DEV Community

Cover image for Network Sniffing with Fiddler
Kim Arnett 
Kim Arnett 

Posted on

Network Sniffing with Fiddler

Now and then when you encounter a problem, you have to put on your Hacker hoodie and just go for it. That's how I discovered some of the debugging capabilities of Fiddler.

As an iOS developer - it's difficult to capture the network calls your app is making to determine why weird things are happening. After you've determined it's not your code, the next step is determining where it's coming from. Enter network sniffing.

Fiddler is a free HTTP proxy server application. Translated to English: Fiddler is an application that you can hook up your device to (through a proxy) and watch the network traffic go back and forth. There are other tools out there, like Charles for Mac, but today we're discussing Fiddler.

First, download Fiddler on your PC.

Configuration

You'll need to do some configuration to connect another device to the proxy.

  1. Click Tools -> Fiddler Options -> Connections
    Select the checkbox for Allow remote computers to connect

  2. For HTTPS connections, click on the HTTPS tab under Fiddler Options.
    Select the checkbox for Capture HTTPS CONNECTs, and the Decrypt HTTPS traffic checkbox.

You'll have to initiate the SSL Certificate for Fiddler too.
Click Actions -> Trust Root Certificate

  1. Click OK

  2. Restart Fiddler. After any changes, you must restart Fiddler.

Note: You may have to enable Fiddler to go through the firewall.

Connection Info

On the right side of the Fiddler window, you'll see an "Online" status. If you don't - please refer to Telerik's documentation. It's great!
If you hover over your online status, you'll see the IP address at the bottom of the window. That's the IP address you'll need for the next step.

Device Setup

  1. Go to your device's network settings, and enable a proxy.

  2. For server, enter the IP Address from Fiddler.

  3. For port, enter "8888" (or whatever is in the Fiddler Options -> Connections menu.)

  4. For HTTPS:
    Go to a web browser and enter "[IPADDRESS]:8888"
    You should see a "Fiddler Echo Service" page.
    Download the FiddlerRoot certificate
    Install & Trust the certificate

Note: It's recommended to delete the certificate when you're finished

Ta-Da!

You should now be all set to go.
Now you can capture detailed network traffic, requests and responses, and figure out where things are going awry. Use your powers for good and not evil.

Originally posted on KaydaCode

Top comments (4)

Collapse
 
ben profile image
Ben Halpern

I think this is a layer of the stack that application developers often find unapproachable, or not for them. But it's pretty straightforward once you get to know the tools, thanks for the post, Kim.

Collapse
 
craser profile image
Grumpy and

I started using Fiddler a few years back, and a debugging proxy of some kind has been in my toolkit ever since. (On macOS I use Charles.) Of all the tools I've picked up over the years, Fiddler & Charles have generated by far the most "Woah! How did you do that?" reactions.

Fiddler is one of those tools that once you use it for a while, and see what it can do, you'll never want to be without it.

Collapse
 
kaydacode profile image
Kim Arnett 

Definitely agree - I was extremely intimidated to get started with it, but now that I feel comfortable enough to get started, I have been able to do so much with it! I didn't include it in the article, but once I needed to replicate the API calls of an app that was no longer supported. The team didn't know any of the calls and had no documentation. So, I used Fiddler to sniff the traffic, find the calls, parameters being passed, and essentially reversed engineered the documentation. :)
I haven't tried Charles yet, but I've also heard good things.

Collapse
 
craser profile image
Grumpy and

Yep, that's pretty much the killer scenario for Fiddler. And I think if you wrote up that experience it would make a great article here. Kind of a "Level 2" after folks have had a chance to play around a bit and get used to Fiddler.

I just wish it was a little easier to get started. I've had several colleagues get excited when they see what it can do, but then give up when they see how fiddly the initial setup can be. I hope your article gets more people interested in getting past that first step!