Skip to content

Debugging with Fiddler

Brian Chavez edited this page Nov 30, 2019 · 8 revisions

Introduction

Fiddler is a proxy program that helps debug HTTP and HTTPS traffic. Fiddler intercepts HTTP and HTTPS traffic by setting up a local proxy and inspecting all web traffic that flows through the local proxy. Fiddler keeps a log of all web traffic and makes web traffic available for inspection.

Fiddler Concept

The following instructions show how to set up a local Fiddler Proxy to debug a .NET Application using HTTP or HTTPS.

Setup and Configuration

1. Install

2. Enable Decryption of HTTPS Traffic

The following configures Fiddler to decrypt HTTPS traffic by installing and trusting a self-signed "root certificate" in the local computer's "root certificate" store.

  • Go to Tools > Fiddler Options.... Click on the HTTPS tab.
    • Enable Capture HTTPS CONNECTs.
    • Enable Decrypt HTTPS traffic ...from all processes.
    • Follow all prompts to install the Root Certificate.
    • Click Ok to save settings.

Fiddler Options - Tools HTTPS Tab

💡 Note: If you did not receive a prompt to install a Root Certificate, click the Actions > Trust Root Certificate button.

3. Enable localhost Proxy Mode

The following configures Fiddler to listen on a local port for proxy traffic.

  • Go to Tools > Fiddler Options.... Click on the Connections tab.
    • Set Fiddler listens on port: 8888.
    • Enable Allow remote computers to connect.
    • Click Ok to save settings.

Fiddler Options - Tools HTTPS Tab

4. Reboot.

Reboot the computer.

5. Start Fiddler

💡 Reduce Noise: By default, Fiddler starts capturing traffic from all applications at startup. Since we are only interested in debugging local traffic from a single .NET Application, you can reduce noise by disabling capturing of live traffic and clearing the traffic traces:

  • Press F12 or uncheck File > Capture Traffic.

    Disable Caputre Traffic

  • Clear the requests list:

    Clear Fiddler Request List

Keep Fiddler running in the background. Fiddler continues to capture traffic that passes through the localhost proxy even though Capture Traffic is disabled.

6. Use the localhost proxy in the .NET Application

Next, instruct your .NET Application to use the local Fiddler proxy for HTTP and HTTPS requests.

For the Coinbase Client library, use the EnableFiddlerDebugProxy helper setup method that configures the underlying HttpClient to use the localhost proxy, as shown below:

var cfg = new Coinbase.ApiKeyConfig
   {
      ApiKey = "fff",
      ApiSecret = "ggg"
   };
var client = new Coinbase.CoinbaseClient(cfg);

client.EnableFiddlerDebugProxy("http://localhost.:8888");

var price = await client.Data.GetBuyPriceAsync("BTC-USD");
price.Data.Dump();

💡 Note: Be sure to include the . period at the end of the localhost. in the proxy URL. The period is not a typo.

7. Compile and Run the .NET Application

Next, compile and run the .NET Application and invoke any methods that would cause the .NET Application to send a web request.

8. Inspect the web request and response

Finally, check the Fiddler window to inspect HTTP and HTTPS traffic, as shown below:

Fiddler Inspectors

  1. Select the HTTP request.
  2. Click the Inspectors tab.
  3. Click the TextView or other response tabs to inspect the response.

Inspecting traffic captured by Fiddler should allow you to diagnose your issue. Copy, paste, and screenshot output from Fiddler and provide it to a third-party to help debug any issues you might be having.

General Advice and Advanced Debugging

Configuring raw HttpClient to use the local proxy

In general cases, it may be desirable to configure raw a HttpClient to use the localhost Fiddler proxy. The following code example shows how to set up an HttpClient to use the localhost proxy:

var handler = new HttpClientHandler()
   {
      Proxy = new WebProxy("http://localhost.:8888", BypassOnLocal: false),
      UseProxy = true
   };
var client = new HttpClient(handler);

var r = await client.GetAsync("https://www.google.com");

Debugging requests from remote clients

A MITM (man-in-the-middle) technique is required to debug HTTP and HTTPS traffic from remote clients and systems. See the following blog post for more information: