Fiddler ENHANCE YOUR WEBTESTING SKILLS WITH FIDDLER

1

Agenda

> What is Fiddler and how does it work?

> Inspecting traffic

> Modifying traffic: Breakpoints, Composer and AutoResponder

> Live examples

> Q&A session

2

About

> http://www.telerik.com/download/fiddler

> Created by Eric Lawrence

> First version was released in October 2003

> Distributed by Telerik since 2012

3

Early Fiddler version:

4

Current Fiddler version:

5

What is Fiddler and how does it work?

6

Intercepting traffic

> No browser/platform restrictions

> Allows capturing traffic from remote locations

> Intercepts traffic sent over:

◦ http and https

◦ ftp

◦ WebSockets

7

Https? > Fiddler uses self-signed certificates, they are not trusted by default

> Similar to the 'Man in the middle' attack

> Each generated certificate has it's own private key

Hint: FiddlerHook add-on for Mozilla provides an easy way to add the certificate to Mozilla trusted CAs.

8

Filters > Has strong filtering options:

◦ drag and drop on process

◦ filter by origin,

◦ hostname,

◦ request header,

◦ response type,

◦ response size, ...

Hint: You can save the filters you have created and import them in a later session or pass them to a colleague in need :).

9

Statistics and Timeline > Shows statistics for the selected sessions

> Timeline diagram in streaming and buffering mode

> Gives an estimate on load times from various client locations

Hint: Pressing ‘p’ will select the parent request, while pressing ‘c’ will select all child requests of the selected session.

10

Exporting/Importing sessions > Save the entire collection or only a single item

> Save only session request or session response

> Export as cURL script or .webtest

> Export/import .saz files

Hint: Adding a .saz archive to a bug report makes it always 'Always reproducible'. (You can include a screenshot too.)

11

FiddlerCap

12

DEMO INTERCEPTING HTTPS, INSPECTORS, FILTERS

13

How can I use Fiddler to... TEST IF ALL IMAGES FROM MY WEBSITE ARE PROPERLY CACHED?

14

How can I use Fiddler to... ISOLATE WHY AN ISSUE REPRODUCES ONLY ON A CERTAIN ENVIRONMENT?

15

Reissuing requests

> Replay a single request or a chain of requests

> Reissue and repeat the same request for several times.

> Reissue and edit

16

Breakpoints > Allows editing of 'real-time' web traffic

> Easiest way to enable is from Rules/Automatic Breakpoints

> Downside is that is has weak filtering possibilities

Hint: Typing 'g' in the QuickExec bar will release all paused traffic.

17

Breakpoints

Before Request

After Response

18

Breakpoints

19

AutoResponder > Define a rule to identify a request and then return a custom response.

> Response are returned without hitting the actual server

> Offers a list of predefined responses

> Matching rules are very configurable

> Drag and drop for easy set-up

> Possibility to add latency for a response

Hint: Don't forget to tick 'Unmatched responses pass through' if you want to mock the response of a specific response

20

Composer > Create and execute http requests without recording them first

> Drag and drop a session into the Composer tab to prefill data

> Has a request history log

Hint: In 'Options' tab make sure you have: “Fix Content-Length Header” and “Follow Redirects” checked

21

DEMO BREAKPOINTS, AUTORESPONDER, API CALL

22

How can I use Fiddler to... TEST SERVER SIDE VALIDATIONS?

23

How can I use Fiddler to... TEST CLIENT SIDE TIMEOUT SETTINGS?

24

How can I use Fiddler to... TEST OFFLINE BEHAVIOR?

25

How can I use Fiddler to... MOCK THIRD PARTY APIS?

26

How can I use Fiddler to... TEST BEFORE THE UI IS READY?

27

Take Away: > Inspect internet traffic, even https

> Can capture traffic from any device

> Saving the entire session list will document the entire user flow.

> Compare sessions to isolate issues

> Use breakpoints to modify real traffic (ex: bypass client validation, mock server errors, ...)

> Use AutoResponder to mock third APIs, delay/block content or simulate offline browsing

> Use Composer to test server side components before the UI is ready

> There is plenty more to say about Fiddler, check out the documentation provided by Telerik http://docs.telerik.com/fiddler

28

Thank you! OTILIAZAHARIA@GMAIL.COM

29

EXTRA: Fiddler script > Written in Jscript.NET

> All options provided in the Rules menu are actually reflected in FiddlerScript

> FiddlerScript Editor allows some easy manipulation of the script, it even has intellisense build in.

> Allows automatic manipulation of requests and responses. You can change Headers, Body text, redirect URL, basically anything you need :)

> Allows UI customization

30

Fiddler script examples: > Add a custom column that shows the client ip:

// Add in Main() function

FiddlerObject.UI.lvSessions.AddBoundColumn("Client IP", 120,"x-clientIP");

> Redirect traffic from one host to another:

// In OnBeforeRequest add:

if (oSession.HostnameIs("www.bing.com")){ oSession.bypassGateway = true;

oSession["x-overrideHost"] = "www.google.com";}

31