5/thumbnails/28.jpg)
Debugging Services• Fiddler hooks to the interactive user• IIS App Pools and Windows Services runs with built-in
users (Network Service / AppPoolIdentity)• Use network sniffers and export as PCAP• Download PsExec and run:
PsExec.exe -i -u "nt authority\network service" "%ProgramFiles(x86)%\Fiddler2\Fiddler.exe"
![Page 29: Debugging the Web with Fiddler](https://reader036.vdocuments.site/reader036/viewer/2022062412/586f72db1a28ab10258b554f/html5/thumbnails/29.jpg)
If You See This, Don’t Panic
Before rebotting your machinetry running Fiddler again
When Fiddler crashes proxy setting are still in effect
![Page 30: Debugging the Web with Fiddler](https://reader036.vdocuments.site/reader036/viewer/2022062412/586f72db1a28ab10258b554f/html5/thumbnails/30.jpg)
Scenario: Testing
![Page 31: Debugging the Web with Fiddler](https://reader036.vdocuments.site/reader036/viewer/2022062412/586f72db1a28ab10258b554f/html5/thumbnails/31.jpg)
“My Code is Perfect”• No more “I can’t reproduce this bug”• Save sessions to .SAZ archive and
send them to the developer• Saves everything, not only text
responses• Open on another machine, inspect,
and replay if necessary
![Page 32: Debugging the Web with Fiddler](https://reader036.vdocuments.site/reader036/viewer/2022062412/586f72db1a28ab10258b554f/html5/thumbnails/32.jpg)
I Got this From Fiddler• Save/Load sessions to .SAZ files• Export/Import HTTP Archive (HAR) sessions• Export sessions to raw files. Great for:
– Images– CSS– Scripts– Data URIs
• Export as Visual Studio web test
![Page 33: Debugging the Web with Fiddler](https://reader036.vdocuments.site/reader036/viewer/2022062412/586f72db1a28ab10258b554f/html5/thumbnails/33.jpg)
In-Memory Website with Auto-Responder
• Match URI according to– String literals (sub-string, * wildcard)– Inverse string literals– Exact match, including casing– Regular expressions
• If a match then– Respond with file– Send stored response– Redirect (not 301 redirect)– Http Redirect (301)– Break– Delay send– Drop response
If URI matches… then respond with…
![Page 34: Debugging the Web with Fiddler](https://reader036.vdocuments.site/reader036/viewer/2022062412/586f72db1a28ab10258b554f/html5/thumbnails/34.jpg)
Extending Fiddler to Your Needs• Customize rules script• Create custom inspectors• Create requests and responses auto-modifiers• Create new exporter/importer• Extend QuickExec with new commands• Add menus and tabs
http://docs.telerik.com/fiddler/Extend-Fiddler/ExtendWithDotNet
![Page 35: Debugging the Web with Fiddler](https://reader036.vdocuments.site/reader036/viewer/2022062412/586f72db1a28ab10258b554f/html5/thumbnails/35.jpg)
Fiddler is More Than a Sniffer• Monitors traffic, yes, but also…• Controls traffic• Modifies traffic• Generates traffic• Easy to use• Extensible
Enhance your web debugging with Fiddler today!
![Page 36: Debugging the Web with Fiddler](https://reader036.vdocuments.site/reader036/viewer/2022062412/586f72db1a28ab10258b554f/html5/thumbnails/36.jpg)
Resources• Fiddler Website
– http://www.telerik.com/fiddler
• Fiddler Forum– http://groups.google.com/group/httpfiddler
• Fiddler Blog– http://www.telerik.com/blogs/tag/fiddler– http://www.telerik.com/blogs/fiddler-a-segue – http://blogs.msdn.com/b/fiddler (old blog)
• My Info– @IdoFlatow // [email protected] // www.idoflatow.net/downloads