If you’ve ever wanted to see exactly what your web browser was sending and receiving, there are plenty of programs out there that can help you out. The reasons you might want to see that kind of information may vary: maybe you’re debugging an in-browser flash app; or perhaps you want to see what HTTP headers a web server responds with; or maybe you even want to try some fuzzing to test the security of a web app. In any case, having the ability to pull back the curtain and see what your browser is doing behind the scenes can be useful.

One particular program that does this well is Fiddler. It acts as a local proxy– simply point your browser’s proxy URI at Fiddler’s local open port and it’ll act as the chatty middleman, telling you everything that the browser is doing. With plenty of options and filters to play with, Fiddler can be configured to only interfere with certain user-defined connections or to capture them all.  But perhaps the most useful feature is the ability to edit data on the fly before it gets sent (hence the name Fiddler… you can “fiddle” with stuff). This goes a step beyond Firefox’s TamperData add-on. Fiddler will let you edit everything from headers to POST and GET variables. It will even let you edit the binary data of a MIME-encoded form submission… in hex.

Fiddler is thorough.

Each Thursday, Security Musings features a security-related technology or tool. Featured items do not imply a recommendation by Gemini Security Solutions. For more information about how Gemini Security Solutions can help you solve your security issues, contact us!

This entry was posted on Thursday, April 23rd, 2009 at 10:50 pm by Nick Staples and is filed under Technology & Tool Thursday. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.