This content originally appeared on Telerik Blogs and was authored by Nikolay Iliev
Fiddler Everywhere provides so much information about your web traffic you might be overwhelmed. Follow these search and filter tips to find what you need.
When using Progress Telerik Fiddler Everywhere to capture web traffic, users are often overwhelmed by the sheer volume of information. Even a single webpage can generate hundreds of requests, and when capturing traffic from multiple applications, the HTTPS sessions can quickly become unmanageable. Many users wonder how to find the specific information they need within this captured traffic.
Fiddler Everywhere offers several techniques to help users focus on important data. Users can improve their work performance using Fiddler’s user interface by utilizing filters, search options and the ability to highlight specific sessions.
Identifying Session Type and State
One of the first things to do is to identify the type and the state of a targeted session. The quickest way to do that is by using the ID column in the Fiddler grid. Apart from the unique identifier, each session is also marked with an icon that depicts the session’s type (like CSS, gRPC session, CONNECT Tunnel, PNG image, etc.—you can see all supported icons here).
The ID column allows you not only to visually efficiently identify a session by its type, but you can also gain additional information through tooltips. For example, through the icon you can easily identify an issue related to the used site’s certificate.
The ID column will also contain an indicator in case the Session was paused through a breakpoint.
The breakpoints in Fiddler Everywhere are а powerful feature that allows you to pause, debug and modify web traffic on the fly.
In addition to the mentioned features, Fiddler Everywhere offers multiple predefined columns to help you further narrow down and identify specific sessions. For instance, you can utilize the Protocol column to distinguish sessions based on the technology (such as HTTP, gRPC, WebSocket, etc.). You can also use the Method column to monitor HTTP methods (GET, POST, PATCH, etc.) or the remote IP column to track traffic from a specific remote host. And even more—there is also an option to create your own custom columns based on the HTTP request and response headers.
Using Fiddler’s Quick Search
The Quick Search feature in Fiddler Everywhere allows you to search through the sessions and locate specific entries based on your search criteria. By default, Fiddler’s search function will only match values found in the traffic grid columns, such as URL, host and other live traffic column values.
With the latest version of Fiddler Everywhere, you can enable the search to match values from the HTTP(S) sessions. This valuable addition lets you quickly identify specific data buried deep within an HTTP body, headers or even within messages received from streaming protocols (like gRPC, WebSocket and SSE). However, it’s important to note that the captured traffic may contain numerous HTTP bodies, some of which can be large (several MBs).
Therefore, using the search in-body option may lead to performance issues if not used carefully. It’s recommended to use the search in-body option with a smaller set of sessions (you can limit the maximum number of visualized sessions through the Settings > Live Traffic > Sessions List Length option).
With the deep search option, some sessions are matched but might not have an explicit highlight within the traffic grid. That indicates that the matched string value is present within the session’s headers or body. To see the result for such a session, select it, open the Raw Inspector, press the search icon and reenter the search term.
Filtering Traffic
In Fiddler Everywhere, the filters provide another way to enhance your interaction with the captured traffic. The application lets you quickly filter a specific column in the traffic grid. For instance, you can use a filter for the URL column to display only the sessions that contain a particular value.
While the column filters are easy to use, there are cases where more advanced filter conditions are necessary. This is where the Filters option comes into play. This dedicated functionality allows you to add multiple matching conditions and see the number of matched sessions in real time. Filters can also be saved for later use, and a saved filter can be activated or deactivated based on current needs.
The filtering conditions are identical to Fiddler’s matching conditions for the Rules tab, which means you have another powerful tool to extract the needed information. For example, you can create a filter to sieve all sessions with specific TLS versions or to detect expiring certificates. Or why not both?
In addition to the advanced filtering options, Fiddler provides a quick and efficient way to clear the captured traffic from sessions that cover specific criteria. The “Clear” drop-down menu is accessible through the traffic grid and offers numerous options to restrict the shown sessions further.
Using the Fiddler’s filters alongside the saving, exporting and sharing functionalities makes the traffic capturing even more existing and opens new doors for teams to collaborate efficiently.
Highlighting Traffic
Apart from the importance of having a modern tool with a good UI, it is also imperative that the tools provide the ability to modify the UI to one’s own needs. In capturing traffic, the community requested a user interface feature to identify targeted sessions. This feature is delivered through the Rules tab, and there is an option to create custom marking rules to highlight the targeted web traffic.
Using the Rules tab to create and apply a rule is straightforward, but it also enables you to dive deep into the world of modifying HTTPS traffic. We won’t detail the more powerful options that Fiddler’s rules provide (some examples are available as rules preset here). Instead, we will show how to quickly create a rule to mark all sessions with static resources.
As demonstrated within a single rule, you can add multiple matching conditions and apply different actions, including the option to change the appearance of a row in the traffic grid.
Decoding Options
Often, the information passed through HTTP requests and responses is encoded. Searching within encoded information won’t make much sense, so Fiddler Everywhere provides an option to decode pre-selected encoded data manually. The supported formats are Base64 (commonly used with Basic Authentication headers), Escaped Sequences, encoded URLs, hex data and encoded HTML. For example, you can easily decode any Raw Inspector data portion through the Decode Selection option (accessible from the context menu).
Demonstration of how Fiddler can intercept and decode username and password passed as Base64 string through Basic Authentication.
With User Experience in Mind
Over the past several months, the team has delivered tremendous technology-related features, such as support for HTTP/2, TLS 1.3, gRPC, SSE, Network Capturing mode and many more. The user interface has also been significantly improved, ranging from minor UX-driven changes to significant UI enhancements.
Fiddler Everywhere is evolving rapidly. The newly added ability to search data within the captured traffic is mainly driven by feedback from the Fiddler community. Please let us know your thoughts and help us improve the Fiddler rules by sharing your ideas and suggestions in the Fiddler Everywhere public GitHub repository or the feedback portal.
This content originally appeared on Telerik Blogs and was authored by Nikolay Iliev
Nikolay Iliev | Sciencx (2024-09-04T09:02:11+00:00) Searching Within HTTPS Traffic with Fiddler Everywhere. Retrieved from https://www.scien.cx/2024/09/04/searching-within-https-traffic-with-fiddler-everywhere/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.