Introduction to Fiddler v4

L

LabZero

Thread author
Hello.

I' d like to introduce this thread about Fiddler v4 (free)

Fiddler captures the HTTP and HTTPS traffic that passes through a browser, in real time, really showing what happens when you open a certain site or saving a history of everything is on the internet.

Fiddler, you can also work on a networked computers by intercepting the traffic, is one of the few programs that also manages to decrypt HTTPS traffic, so as to see clear forms and private information, including passwords, which are sent by the browser.


After installing Fiddler, you can start directly from the start menu and notice how it immediately starts to run and capture the traffic that passes over the internet through the web browser.


Fiddler view internet connections in a table that contains:

-the Protocol can be HTTPS, HTTPS (which is enabled) or FTP.

-The host--the name of the server to which you connect the browser.

-The URL or the path and HTML file required by the server.

-Body, the size, in bytes, of the requested resource.

-The process, namely the program of the PC from which the traffic was generated.


By clicking on one HTTP session in the table, you can see a tab on the right that displays all the details of the traffic for that request.

What is more interesting is to discover, within the various connections listed in real time, what is seen in the clear by the arrest and if, for example, include passwords, investigations on the internet every other text written on a web site.

In Fiddler, you can go to the right section and open the filters tab to display just the connections to certain sites, such as google.it


To enable auditing on HTTPS connections you need to go to Tools-Options and then Fiddler >, HTTPS tab, enable the option decrypt HTTPS.

Is then installed on the browser a fictitious authority certificate Fiddler on which are passed in https communications.

This certificate may give an error message in your browser about its reliability.

To avoid this you must add the certificate to the list of trusted and verified ones.

I will look forward to analyze HTTP traffic generated by the Fake Flash Player (thanks Petrovic) taken from Hub.

https://www.virustotal.com/it/file/...e733d96ae105501d822adcdc3178c7fc87e/analysis/

Cattura2.PNG


(Welcome to Flash Player Download Manager )
When you start installation screen appears and immediately starting Fiddler, we can see in real-time the traffic generated by the installer that leads to a French server.

Cattura.PNG


I note the importance of this software, similar to Wireshark, but more simple and immediate that it's useful for Malware Analysis.

Fiddler v4 : http://www.telerik.com/fiddler
 
Last edited by a moderator:
S

Sr. Normal

Thread author
Not surprise me. You are very good, this tutorial demonstrates it.:)

Looks very interesting , you know if complementary to https everywhere ?

Thank you bring us some very interesting programs:)
 
L

LabZero

Thread author
Not surprise me. You are very good, this tutorial demonstrates it.:)

Looks very interesting , you know if complementary to https everywhere ?

Thank you bring us some very interesting programs:)[/QUOTE

Yes, Fiddler capture and automatically decrypts HTTPS traffic:)
Tools/Options/HTTPS tab
enable decrypt HTTPS.
 
Last edited by a moderator:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top