By default, the TextWizard uses UTF-8 to convert between characters and bytes and back. Most applications use UTF-8 as their standard text encoding, but if you are working with a site that uses another encoding, you can set a Preference to select the required text encoding.
Set the preference fiddler.textwizard.InputEncoding to specify a character set from which percent-encoded characters will be decoded. Set the preference fiddler.textwizard.OutputEncoding to specify a character set using which characters will be percent-encoded. The string value provided must be an Encoding name recognized by the .NET Framework; valid values can be found at http://fiddler2.com/r/?EncodingNames.
51 | Exploring Fiddler
T H E C O M P O S E R T A B
This tab enables you to manually build and send HTTP, HTTPS, and FTP requests. Alternatively, you can drag a Session from the Web Sessions list to the Composer tab to copy the request from that Session into the interface.
Clicking the Execute button sends the request to the server.
The bulk of the Composer tab is a set of three sub-tabs: Parsed, Raw, and Options. I’ll explain each tab in turn, although starting from the right for simplicity.
Request Options
The Options tab provides the following choices:
Inspect Session After the request is executed, the Inspectors tab will activate to enable you to view the results of the request.
Fix Content-Length header* This option controls whether the Composer will automatically add or update the Content-Length request header to reflect the size of the request body.
In many cases, requests that lack a proper Content-Length header will hang or result in a HTTP error response.
Follow Redirects* This option controls whether the Composer will automatically follow a HTTP/3xx redirection using the response’s Location header. When this option is enabled, the Composer will follow a maximum of 10 redirects before failing.
Automatically Authenticate* This option controls whether the Composer will automatically respond to a server’s HTTP/401 or HTTP/407 authentication demands.
When this option is enabled, the Windows credentials of the account that Fiddler is running under will be used to automatically respond to such challenges. To supply a different set of credentials, set the
fiddler.composer.AutoAuthCreds preference.
If the server requires credentials that are different than those provided, the request will fail, typically with a HTTP/403 response.
Tear off button This button removes the Composer from the main Fiddler window and opens it as a separate floating window.
This option is especially useful when you have the Inspect Session option enabled, as it permits you to see both the Composer and Inspectors tabs at the same time.
The options marked with * above only apply to requests sent using the Parsed tab; requests from the Raw tab do not support these options.
52 | Exploring Fiddler Raw Requests
The Raw tab provides a simple text box into which you must enter a properly formed HTTP request. If your request is not well-formed (say, because you forgot the trailing CRLF after the request headers) then clicking the Execute button will not issue a request.
This tab is rarely useful—most requests should be composed using the Parsed tab instead.
Parsed Requests
The Parsed tab allows you to construct the request using separate boxes for each component of the request.
Across the top of the tab are three boxes: The first allows you to specify the HTTP Method (e.g. POST). The second allows you to specify the full URL of the request (it must begin with http://, https://, or ftp://). The third box allows you to specify the HTTP Version (typically HTTP/1.1).
Below the top line are two large text areas: the top box allows you to edit the request headers. The bottom box allows you to edit the request body. If the currently selected HTTP Method is one that typically does not allow a body (e.g.
GET) the body box will turn red if any text is entered into it.
Issuing Sequential Requests
In some scenarios, it is useful to issue multiple requests that are identical except for a single number. For instance, when trying to download a series of sequentially-named images, each download request only differs by the name of the file. The Composer can generate a series of sequentially-numbered requests – simply include a # symbol in the URL where the number should appear.
When the request is executed, Fiddler will prompt you for the first number. You can enter a simple number (e.g. 8) or if the all numbers must be the same number of digits, pad the number with leading zeros. For instance, to ensure that all URLs’ numbers contain two digits, use 08:
Next, you’ll be prompted for the number at which you would like Fiddler to stop issuing requests:
53 | Exploring Fiddler After providing the Start and End numbers, Fiddler will then issue the sequential requests for the range you speci-fied:
Some servers will not return responses unless an expected Referer header is present. Placing a # in your request’s Referer header will instruct Fiddler to replace that character with the current request number.
The Sequential Requests feature is only available when using the Parsed tab; the # is treated as a plain character if the request is written using the Raw tab.
File Upload Requests
You can construct a file upload by clicking the Upload File link near the top-right of the tab. A Select File for Upload file picker window will appear. You may only choose one file if your request’s Method is PUT, or you may choose multiple files if the Method is POST.
After you select the files for upload, the Composer will construct a request with the proper format; all @INCLUDE references in the body will be replaced with the contents of the specified files when the request is executed.
In HTTP, file uploads are typically conducted using either the PUT or POST methods. When uploading a file using the PUT method, the Request Body typically contains the raw content of the file.
54 | Exploring Fiddler
In contrast, uploads using the POST method usually format the Request Body using Content-Type:
multipart/form-data.
For POST uploads, you may need to edit the Name attribute to ensure that it matches the form field name expected by the server.
