Upload
duongkhuong
View
325
Download
0
Embed Size (px)
Citation preview
Fiddler ENHANCE YOUR WEBTESTING SKILLS WITH FIDDLER
1
Agenda
> What is Fiddler and how does it work?
> Inspecting traffic
> Modifying traffic: Breakpoints, Composer and AutoResponder
> Live examples
> Q&A session
2
About
> http://www.telerik.com/download/fiddler
> Created by Eric Lawrence
> First version was released in October 2003
> Distributed by Telerik since 2012
3
Early Fiddler version:
4
Current Fiddler version:
5
What is Fiddler and how does it work?
6
Intercepting traffic
> No browser/platform restrictions
> Allows capturing traffic from remote locations
> Intercepts traffic sent over:
◦ http and https
◦ ftp
◦ WebSockets
7
Https? > Fiddler uses self-signed certificates, they are not trusted by default
> Similar to the 'Man in the middle' attack
> Each generated certificate has it's own private key
Hint: FiddlerHook add-on for Mozilla provides an easy way to add the certificate to Mozilla trusted CAs.
8
Filters > Has strong filtering options:
◦ drag and drop on process
◦ filter by origin,
◦ hostname,
◦ request header,
◦ response type,
◦ response size, ...
Hint: You can save the filters you have created and import them in a later session or pass them to a colleague in need :).
9
Statistics and Timeline > Shows statistics for the selected sessions
> Timeline diagram in streaming and buffering mode
> Gives an estimate on load times from various client locations
Hint: Pressing ‘p’ will select the parent request, while pressing ‘c’ will select all child requests of the selected session.
10
Exporting/Importing sessions > Save the entire collection or only a single item
> Save only session request or session response
> Export as cURL script or .webtest
> Export/import .saz files
Hint: Adding a .saz archive to a bug report makes it always 'Always reproducible'. (You can include a screenshot too.)
11
FiddlerCap
12
DEMO INTERCEPTING HTTPS, INSPECTORS, FILTERS
13
How can I use Fiddler to... TEST IF ALL IMAGES FROM MY WEBSITE ARE PROPERLY CACHED?
14
How can I use Fiddler to... ISOLATE WHY AN ISSUE REPRODUCES ONLY ON A CERTAIN ENVIRONMENT?
15
Reissuing requests
> Replay a single request or a chain of requests
> Reissue and repeat the same request for several times.
> Reissue and edit
16
Breakpoints > Allows editing of 'real-time' web traffic
> Easiest way to enable is from Rules/Automatic Breakpoints
> Downside is that is has weak filtering possibilities
Hint: Typing 'g' in the QuickExec bar will release all paused traffic.
17
Breakpoints
Before Request
After Response
18
Breakpoints
19
AutoResponder > Define a rule to identify a request and then return a custom response.
> Response are returned without hitting the actual server
> Offers a list of predefined responses
> Matching rules are very configurable
> Drag and drop for easy set-up
> Possibility to add latency for a response
Hint: Don't forget to tick 'Unmatched responses pass through' if you want to mock the response of a specific response
20
Composer > Create and execute http requests without recording them first
> Drag and drop a session into the Composer tab to prefill data
> Has a request history log
Hint: In 'Options' tab make sure you have: “Fix Content-Length Header” and “Follow Redirects” checked
21
DEMO BREAKPOINTS, AUTORESPONDER, API CALL
22
How can I use Fiddler to... TEST SERVER SIDE VALIDATIONS?
23
How can I use Fiddler to... TEST CLIENT SIDE TIMEOUT SETTINGS?
24
How can I use Fiddler to... TEST OFFLINE BEHAVIOR?
25
How can I use Fiddler to... MOCK THIRD PARTY APIS?
26
How can I use Fiddler to... TEST BEFORE THE UI IS READY?
27
Take Away: > Inspect internet traffic, even https
> Can capture traffic from any device
> Saving the entire session list will document the entire user flow.
> Compare sessions to isolate issues
> Use breakpoints to modify real traffic (ex: bypass client validation, mock server errors, ...)
> Use AutoResponder to mock third APIs, delay/block content or simulate offline browsing
> Use Composer to test server side components before the UI is ready
> There is plenty more to say about Fiddler, check out the documentation provided by Telerik http://docs.telerik.com/fiddler
28
Thank you! [email protected]
29
EXTRA: Fiddler script > Written in Jscript.NET
> All options provided in the Rules menu are actually reflected in FiddlerScript
> FiddlerScript Editor allows some easy manipulation of the script, it even has intellisense build in.
> Allows automatic manipulation of requests and responses. You can change Headers, Body text, redirect URL, basically anything you need :)
> Allows UI customization
30
Fiddler script examples: > Add a custom column that shows the client ip:
// Add in Main() function
FiddlerObject.UI.lvSessions.AddBoundColumn("Client IP", 120,"x-clientIP");
> Redirect traffic from one host to another:
// In OnBeforeRequest add:
if (oSession.HostnameIs("www.bing.com")){ oSession.bypassGateway = true;
oSession["x-overrideHost"] = "www.google.com";}
31