Let’s use the Fiddler

dydwls121200@gmail.comYongJin Cho

Happy Hacking!

Fiddler...?

Web(http)...?

It’s Web Debugger !!!

It’s Web Debugger !!!

Telerik Fiddler

Telerik Fiddler

Telerik Fiddler

Telerik Fiddler

D..Damnnnnn!!!

(Joke)

Let’s start presentation.

fiddle [|fɪdl]①[VERB] If you fiddle with an object, you keep moving it or touching with your fingers

②[VERB] If you fiddle with something, you change it in minor ways.

③[VERB] = If you fiddle with a machine, you adjust it

To change it in minor way is the word ‘fiddle’

ServerHost(Capturing)

Clients

Sniff manipulate

HTTP Request HTTP Request

HTTP ResponseHTTP Response

fiddle !!fiddle !!

fiddle !!

fiddle !!

fiddle !!

fiddle !!

fiddle !!fiddle !!

fiddle !!fiddle !!

fiddler = freeware for HTTP packet debugger Tool

How to appear the Fiddler captured packet

List of Request and Response Packets

Information of Request data

Information of response data

How to work the Fiddler?

Proxy!

The Fiddler is be a proxy server on your laptop

What is the Proxy?

proxy [|prɑːksi]

① [NOUN] If you do something by proxy, you arrange for someone else to do it for you those attending the meeting may vote by proxy

That means some of clients indirectly transport to service server using a proxy server, It usually use for access the blocked service server

‘cause it can avoid block and surveillance

Client Service Server

directly transport to server

indirectly transport to server

Service ServerProxy Server

Clients

packet

Fiddler can manipulate and capture packets. Because, it’s a Proxy Server

However,

Fiddler follow two rules. First, Just capture HTTP packets.

Second, All of packets through out the proxy server that fiddler.

Description is over. Now, Let’s install it!

Fiddler Install https://www.telerik.com/download/fiddlerDownload Link

Please read next page while downloading.

Installation Notice- It’s web debugging program made by Telerik Co.- It’s supported Windows, MAC OS, Linux Debian, Fedora- Fiddler setting up is little hard work on Linux(But Geeks do this thing) - It’s so easy to use On Windows(Almost setting is auto)- Almost of Browser setting up is auto, but few of browser isn’t.

License- This is freeware. Then Telerik never mind occurred error on your PC or service while using this program.- Fiddler has default option send the data what you did on this program. It’s transport to telerik through anonymous.

if you didn’t want it, change the option yourself.- This software follows U.S law and rules.- Fiddler can use for third party.- If you earn money using manipulated fiddler, Telerik is going to district your illegality. You must be given penalty

Fiddler Features

Web Debugging

Performance Test

Record HTTP/HTTPS Traffic

Manipulate Web Session

Security Test

Customizing

It can read Cookie, Header, Cache in http packet, doesn’t matter type of device(laptop, mobile,PDA, etc..)

Support timeline, occurred http packet’s, can check service pages weight and network’s bottle neck.

Easily manipulated web session and Set up break points.

It’s easy to test application security about https. It will be helpful.

Fiddler has cool expandability util-program. Fiddler’s script write on .NET language. It will be expandable component.

Fiddler is http proxy debugger. Then, of course capture https packet and read.

If you arrived at this page, your installation be done. Then, run it !

After Installation, Access any web site. Fiddler is going to capture http packets.

If didn’t do that, going to the web browser setting first.

Browser Set upSetting-> Advances Setting-> Change Proxy Settings…. -> LAN setting -> Use a proxy server for …. -> Check!

Let’s see fiddler’s user interface

List of HTTP Packet

Request of Packet

Response of Packet

Packet Control Menu

Program Control MenuService Control Menu

Quick ExecutorStatus bar

Finally

Hoped-for Practice

After Request page on mobile, Let’s send manipulated request data again.

But, you must set up proxy setting on mobile device and PC(It maybe bored work)

Long Click!!

①

②

③

④

⑤⑥

⑦

Wi-Fi setting -> Long Click SSID -> Modify Network-> Advanced Setting->Use a proxy setting-> Set up proxy host, port-> Save!

“Ah... Um.. did I wrong setting..?”

(Or)

“I saw this page!”

Nope, You didn’t set it up all I didn’t told you “access any web site”

Program Control Menu-> Tools -> Telerik Fiddler Options...->“Allow Remote Computers to connect” Check!!

Let’s access “http://smartlock.fun25.co.kr” on mobile.

“Hum…. This web site is so fat! Why it has *.ttf file?”( it’s my fault :D )

Let’s log-in

(This is my private server.. Please, don’t put huge request data. cause’ I’m just a student.)

Test AccountEmail : dydwls121200@gmail.comPassword : 1

You can see the URI that name ‘/login.do’ and click inspectorThen, you can read request and response data.

Do you follow my directions well?

Now, Manipulate Request data

For manipulating request data, It needs to one process.

Breakpoint

Fiddler has three way set up to break point.