Automatic Request Breakpoints
In some cases, Fiddler’s Request Inspectors can provide a better request editing experience than using the Composer tab. By holding the Shift key while clicking the Execute button, you can set a breakpoint on the new request. The new Session will be immediately paused at a breakpoint and the Request Inspectors will become active. This allows you to modify the new request using Fiddler’s Inspectors before it is sent to the server.
55 | Exploring Fiddler
T H E L O G T A B
The Log tab collects logged message strings that are generated by extensions, FiddlerScript, or Fiddler itself. Fiddler logs a notification in response to application events (e.g. when a SAZ file is saved or loaded) as well as system events (e.g. when the system’s network connectivity is lost or restored).
In current versions of Fiddler, WebSocket traffic is also displayed in the Log tab.
Right-clicking on the Log textbox displays a context menu offering a few basic commands for interacting with the log:
Copy Copies selected text to the clipboard.
Save… Saves the current Log to a file on disk. You may save in plaintext (.txt) or formatted RichText format (.rtf).
Clear Clears all text in the Log.
The Log tab also supports simple macro commands which you can invoke from the QuickExec box. Type log
@Log.Clear to clear the log. Type log @Log.Save to generate a new Session in the Web Sessions list whose response body contains the Log tab’s text. Type log "@Log.Export \"filename\"" to save the Log tab’s text to the specified file. Use a filename ending in .rtf to save in Rich Text Format, preserving font size and weight, or ending in .txt to save as plaintext.
56 | Exploring Fiddler
T H E F I N D S E S S I O N S W I N D O W
Fiddler’s Find Sessions window enables you to search through captured requests and responses and select those that contain text of interest. Open the Find Sessions window using the option on the Edit menu, or press the CTRL+F hotkey anywhere in Fiddler.
The Find box at the top enables you to specify the text for which a search will be conducted. Previously searched terms will appear in a drop-down and autocomplete as you type.
The Options box controls how the search is conducted. The Search dropdown allows you to select what gets searched; choices are Requests and responses (the default), Requests only, Responses only, and URLs only. Unless you choose URLS only, the Examine dropdown enables you specify whether you wish to search the session’s Headers, Bodies, or both (the default).
Below the dropdowns are a set of checkboxes. When ticked, the Match case box makes the search case-sensitive. The Regular Expression box causes Fiddler to treat the search text as a regular expression. The Search binaries option instructs Fiddler to perform the search even inside Sessions with a Content-Type header that suggests that body is of a binary type like audio, video, images, Flash objects, etc. The Decode compressed content option instructs Fiddler to remove HTTP content- and transfer-encodings from requests and responses as it searches. This option can
significantly slow the search and will permanently remove the encoding from the affected bodies. The Search only selected sessions box is enabled (and ticked by default) if multiple Sessions are selected in the Web Sessions list when the Find Sessions window is opened. This option restricts the search to only those Sessions that were selected when the search began. The Select matches option causes Fiddler to automatically select any Sessions which contain the search text. The Unmark old results option will remove the highlight color from any Sessions highlighted as a result of a prior search. The Result Highlight dropdown allows you to select the background color which should be set for all Sessions that contain the search text. If the Unmark old results option is disabled, this color is
automatical-57 | Exploring Fiddler ly cycled every time the Find Sessions operation is performed-- that way, when performing multiple searches, the results of each search will be highlighted in a different color.
After configuring the search, press the Find Sessions button to perform the search. The Find Sessions window will close and matching search results will be highlighted (and selected, if that option was chosen) in the Web Sessions list. Fiddler’s status bar will indicate the number of matches found.
Press Cancel or hit Escape to close the window without performing a search.
58 | Exploring Fiddler
T H E H O S T R E M A P P I N G T O O L
The Hosts Remapping tool allows you to easily reroute requests from one host to another, overriding the normal DNS association between a hostname and its IP address list. To enable the feature, click the HOSTS... item on Fiddler’s Tools menu. The Host Remapping window will appear.
Use the Enable remapping checkbox to enable or disable the feature. In the textbox, enter a list of overrides, one per line. Type the new host or IP address in the first column, one or more whitespace characters, and finally the corre-sponding hostname to override. Any line may be preceded by a pound character (#) to indicate that the line repre-sents a comment.
You may import the system’s HOSTS file (%SYSTEMROOT%\System32\drivers\etc\hosts) using the link at the bottom of the window.
Unlike the Windows HOSTS file, this feature does not require that you specify the IP address of the new target; you may specify a host instead. If needed, you can even specify a target port.
The following rule:
127.0.0.1:8088 meddler
...will send all requests for http://meddler/ to http://127.0.0.1:8088/.
Sessions rerouted from one hostname to another using the Host Remapping tool are rendered with a light blue background in the Web Sessions list. HTTPS Sessions that have been rerouted have the X-IgnoreCertCNMismatch and X-OverrideCertCN Session Flags set to avoid raising “Certificate Name Mismatch” errors.