Security testing

  • Fiddler security add-ons

    Fiddler can help you achieve many security testing goals: Eric Lawrence, the creator of Fiddler, as well as some web security experts have built several robust add-ons that empower even newbies to discover and resolve security issues. Here’s a quick list of these:

    • Watcher – Developed by the Casaba Security team, Watcher observes a browser’s interactions with your site. The tool scans requests and responses, flagging potential security vulnerabilities.
    • x5s – Another add-on from Casaba Security, x5s evaluates your website’s vulnerability to cross-site scripting bugs caused by character-set related issues.
    • intruder21 – This add-on enables fuzz-testing of your web applications. Once your target requests are identified in Fiddler, this extension generates fuzzed payloads and launches them against your site.
    • Ammonite – Detects common website vulnerabilities including SQL injection, OS command injection, cross-site scripting, file inclusion, and buffer overflows.
  • Automate SSL decryption

    With Fiddler it’s up to you to decide which HTTP(s) requests and responses to decrypt and which not. If you have the decryption feature enabled, you can choose the processes which will be automatically decrypted for you. You can select between:

    • All processes
    • Browsers only
    • Non-Browsers
    • Remote clients

    Use the decryption process filter to avoid decrypting traffic that you do not care about—you can exclude such traffic easily using this option.

Next Steps

Download Telerik Fiddler

Get Telerik Fiddler web debugger. It's free.

Explore More Telerik Tools

Recognized by the industry.