Telerik blogs

A new version of Fiddler (2.4.4.5/4.4.4.5) has been released and is now available for download. As always, this new version contains many bugfixes, and introduces both new features and feature enhancements. Read on for more details.

Performance Improvements

Over the past several months, many hidden changes have been made to improve Fiddler’s performance, particularly when dealing with a large number of Sessions.

  • Fiddler startup and shutdown are now faster than ever
  • Fiddler processes Sessions more quickly after it launches
  • Fiddler reuses sockets more intelligently; “primed” sockets are reused first for improved performance
  • Invoking functions in FiddlerScript is now as fast as an equivalent FiddlerExtension built in .NET
  • The Run Filterset now command on the Filters tab is now significantly faster
  • When your session list is large, bulk deleting Sessions takes under 1% of the time it required in prior versions
  • Fiddler now uses slightly less memory and CPU
  • Editing huge responses in the HexView inspector uses far less memory and is much faster
  • Switching the active tab in Fiddler is now up to 100ms faster

While most of these changes are small, the result is a more productive and pleasant debugging experience.

User Interface Tweaks

Fiddler’s UI has continued to evolve to make it simpler to accomplish common tasks.

Session List

Within Fiddler’s Web Sessions list, you can simply Alt+Click within any cell to select all rows that have a matching value in that cell.

AltSelect2

Tap the minus key to strike out any Session, and hit Alt+Minus to select all Sessions that have been struck out.

Minus

Column Customization

The Column customization support first launched in version 2.4.3 has been enhanced. When you display the Customize Columns screen (by right-clicking the column headers and choosing Customize Columns):

image

… the Collections dropdown includes a new option titled Miscellaneous. The Miscellaneous collection includes new datapoints which you may find helpful:

RequestMethod The HTTP Method (e.g. “POST” from the request line.
RequestSize The complete size of the HTTP Request, including headers and body.
RequestBodySize The size of the HTTP body (excluding the preceding headers).
ResponseSize The complete size of the HTTP Response, including headers and body.
ResponseStatusText The “status text” portion of the HTTP response. For instance, for a HTTP/200 response, this column will typically display “OK”.
ResponseStreamed Indicates if the HTTP response was streamed to the client.
SentToGateway Indicates if the request was sent to an upstream gateway proxy.
ClientPipeReuse Indicates if the request was received on a reused connection from the client.
ServerPipeReuse Indicates if the request was sent on a reused connection to the server.
ImageDimensions The width and height of an image response (e.g. 120, 100).
PixelCount The number of pixels contained in an image response (e.g. 12000).
AspectRatio The aspect ratio of an image  response (e.g. 1.20).

 

Options Dialog

The enhanced Fiddler Options dialog, accessed from the Tools menu, exposes several settings which were previously hidden.

First, the new Gateway tab allows you to easily configure how Fiddler accesses the Internet. By default, Fiddler will continue to adopt the Internet Explorer proxy settings on startup, but if you’d like, you can configure Fiddler to autodetect a proxy, use a specific proxy, or use no proxy at all. If your needs are more complicated, you can continue to use FiddlerScript to adjust the bBypassGateway property on the Session object, or set its X-OverrideGateway flag.

image

The Enable high-resolution timers checkbox on the General tab enables you to configure Fiddler to instruct Windows to use timers with 1 millisecond resolution, instead of the default 15.6 millisecond resolution. While this option improves the accuracy of timestamps recorded by Fiddler, the use of higher-frequency timers decreases mobile PCs’ battery life, so this option remains off by default.

Timeline Tab

I’ve made several minor tweaks to the Timeline tab. You can now Shift+Click on any entry in the waterfall to inspect the selected Session in a new window. Clicking the title text now opens a context menu that permits changing the display mode and other options.

 image

Automatic Authentication with Kerberos

Fiddler’s Composer tab has the option to automatically authenticate to servers and the X-AutoAuth Session Flag can similarly be used to handle authentication to secure servers when the Extended Protection / Channel Binding Tokens feature is in use. However, we recently discovered that in many cases Kerberos Authentication wasn’t happening properly due to a failure to correctly set the Subject Principal Name (SPN) when constructing the Kerberos ticket request. This bug went undiscovered for a long time because Kerberos authentication usually takes place inside a Negotiate protocol that falls back to NTLM upon failure

This bug is now fixed, and Fiddler should now correctly authenticate using Kerberos, where possible.

If you find that you need to configure Kerberos authentication behavior, new Preferences are available. The fiddler.auth.SPNIncludesPort boolean preference defaults to False. When set to True, the SPN will include the port of the target service (if it’s not 80 or 443). The fiddler.auth.SPNMode integer controls how Fiddler constructs the SPN; the following values are supported:

  • 0 Disable setting of SPN
  • 1 – Use hostname from the URL as the SPN target
  • 2 – Use the target server’s canonical name as the SPN target, if the hostname is dotless; otherwise use the hostname from the URL
  • 3 – (Default) Use the target server’s canonical name as the SPN target

Option #2 matches the .NET Framework’s default behavior, while Option #3 matches Firefox and Chrome behavior. (Internet Explorer’s behavior is controlled by several registry keys and downloadable hotfixes).

If your SPN-setting needs are more complicated, you can also manually specify the SPN used in automatic authentication by specifying the SPN by setting the Session’s X-AutoAuth-SPN flag.

