The Show Image Bloat extension scans GIF, JPEG and PNG image files for unnecessary embedded metadata. This data, often an artifact of the editing process, bloats the file's size and slows down your site. Images containing bloat will be obscured with a "brick wall" based on the percentage of the file size that is junk.
You can learn more about the extension in this blog post.
Full-screen Windows 8+ ("Metro-style") apps require additional configuration to work with Fiddler. The EnableLoopback Utility allows you to easily reconfigure these apps to work with Fiddler.
This utility is only useful on Windows 8+ and does not run on earlier versions of Windows. It is already included with Fiddler 4, and you only need to download it if you're using Fiddler version 2. Read moreDownload
The Differ tab allows you to compare two traffic profiles.Download
The Privacy Scanner (41kb) extension flags responses that set cookies and color codes based on P3P headers.Download
This add-on adds a PDF inspector that generates previews of PDF files.Download
The Image Flipper sample is a simple example of using a Fiddler extension to manipulate responses. When enabled, it will automatically flip all downloaded images 180 degrees. Full source is included.Download
The Gallery extension (50kb) displays thumbnails of all images found among the selected Sessions. The Gallery also offers a full-screen slideshow mode with optional image effects.Download
The Content Blocker sample (11kb) is a simple example of using IAutoTamper to block traffic based on URL.Download
iOS devices and Android devices may not work with the default HTTPS interception certificates used by Fiddler. To resolve this incompatibility, you may install a Certificate Generating plugin that generates interception certificates compatible with those platforms.Download
The AnyWHERE extension (40kb) allows you to trivially spoof the responses to browsers' GeoLocation web service queries. It works with IE9+, FF4, Chrome and Opera. Full source is included. Note: You must enable HTTPS decryption for this addon to work.
This package contains the three most valuable extensions for Fiddler.
These add-ons display markup with syntax-highlighting:
These are included in latest version of Fiddler and not available as a separate download any more.
This list is provided for informational purposes only, and we make no representations or warranties, expressed, implied or statutory, regarding the items, manufacturers, or compatibility of the items available within. Some of the links below send you to sites that are not under our control. We are not responsible for the contents of any linked site or any link contained in a linked site or any changes or updates to such sites. These links are provided to you only as a convenience, and the inclusion of any link does not imply endorsement by Progress.
x5s aims to assist penetration testers in finding cross-site scripting vulnerabilities. Its main goal is to help you identify the hotspots where XSS might occur by:
neXpert is a Fiddler add-on which helps identify common web performance issues.Learn more
Yamagata21 built this extension which allows fuzzing of web applications.Learn more
StressStimulus is add-on which aids in load-testing of web applications.Learn more
Smarthost makes it possible to configure Remote IP/Host Remapping independently for each client connected to a single Fiddler instance. Coworkers using the same Wi-Fi proxy can develop pages on the same domain, but point to different hosts on each request. Source code is provided.Learn more
MockingBird is a Fiddler extension to transform HTTP requests to another format.
There are lots of reason you might need to debug a HTTP/HTTPs request(s), be it try to recreate a issue and narrow-down the problem in your favorite language editor or compare contents between different request(s) etc. MockingBird is a Progress Telerik FiddlerTM extension to transform a Fiddler's HTTP/HTTPs session to any other format you want e.g. you can generate Java, C#.net or any other language code from selected requests you want to troubleshoot issues for and use the output code in your favourite IDE. It's not limited to just code and can be used to create any format as long as you can create a Mustache template for it e.g. you can create a csv file with selected HTTP request to perform a functional or load test in SOAP UI or JMeter.Learn more
Chad Sowald's extension converts a captured request into the C# or VB.NET code necessary to issue that request.Learn more
Dave Risney wrote the WPAD Server Fiddler extension, which enables capture of traffic from clients that do not offer explicit proxy settings but do use WPAD (this is an obscure scenario).Learn more
Watcher is runtime passive-analysis tool for Web applications. It detects Web-application security issues as well as operational configuration issues.Learn more
Fedor Vlasov has written an XML Request viewer that handles x-www-form-urlencoded XML post bodies.Learn more
Ammonite is a web application security scanner extension for Fiddler. Ammonite detects common vulnerabilities such as SQL injection, OS command injection, cross-site scripting, file inclusion, and buffer overflows. Ammonite includes unique features that make it particularly well suited for penetration testers and security professionals.Learn more
Joris Bijnens has written an XML DataSet Inspector which shows XML data using tabs and grids.Learn more
Oscar Brito's extension enables you to specify latency based on regular expressions or exact URLs. Source code is available.Learn more
The Exchange ActiveSync Inspector for Fiddler provides a human-readable interpretation of the WBXML requests and responses used by Microsoft Outlook and other Exchange clients.Learn more
This inspector allows you to view WCF binary-encoded messages in a TreeView.Learn more
Sometimes developers need to compare different requests from clients and test environments, or between different customers—which can be challenging.
MicroTesting Tools attempt to solve this problem by offering extensions for Fiddler that aid comparisons between requests and responses like XML, POSTS and GET and JSON. Users will be able to find the exact differences and easily visualize them. Testers will be able to find bugs very quickly by just comparing the sessions and finding the differences between the snapshots.Learn more
Netopsy is an app for viewing network traces (SAZ files) created by the Fiddler web debugging proxy.
Compressibility is a new Fiddler 4 add-on which allows you to easily find opportunities for compression savings across your entire site. Each resource dropped on the compressibility tab is recompressed using several compression algorithms and formats, and the resulting file sizes are recorded.
Client certificates are a commonly used authentication mechanism for server to server calls. Setting up client certificates in Fiddler requires you to export the certificate from the local certificate store. Determining which client certificate is set requires locating the file and inspecting the certificate details. Fiddler Client Certificate Select is a Fiddler extension designed to allow users to select certificates directly from their certificate store for use with Fiddler.Learn more
Fiddler add-on to cache API responses based on rules. Useful when working with rate limited APIs or heavy/slow API responses that take up a good amount of time during development.