Fiddler add-ons

Eric’s Extensions for Fiddler

  • Brick walls showing obscured images

    Show Image Bloat

    The Show Image Bloat extension scans JPEG and PNG image files for unnecessary embedded metadata. This data, often an artifact of the editing process, bloats the file's size and slows down your site. Images containing bloat will be obscured with a "brick wall" based on the percentage of the file size that is junk.

    You can learn more about the extension in this blog post
     
    Download

  • 3-Syntax-Highlighting-Add-Ons

    Syntax-Highlighting Add-Ons

    This package contains the three most valuable extensions for Fiddler.
    These add-ons display markup with syntax-highlighting:

    • The SyntaxView Inspector offers syntax-highlighting for HTML, JavaScript, CSS, XML and other web formats.
    • The RulesTab2 extension is a powerful way to edit your FiddlerScript Rules directly within Fiddler.
    • The FiddlerScript Editor is a standalone text editor that helps you edit rules for Fiddler. It offers syntax highlighting and a Class Explorer to help you author scripts.
    Download

  • RulesTab

    RulesTab

    The RulesTab extension shows how extensions can integrate with FiddlerScript compilation and errors. Source is included. (Note: Typical users should download the "3 Syntax-Highlighting Add-Ons" package instead).

    Download

  • image-flipper

    Image-Flipper

    The Image Flipper sample is a simple example of using a Fiddler extension to manipulate responses. When enabled, it will automatically flip all downloaded images 180 degrees. Full source is included.

    Download

  • PDF-View

    PDF View

    This add-on adds a PDF inspector that generates previews of PDF files.

    Download

  • CertMaker-for-iOS-and-Android

    CertMaker for iOS and Android

    iOS devices and Android devices may not work with the default HTTPS interception certificates used by Fiddler. To resolve this incompatibility, you may install a Certificate Generating plugin that generates interception certificates compatible with those platforms.

    Download

  • anyWHERE

    AnyWHERE

    The AnyWHERE extension (40kb) allows you to trivially spoof the responses to browsers' GeoLocation web service queries. It works with IE9, FF4, Chrome and Opera. Full source is included. Note: You must enable HTTPS decryption for this tool to work.

    Download

  • content-blocking

    Content Blocking

    The Content Blocker sample (11kb) is a simple example of using IAutoTamper to block traffic based on URL.

    Download

  • gallery

    Gallery

    The Gallery extension (50kb) displays thumbnails of all images found among the selected Sessions. The Gallery also offers a full-screen slideshow mode with optional image effects.

    Download

  • javascript-formatter

    JavaScript Formatter

    A simple tool for formatting JavaScript (47kb). Right-click on any JavaScript session and choose Make JavaScript Pretty, or use the Rules menu option to do this automatically for all downloaded scripts.

    Download

  • privacy-scanner

    Privacy scanner

    The Privacy Scanner (41kb) extension flags responses that set cookies and color codes based on P3P headers.

    Download

  • SAZ-clipper

    SAZ Clipboard

    The SAZ Clipboard (43Kb) is a simple extension that allows you to open a .SAZ file outside of the main Fiddler UI. You can then drag sessions between this clipboard and the Fiddler UI. This is very useful if you're using the Fiddler Request Builder or AutoResponder features, both of which accept drops of Fiddler sessions for reuse.

    You can drag and drop from the Fiddler session list to the SAZ clipboard form, or load a SAZ directly into it using the button at the bottom. Launch it from the Tools menu. Just drop SazClipboard.dll into your C:\program files\fiddler2\scripts folder and restart Fiddler. Source is provided, so you can update as desired.

    Download

  • windows-8-app-container

    Windows 8 AppContainer Loopback Utility

    Full-screen Windows 8+ ("Metro-style") apps require additional configuration to work with Fiddler. The EnableLoopback Utility allows you to easily reconfigure these apps to work with Fiddler.

    This utility is only useful on Windows 8+ and does not run on earlier versions of Windows. It is already included with Fiddler 4, and you only need to download it if you're using Fiddler version 2. Read more

    Download

  • traffic-differ

    Traffic Differ

    The Differ tab allows you to compare two traffic profiles.

