November 19, 2013, 12:00 AM — Debugging and analyzing web traffic is hard. Fiddler makes the process much easier by giving you deep insight into HTTP/HTTPS traffic. This complete set of web debugging tools can expose redirect issues, boost site performance, and improve app security - all for free.
It happens frequently. Someone will message me perplexed about what is going on with a website or web application. After a quick sanity check by looking directly in a web browser, my next step is always the same - fire up Fiddler.
Fiddler works by acting as a proxy for all HTTP(s) network traffic on whatever machine it’s running on. This means that before any HTTP traffic is transmitted or received, it first must pass through fiddler where the traffic is recorded and analyzed.
You can open Fiddler and start capturing traffic, then open a web browser and navigate to a page or action you’d like to inspect. Fiddler will record everything that happens and you can set breakpoints or pause traffic collection at will. You can then dig deep into the metrics the tool provides and gain an incredible amount of detail. If the level of detail becomes overwhelming, simply filter the session data down to exactly what you’re looking for.
I’ve found Fiddler invaluable for a variety of scenarios but a common use is identifying rogue redirects in the web traffic that can cause unexpected results. With Fiddler you can readily see these redirects taking place in the traffic log and trace them back to their origin.
In more advanced use cases, you can use Fiddler to intercept and manipulate web sessions. You can compose and submit HTTP requests manually. You can even decrypt gzip compression and SSL traffic! This makes Fiddler a powerful security testing program as well as a helpful debugger.
If all of that wasn’t enough, Fiddler is also a capable web performance profiling tool. You can use the program to generate a timeline of the request/response duration of each session and chart them in a waterfall diagram. You can view the Statistics tab to get the overall counters on a full request at a glance. Further, you can set parameters to flag bottlenecks in the request life-cycle, such as a response containing over 25KB of data.