WebSockets

Fiddler’s HTML5 WebSockets support continues to grow; Fiddler extensions can now capture and manipulate WebSocket messages by handling the FiddlerApplication.OnWebSocketMessage event.

In preparation for a full-featured WebSockets UI, Fiddler no longer spews WebSocket messages to the Log tab. If you’d like to re-enable that behavior until the full UI is available, you can do so using FiddlerScript. Simply click Rules > Customize Rules and add the following function inside your Handlers class.

  static function OnWebSocketMessage(oMsg: WebSocketMessage) {

    // Log Message to the LOG tab
    FiddlerApplication.Log.LogString(oMsg.ToString());

    /*
    // Modify a message's content
    var sPayload = oMsg.PayloadAsString();
    if (sPayload.Contains("time")) {
        oMsg.SetPayload(sPayload + "... bazinga!");
    }
                           
    */
  }

Simplified Scripting

In some FiddlerScripting scenarios, it’s useful to create new sets of HTTP headers.

This is now easier than ever with new constructor overloads for the HTTPRequestHeaders and HTTPResponseHeaders objects.

  var oRQH: HTTPRequestHeaders = new HTTPRequestHeaders("/clipboard.json", ['Host: localhost']);
  var oRPH: HTTPResponseHeaders = new HTTPResponseHeaders(200, ['Content-Type: application/json, 'Custom: 1234']);

You can use these methods when generating new requests or responses, or if you want to add mock sessions to the Web Sessions list. For instance, the following function allows you to Paste JSON from your clipboard into Fiddler as a new well-formed Web Session, ready for display by the JSON inspector:

function doJSON() {
  var oRQH: HTTPRequestHeaders = new HTTPRequestHeaders("/clipboard.json", ['Host: localhost']);
  var oRPH: HTTPResponseHeaders = new HTTPResponseHeaders(200, ['Content-Type: application/json', 'Custom: 1234']);

  var oS: Fiddler.Session =
      FiddlerApplication.UI.AddMockSession(oRQH, null, oRPH,
      System.Text.Encoding.UTF8.GetBytes(Clipboard.GetText()));

  oS.oFlags["x-Builder-Inspect"] = "true";
  oS.oFlags["x-unlocked"] = "true";
}

The new oProxy.SendRequestAndWait method makes it simple to send requests in a blocking manner.

Additionally, a new RequestMethod property was added to the Session object (to avoid having to type oSession.oRequest.headers.HTTPMethod).

Fiddler Extension developers can now more easily debug their Inspector objects; Fiddler now loads Inspectors from the \Documents\Fiddler2\Inspectors path in addition to the path under \Program Files\.

ImageView Tools

As I announced back in January, Fiddler’s ImageView Inspector is now more powerful than ever, and with the latest Fiddler update, it can be extended to interoperate with other tools. You can easily use the Inspector’s context menu to send images to other applications for deeper analysis, optimization, or other processing:

image

To populate the Tools menu, create a registry key named ImagesMenuExt and under it add a subkey naming your tool. Provide Command, Parameters, and optionally Types keys that specify how to launch the tool and for which types it is relevant.

image

 

Keyboard Enhancements

Fiddler was developed by a keyboard lover, and I remain dedicated to ensuring that Fiddler can be quickly and efficiently driven by keyboard input.

QuickExec Enhancements

The QuickExec box under Fiddler’s Web Sessions list is one of Fiddler’s most-powerful and most-overlooked features. This feature was significantly updated in this release, including enhanced AutoComplete. You can type a partial command and use the up and down arrow keys to scroll between matching commands in your history, or hit ALT+L to list all matches in a menu. The Tab and Shift+Tab keystrokes allow you to quickly navigate between text in the box, and SmartPaste allows you to easily paste file paths (hit CTRL+C on any file in Windows Explorer) to the box.

New commands added to QuickExec include:

  • !dns targethost
  • !ping targethost
  • about:connectoids

Hotkey Support

Fiddler now permits you to register systemwide hotkeys that invoke specific QuickExec commands. For instance, edit your FiddlerScript’s Main function to add the following:

FiddlerApplication.UI.RegisterCustomHotkey(HotkeyModifiers.Windows, Keys.G, "screenshot");

…and add the following block to the OnExecAction’s switch statement:

      case "screenshot":
    FiddlerApplication.UI.actCaptureScreenshot(false);             
    return true;

After making these changes, hitting Win+G anywhere in Windows should add a capture of the screen to the Fiddler Web Sessions list.  

FiddlerCore

Along with the main Fiddler-release, I’ve also released a long-awaited update to FiddlerCore.

FiddlerCore is a .NET Class Library that you can integrate into your applications. It provides the full power of Fiddler without any of the user-interface. This update fixes many significant issues (including nearly 12 months worth of bugfixes), as well as introduces new features like a handy Tag property on the Session object. The release introduces new support terms, including a fully-supported commercial license available from Telerik. You can grab the latest bits from the FiddlerCore homepage.

 

I hope you find these updates helpful!

-Eric


About the Author

Eric Lawrence

(@ericlaw) has built websites and web client software since the mid-1990s. After over a decade of working on the web for Microsoft, Eric joined Telerik in October 2012 to enhance the Fiddler Web Debugger on a full-time basis. With his recent move to Austin, Texas, Eric has now lived in the American South, North, West, and East.

Comments

Comments are disabled in preview mode.