1. Set up Break point in Program Control Menu2. Set up Break point on Program’s status bar

3. Scripting on Quick Execute Console(it can directly set up to break point)

①

②③

- First and Second way are same process. They canset up break point on request before, response after

- Third way is quick executor short key is ‘Alt+Q’It move to focus on input box

- Third way’s documenthttp://docs.telerik.com/fiddler/KnowledgeBase/QuickExec

We are developer or major in computer science.Then, we don’t mind First and Second ways.

Just focus on third way.

Press short key[Alt+Q] that quick executor on main display panel.And enter this command ‘bpu smartlock.fun25.co.kr/dydwls121200@gmail.com’

Short description about Break point commands-bpu : break point url-bpafter : break point [response] after-bpbefore : break point [request] before

Ex) bpu smartlock.fun25.co.kr/dydwls121200@gmail.com

Break Pointed web packets

Break Point next Response Data orComplete to manipulate packet

If you enter any command, display it on this area

Third way’s break point when URI name is smartlock.fun25.co.kr/dydwls121200@gmail.comNotice !! bpu command is break pointed before transport request data to service server

How is it going ? Does packets are stopped by break point well? Now, Manipulate some request Data.

Fill ‘ABCDEFG’ up email input box by Request Data on login Dialog in my practice site,In addition, you have to modify ‘ABCDEFG’ to ‘dydwls121200@gmail.com’.

Then, you can log-in with ‘dydwls121200@gmail.com’ by manipulating.

Type ‘bpu smartlock.fun25.co.kr/login.do’ on quick executor(Press [Alt+Q])

**if you want to release the breakpoint, just execute command ‘bpu’

And try to log-in

Test AccountEmail :ABCDEFGPassword : ABCDEFG

ABCDEFG

● ● ● ● ● ● ●

Log -in

If you press‘로그인(log-in)’, fiddler will display that breakpointed packet about ‘login.do’ on list

Modify to Email : dydwls121200@gmail.com

password : 1.Then, click ‘Break on Response’

Now, Let’s manipulate request data on ‘login.do’

You can receive response data from service server. We click ‘run to completion’ and release response. ‘Cause don’t need to manipulate

Likewise, it can manipulate response data, too.

Practice Example is done! Congratulations!

“Wait..!!”

“How to see wrapped SSL packet? What should I decrypt the documents-!?”

Just click them.

Like this

When you access web service wrapped https

Click-!

Check-!

Fiddler is shown yellow box on right panel.

If you feel it’s not a smart behavior about decrypt https packet,Go program control menu -> Tools -> Telerik Fiddler Options…-> Https Tab’

You can change the setting

Sometimes, you feel about confusing packet list on left panel

What ……

1. I want to see packet from just one service host.2. I don’t need to capture packets.

3. I want to compare A Host and B Host packets.4. I want to know the web page’s resource weight

Therefore, I prepared several guidelines.

1. I want to see packet from just one service host.

If you want to filter out none-selected host, You would go ‘Filters’ on right panel

Documents: http://docs.telerik.com/fiddler/KnowledgeBase/Filters

① 선택형② 필수

④ 적용

③ 적용1. Setting up Network’s range.

2. set up hide and show captured packet

3. Write on textarea, want to apply several hosts

4. Following filter this setting execute while capturing filter

2. I don’t need to capture packets.

There are three way to stop fiddler’s packet capturing- Click F12

- Check File-> Capture Traffic- Click Status ‘of Capturing’ On Left of bottom

3. I want to compare A Host and B Host packets.

Select two packet that want to compare. Then, right click and choose ‘Compare’. Or press ‘[Ctrl+w]’

Fiddler has default option that comparing packet need a tool. That’s name ‘WinMerge’.But, we didn’t have it. then, we have to install it.

(If you install ‘WinMerge’, I recommend you default setting(just click ‘next’ on and on). It hasn’t special)

** Actually, ‘WinMerge’ tool is simple, feather and free, I like it

참고 : http://winmerge.org/

After install ‘WinMerge’, press ‘Ctrl+w’ again, compare packets with ‘WinMerge’

4. I want to know the web page’s resource weight

You can check resource loading time and weight with ‘Timeline’ on right panel

Select multiple packets on list and click timeline.It’s done.

Thanks for watching, My prepared practices are over!

Feedback or question is always welcome.(ㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋ) Please e-mail me, I will response quickly.

Happy Hacking! > 3<

dydwls121200@gmail.comYongJin Cho

Translation help YS Park.

References

참고 1 : http://www.mehdi-khalili.com/fiddler-in-action/part-1/

참고 2 : http://www.mehdi-khalili.com/fiddler-in-action/part-2/

참고 3 : http://www.telerik.com/fiddler/add-ons [Fiddler extension program]

참고 4 : https://www.youtube.com/watch?v=8bo5kXMAcV0 [Fiddler Official Video]

참고 5 : http://winmerge.org/ [WinMerge Office Web]