PROJECT REPORT ON
Capturing and Inspecting HTTP(S) traffic between a client and a web server
Networks Using Fiddler Debugging Tool
Submitted in partial fulfilment of the requirements for the award of the degree of
BACHELOR OF TECHNOLOGY
Submitted by
122004281 - VEMULA SUMANTH - ECE
Under the Guidance of
Prof. Sasikala Devi. N
School of Computing
SASTRA DEEMED TO BE UNIVERSITY
(A University established under section 3 of the UGC Act, 1956)
Tirumalaisamudram
Thanjavur - 613401
December(2020)
1
� SHANMUGHA
ARTS, SCIENCE, TECHNOLOGY & RESEARCH ACADEMY
(SASTRA DEEMED TO BE UNIVERSITY)
(A University Established under section 3 of the UGC Act, 1956)
TIRUMALAISAMUDRAM, THANJAVUR – 613401
BONAFIDE CERTIFICATE
Certified that this project work entitled “Inspecting, and altering HTTP and HTTPS
traffic between a computer and a web server Networks Using Fiddler
Debugging Tool” submitted to the Shanmugha Arts, Science, Technology & Research
Academy (SASTRA Deemed to be University), Tirumalaisamudram - 613401 by
Vemula Sumanth (122004281),ECE in partial fulfillment of the requirements for the award of
the degree of BACHELOR OF TECHNOLOGY in their respective programme. This work is
an original and independent work carried out under my guidance, during the period
September2020 - December 2020.
Prof. Sasikala Devi. N ASSOCIATE DEAN
SCHOOL OF COMPUTING
Submitted for Project Viva Voce held on
Examiner – I Examiner – II
2
� TABLE OF CONTENTS
ABSTRACT… v
LIST OF TABLES… vi
LIST OF FIGURES vii
NOTATIONS… viii
ABBREVIATIONS… ix
CHAPTER 1 INTRODUCTION, ADVANTAGES AND DISADVANTAGES. (1)
CHAPTER 2 SNAPS. (7)
CHAPTER 3 CONCLUSION AND FUTURE WORK. (11)
CHAPTER 4 REFERENCES. (12)
3
� ABSTRACT
Fiddler Everywhere is a web debugging proxy for any browser platform.It captures, inspects
and observes all HTTP and HTTPS traffic between computer and internet, issue requests, and
fiddle with incoming and outgoing data.
HTTP(S) traffic Inspection & Analysis
Fiddler Everywhere logs all HTTP(S) traffic between your client and the Internet. It captures
traffic from virtually any application that supports a system proxy.
Request and Response Mocking
Fiddler support mocking or modifying request and responses on any application.Without
changing the code we can do HTTP(S) requests and responses very quick and easy way.
KEYWORDS : Auto responder,API composer,web debugging proxy, Hypertext Transfer
Protocol(HTTP), traffic Inspection, modifying request, mocking,.
4
� List of Tables
Table Number Table Description Page Number
Table 1 Defining Parameters in 4
The Session analyzation
5
� List of Figures
Figure Number Figure Description Page Number
Fig 1 Fiddler Web Proxy 2
Fig 2 Fiddler Configuration 3
Fig 3 Web Sessions 4
Fig 4 Compare sessions menu 5
Fig 5 Compare sessions example 6
Fig 6 Simulation Output Screen 1 8
Fig 7 Simulation Output Screen 2 9
Fig 8 Simulation Output Screen 3 10
Fig 9 Simulation Output Screen 4 11
6
� NOTATIONS
Notation Description
Response was JSON
Response was HTML
Request is being sent to
the server
Response is being read from
the server
Response was a server error
# An ID of the request
generated by Fiddler
for your convenience
7
� ABBREVIATIONS
URL Uniform Resource Locator
CSS Cascading Style Sheets
WI Windows Internet
XML Extensible Markup Language
FRC Fiddler Root certificate
HTTP Hyper Text Transfer
Protocol
8
� CHAPTER 1
INTRODUCTION
Requirement on any web actions is ,first of all inspect or observe the traffic betwee the client and
web server ,and to Debug the traffic flowing from the mobile devices, computers, and Mac or
Linux systems is imperative to ensure stringent monitoring of data. In this regard, Fiddler has
emerged as a potential web debugging tool that records the traffic between a machine and the
internet. It captures this traffic for inspecting outgoing and incoming data.
This, in turn, helps to alter the HTTP requests before they reach a browser
Fiddler has been used by the so many developres as network proxy tool..
WORKING OF FIDDLER:
Its a web debugging proxy which logs and inspect all the HTTP(S) traffic between
client and the web server.And also used to set break points.It can only handle
http(s) traffic.On starting Fiddler, the WI or WinINet saves the current proxy settings and then,
transforms it to work as a proxy for HTTP traffic. In order to log this activity, it adds itself to
WinINet for monitoring the reports and requests in the real-time. Apart from recording the data,
it also fiddles with the traffic during its transmission. It is designed to serve dual purposes of
debugging and proxy setting. It logs data from the applications supporting proxy. The data
overload results in a swarming interface but the same is well-organized in this tool.
Traffic mocking:
Fiddler logs the traffic flowing between your computer and the internet. You can debug traffic
from any application supporting proxy. Such applications include browsers like Chrome, Safari,
Firefox, Opera, etc. It enables recording of HTTP/S traffic along with its archiving and playback.
