fiddler-hero

Fiddler

Fiddler Add-ons

Extensions for Fiddler

Brick walls showing obscured images

Show Image Bloat

The Show Image Bloat extension scans GIF, JPEG and PNG image files for unnecessary embedded metadata. This data, often an artifact of the editing process, bloats the file's size and slows down your site. Images containing bloat will be obscured with a "brick wall" based on the percentage of the file size that is junk.

You can learn more about the extension in this blog post
 
Download

windows-8-app-container

Windows 8 AppContainer Loopback Utility

Full-screen Windows 8+ ("Metro-style") apps require additional configuration to work with Fiddler. The EnableLoopback Utility allows you to easily reconfigure these apps to work with Fiddler.

This utility is only useful on Windows 8+ and does not run on earlier versions of Windows. It is already included with Fiddler 4, and you only need to download it if you're using Fiddler version 2. Read more

Download

traffic-differ

Traffic Differ

The Differ tab allows you to compare two traffic profiles.

Download

privacy-scanner

Privacy scanner

The Privacy Scanner (41kb) extension flags responses that set cookies and color codes based on P3P headers.

Download

PDF-View

PDF View

This add-on adds a PDF inspector that generates previews of PDF files.

Download

javascript-formatter

JavaScript Formatter

A simple tool for formatting JavaScript (47kb). Right-click on any JavaScript session and choose Make JavaScript Pretty, or use the Rules menu option to do this automatically for all downloaded scripts.

Download

image-flipper

Image-Flipper

The Image Flipper sample is a simple example of using a Fiddler extension to manipulate responses. When enabled, it will automatically flip all downloaded images 180 degrees. Full source is included.

Download

gallery

Gallery

The Gallery extension (50kb) displays thumbnails of all images found among the selected Sessions. The Gallery also offers a full-screen slideshow mode with optional image effects.

Download

content-blocking

Content Blocking

The Content Blocker sample (11kb) is a simple example of using IAutoTamper to block traffic based on URL.

Download

CertMaker-for-iOS-and-Android

CertMaker for iOS and Android

iOS devices and Android devices may not work with the default HTTPS interception certificates used by Fiddler. To resolve this incompatibility, you may install a Certificate Generating plugin that generates interception certificates compatible with those platforms.

Download

anyWHERE

AnyWHERE

The AnyWHERE extension (40kb) allows you to trivially spoof the responses to browsers' GeoLocation web service queries. It works with IE9+, FF4, Chrome and Opera. Full source is included. Note: You must enable HTTPS decryption for this addon to work.

Download

3-Syntax-Highlighting-Add-Ons

Syntax-Highlighting Add-Ons

This package contains the three most valuable extensions for Fiddler.
These add-ons display markup with syntax-highlighting:

  • The SyntaxView Inspector offers syntax-highlighting for HTML, JavaScript, CSS, XML and other web formats.
  • The RulesTab2 extension is a powerful way to edit your FiddlerScript Rules directly within Fiddler.
  • The FiddlerScript Editor is a standalone text editor that helps you edit rules for Fiddler. It offers syntax highlighting and a Class Explorer to help you author scripts.

These are included in latest version of Fiddler and not available as a separate download any more.

Third Party Extensions for Fiddler

This list is provided for informational purposes only, and we make no representations or warranties, expressed, implied or statutory, regarding the items, manufacturers, or compatibility of the items available within. Some of the links below send you to sites that are not under our control. We are not responsible for the contents of any linked site or any link contained in a linked site or any changes or updates to such sites. These links are provided to you only as a convenience, and the inclusion of any link does not imply endorsement by Progress.

x5s---Automated-XSS-Security-Testing-Assistant

x5s - Automated XSS Security Testing Assistant

x5s aims to assist penetration testers in finding cross-site scripting vulnerabilities. Its main goal is to help you identify the hotspots where XSS might occur by:

  • Detecting where safe encodings were not applied to emitted user-inputs
  • Detecting where Unicode character transformations might bypass security filters
  • Detecting where non-shortest UTF-8 encodings might bypass security filters
Learn more

neXpert-performance-report-generato

neXpert Performance Report Generator

neXpert is a Fiddler add-on which helps identify common web performance issues.

Learn more

intruder21

intruder21

Yamagata21 built this extension which allows fuzzing of web applications.

Learn more

stress-stimulus

StressStimulus

StressStimulus is add-on which aids in load-testing of web applications.

Learn more

Smarthost

Smarthost

Smarthost makes it possible to configure Remote IP/Host Remapping independently for each client connected to a single Fiddler instance. Coworkers using the same Wi-Fi proxy can develop pages on the same domain, but point to different hosts on each request. Source code is provided.

Learn more

MockingBird

MockingBird

MockingBird is a Fiddler extension to transform HTTP requests to another format.