    Download

3rd Party Extensions for Fiddler

This list is provided for informational purposes only, and we make no representations or warranties, expressed, implied or statutory, regarding the items, manufacturers, or compatibility of the items available within. Some of the links below send you to sites that are not under our control. We are not responsible for the contents of any linked site or any link contained in a linked site or any changes or updates to such sites. These links are provided to you only as a convenience, and the inclusion of any link does not imply endorsement by Telerik.

  • WCF-Binary-Encoded-Message-Inspector

    WCF Binary-Encoded Message Inspector

    This inspector allows you to view WCF binary-encoded messages in a TreeView.

    Learn more

  • neXpert-performance-report-generato

    neXpert Performance Report Generator

    iOS devices and Android devices may not work with the default HTTPS interception certificates used by Fiddler. To resolve this incompatibility, you may install a Certificate Generating plugin that generates interception certificates compatible with those platforms.

    Learn more

  • intruder21

    intruder21

    Yamagata21 built this extension which allows fuzzing of web applications.

    Learn more

  • stress-stimulus

    StressStimulus

    StresStimulus is add-on which aids in load-testing of web applications.

    Learn more

  • Smarthost

    Smarthost

    Smarthost makes it possible to configure Remote IP/Host Remapping independently for each client connected to a single Fiddler instance. Coworkers using the same Wi-Fi proxy can develop pages on the same domain, but point to different hosts on each request. Source code is provided.

    Learn more

  • Request-To-Code

    Request-To-Code

    Chad Sowald's extension converts a captured request into the C# or VB.NET code necessary to issue that request.

    Learn more

  • WPAD-Server

    WPAD Server

    Dave Risney wrote the WPAD Server Fiddler extension, which enables capture of traffic from clients that do not offer explicit proxy settings but do use WPAD (this is an obscure scenario).

    Learn more

  • watcher-passive-security-auditor

    Watcher - Passive Security Auditor

    Watcher is runtime passive-analysis tool for Web applications. It detects Web-applicaation security issues as well as operational configuration issues.

    Learn more

  • XML-Request-Inspector

    XML Request Inspector

    Fedor Vlasov has written an XML Request viewer that handles x-www-form-urlencoded XML post bodies.

    Learn more

  • Ammonite---Security-Scanner

    Ammonite - Security Scanner

    Ammonite is a web application security scanner extension for Fiddler. Ammonite detects common vulnerabilities such as SQL injection, OS command injection, cross-site scripting, file inclusion, and buffer overflows. Ammonite includes unique features that make it particularly well suited for penetration testers and security professionals.

    Learn more

  • XML-DataSet-Inspector

    XML DataSet Inspector

    Joris Bijnens has written an XML DataSet Inspector which shows XML data using tabs and grids.

    Learn more

  • Per-Response-Latency-Extension

    Per-Response Latency Extension

    Oscar Brito's extension enables you to specify latency based on regular expressions or exact URLs. Source code is available.

    Learn more

  • EAS-XML-Inspector

    EAS XML Inspector

    The Exchange ActiveSync Inspector for Fiddler provides a human-readable interpretation of the WBXML requests and responses used by Microsoft Outlook and other Exchange clients.

    Learn more

  • html-inspector

    HTML Inspector

    Andy Cross built this cool extension which analyzes the selected HTML response for inefficiencies like large VIEWSTATE blocks.

    Learn more

  • Debug traffic from any geo-location with Geoedge

    Leverage Fiddler and the Geoedge global proxy network to monitor, inspect and debug traffic from over 130 locations. You can access Geoedge’s servers directly within the familiar Fiddler environment and easily switch from one location to another. With Geoedge you get access to:

    • High-performance servers - Fast, unmasked and secure access to web content
    • True geo-located IPs - Servers physically located all over the world
    • Unmatched reliability - 99.9% network uptime

    • Learn more about Geoedge


  • x5s---Automated-XSS-Security-Testing-Assistant

    x5s - Automated XSS Security Testing Assistant

    x5s aims to assist penetration testers in finding cross-site scripting vulnerabilities. Its main goal is to help you identify the hotspots where XSS might occur by:

    • Detecting where safe encodings were not applied to emitted user-inputs
    • Detecting where Unicode character transformations might bypass security filters
    • Detecting where non-shortest UTF-8 encodings might bypass security filters
    Learn more

Next Steps

Download Fiddler Get Fiddler web debugger. It's free.
Ask the community Go to Fiddler forums to get help.
Simulate user load with Fiddler Test Studio load testing powered by Fiddler.