You can also filter this data and hide the successful image and web requests.
Decompressing Web Sessions:
The transmission of bytes between client and server can be decreased tremendously by using
HTTP compression. It results in nearly 50% savings for JavaScript, XML, HTML, and CSS.
Along with this, it also leads to manipulation of web sessions. Hence, you can set a division to
hold the processing of the sessions and also alter the requests or responses.
PROPOSED FRAMEWORK
Fiddler sits between your http client and http server listening on a port for http(s) traffic.
1
�Fig.1 Debugging the web with Fiddler
Configuring Fiddler
When Fiddler is first executed, it will pop up windows concerning WinConfig containers, don't
worry about it for now and opt out, its outside of the scope of this introduction. The first thing
we need to do is enable logging for HTTPS traffic, Fiddler will not do that out of the box as it
needs to have its root certificate trusted and till then will ignore all HTTPS traffic. So to enable,
we shall do these:
Tools > Options ,Click on the HTTPS tab. Click on the Decrypt HTTPS traffic check box ,
You will receive a pop up asking you whether you wish to trust the FRC, click Yes . Fiddler
decrypts HTTPS sessions by re-signing traffic using the certificate its asking you to trust,
without which it wont work. After clicking on YES` to all the pop ups that follow regarding the
certificate, on the HTTPS tab there's a section called Protocols , click on the existing protocols
and append tls1.1;tls1.2; .
2
�Fig. 2 Fiddler Configuration
Session analyzation
Web Sessions
Web Sessions pane is where the traffic is displayed as it is captured:
3
�Fig. 3 Web Sessions
Table 1
Paraneters Definition
Result The Result code from the HTTP Response
Protocol The Protocol (HTTP/HTTPS/FTP) used by this
session
Body The number of bytes in the Response body
Host The hostname of the server to which the request
was sent
URL The path and file requested from the server
Caching Values from the Response’s Expires or
Cache-Control headers
4
� Content-Type The Content-Type header from the Response
Traffic Comparison
One little known awesome feature of Web Sessions is the ability to compare two sessions. To
compare two sessions select them in the Web Sessions pane, right click and choose ‘Compare’
item from the menu.
Fig 4. Compare sessions menu
5
�Fig 5. Compare sessions example
By default Fiddler uses WinDiff as comparison tool, To change the tool:
● Open Registry, go to HKEY_CURRENT_USER\Software\Microsoft\Fiddler2
● Add a new String Value called CompareTool and set the value to the path of your favorite
Diff tool (e.g. “C:\Program Files\Beyond Compare 3\BCompare.exe”)
● Restart Fiddler
6
� CHAPTER 2
Snapshots
For experimental Purpose the website “hackernews.com” has been chosen and the content needs
to changed and has to be done only using fiddler.
7
�Fig 6. Simulation Output Screen 1
8
�Our task is to change the first column content as “How Fiddler Makes Debugging Easy” without
disturbing the browser and only using fiddler.
Fig 7. Simulation Output 2We are now going to add a rule to edit this website and change the
website raw code and change it as per our requirement, this tool is used only for correction of
any errors in website and not for Misusing purpose.
9
�Fig 8.simulation output 3 Web sessions and headers for news combinator
websites.
10
�Fig 9. Simulation output 4
11
�Fiddler acts as a mediator between client and hacker news web server and thus providing as an
effective debugging tool.As we seen from above figure the first row has been changed by client
by giving input whatever he wants.We can change the website number of times again and again
as input given by user.
Thus proving Fiddler as efficient and effective DEBUGGING tool.
CHAPTER 3
CONCLUSION AND FUTURE WORKS
By this project,I studied how fiddler tool is used to observing,analysing and debugging a
website .And also to compare the traffic between any two servers.This tool is many
beloved developers.We can create plugins to practice many quite complex scenarios.it
can also be used to edit network sessions by setting breakpoints to pause alteration of the
request and response.yes,it is a very useful tool and we can do many things new as
possible.
12
� CHAPTER 4
REFERENCES
1. Lawrence, Eric (6 June 2005). "HTTP Performance". IEBlog. MSDN (Microsoft).
2. ^ Jump up to:a b "Fiddler v1.x Release History". Telerik. Retrieved 7 October 2019.
3. ^ "Fiddler Web Debugger - Get Fiddler". Retrieved 18 September 2019.
4. ^ Lawrence, Eric (January 2005). "Fiddler PowerToy - Part 1: HTTP Debugging".
MSDN (Microsoft corporation). Retrieved 7 October 2019.
5. ^ Lawrence, Eric (September 2012). "Fiddler Telerik". Fiddler. Archived from the
original on 12 September 2012.
6. ^ Lawrence, Eric (December 2015). "Fiddler - A Segue". Telerik.
7. ^ Velikov, Kamen (October 2019). "What's New in Fiddler for Windows v5.0.20194".
Telerik.
8. ^ Velikov, Kamen (June 2020). "Fiddler Everywhere v0.10 is Here!". Telerik.
9. ^ Pereira, Jonathan (September 2020). "Fiddler Everywhere 1.0 is Here!". Telerik.
10. Fiddler Blog http://www.telerik.com/automated-testing-tools/blog/eric-lawrence.aspx
13
�14