There are lots of reason you might need to debug a HTTP/HTTPs request(s), be it try to recreate a issue and narrow-down the problem in your favorite language editor or compare contents between different request(s) etc. MockingBird is a Progress Telerik FiddlerTM extension to transform a Fiddler's HTTP/HTTPs session to any other format you want e.g. you can generate Java, C#.net or any other language code from selected requests you want to troubleshoot issues for and use the output code in your favourite IDE. It's not limited to just code and can be used to create any format as long as you can create a Mustache template for it e.g. you can create a csv file with selected HTTP request to perform a functional or load test in SOAP UI or JMeter.

Learn more

Request-To-Code

Request-To-Code

Chad Sowald's extension converts a captured request into the C# or VB.NET code necessary to issue that request.

Learn more

WPAD-Server

WPAD Server

Dave Risney wrote the WPAD Server Fiddler extension, which enables capture of traffic from clients that do not offer explicit proxy settings but do use WPAD (this is an obscure scenario).

Learn more

watcher-passive-security-auditor

Watcher - Passive Security Auditor

Watcher is runtime passive-analysis tool for Web applications. It detects Web-application security issues as well as operational configuration issues.

Learn more

XML-Request-Inspector

XML Request Inspector

Fedor Vlasov has written an XML Request viewer that handles x-www-form-urlencoded XML post bodies.

Learn more

Ammonite---Security-Scanner

Ammonite - Security Scanner

Ammonite is a web application security scanner extension for Fiddler. Ammonite detects common vulnerabilities such as SQL injection, OS command injection, cross-site scripting, file inclusion, and buffer overflows. Ammonite includes unique features that make it particularly well suited for penetration testers and security professionals.

Learn more

XML-DataSet-Inspector

XML DataSet Inspector

Joris Bijnens has written an XML DataSet Inspector which shows XML data using tabs and grids.

Learn more

Per-Response-Latency-Extension

Per-Response Latency Extension

Oscar Brito's extension enables you to specify latency based on regular expressions or exact URLs. Source code is available.

Learn more

EAS-XML-Inspector

EAS XML Inspector

The Exchange ActiveSync Inspector for Fiddler provides a human-readable interpretation of the WBXML requests and responses used by Microsoft Outlook and other Exchange clients.

Learn more

WCF-Binary-Encoded-Message-Inspector

WCF Binary-Encoded Message Inspector

This inspector allows you to view WCF binary-encoded messages in a TreeView.

Learn more

x5s---Automated-XSS-Security-Testing-Assistant

Content Security Policy Generator

Content Security Policy declarations help protect your website from XSS attacks. Generating a CSP that protects your site without breaking things can be tricky, but this Fiddler4 extension makes it easy.

Learn more

XML-DataSet-Inspector

Fast Infoset Inspector

The Fast Infoset Inspector provided by Noemax Technologies allows you to view request and response messages encoded using the Fast Infoset format.
 
Download

XML-DataSet-Inspector

MsgPackViewer

The MsgPackViewer Inspector enables you to to view data in the ‚ÄčMessagePack format.

Learn more

XML-DataSet-Inspector

certInspector

The Certificate Inspector addon enables you to view the server's HTTPS certificate chain and simplifies the task of assigning HPKP directives.

Learn more

Fiddler_add_ons_image

Microtest Tools Compare

Sometimes developers need to compare different requests from clients and test environments, or between different customers—which can be challenging.

MicroTesting Tools attempt to solve this problem by offering extensions for Fiddler that aid comparisons between requests and responses like XML, POSTS and GET and JSON. Users will be able to find the exact differences and easily visualize them. Testers will be able to find bugs very quickly by just comparing the sessions and finding the differences between the snapshots.

Learn more

Netopsy

Netopsy

Netopsy is an app for viewing network traces (SAZ files) created by the Fiddler web debugging proxy.

  • Quickly open an archive and zero in on failed sessions
  • View requests and responses in multiple formats to debug issues at various levels of your stack
  • Use multiple documents for comparing sessions from multiple users.
  • Open large archives with thousands of recorded sessions
Learn more

Fiddler Client Certificate Select

Fiddler Client Certificate Select

Client certificates are a commonly used authentication mechanism for server to server calls. Setting up client certificates in Fiddler requires you to export the certificate from the local certificate store. Determining which client certificate is set requires locating the file and inspecting the certificate details. Fiddler Client Certificate Select is a Fiddler extension designed to allow users to select certificates directly from their certificate store for use with Fiddler.

Learn more

Compressibility

Compressibility

Compressibility is a new Fiddler 4 add-on which allows you to easily find opportunities for compression savings across your entire site. Each resource dropped on the compressibility tab is recompressed using several compression algorithms and formats, and the resulting file sizes are recorded.

Learn more

ConfigureNitroCacher

Nitro Cacher

Fiddler add-on to cache API responses based on rules. Useful when working with rate limited APIs or heavy/slow API responses that take up a good amount of time during development.

Learn more

Background-NextSteps

Next Steps?

Download Now

Get Telerik Fiddler web debugger. It's free.

Explore More Telerik Tools

Recognized by the industry.