Fiddler

Fiddler is a web debugging proxy that logs all HTTP(S) traffic between a computer and the internet. It operates as an intermediary, enabling users to inspect traffic, set breakpoints, and modify incoming or outgoing data. The program captures traffic from any application that uses HTTP, including web browsers, desktop applications, and system services. It employs man-in-the-middle interception using self-signed certificates to decrypt HTTPS traffic and expose its contents for detailed analysis.

★★★★★

5.0(1 ratings)

• System proxy capture. Upon startup, Fiddler automatically registers itself as the system proxy in the operating system. This redirects all HTTP/HTTPS traffic from applications that honor the system's proxy settings through Fiddler, enabling capture without manual configuration of each application. The interception functions at the protocol level, operating as a local proxy server on port 8888 by default.
• HTTP/HTTPS session inspection. The main interface displays a real-time list of all web sessions (requests and responses). Each entry includes the HTTP method (GET, POST, etc.), the URL, the status code (200, 404, 500), the protocol, and the size. Selecting a session allows examination of the exact headers sent and received in separate panels, as well as the request and response body in raw, hex, or interpreted format (JSON, XML, image, etc.).
• Traffic filtering. The filters panel enables reduction of the displayed session volume through configurable rules. Filtering can be applied by content type (images, scripts, CSS), port range, server IP address, hostname, HTTP status code, or via custom expressions based on free text within headers or the body. This isolates traffic relevant to a specific debugging task.
• Traffic modification (AutoResponder). The AutoResponder feature allows creation of rules to return custom responses without contacting the server. Captured sessions can be dragged into the rule list, defining a local file or text string as the response. This functionality is utilized for testing error scenarios, simulating offline APIs, or modifying web application behavior in real time.
• Breakpoints. Fiddler can set breakpoints on specific rules, halting traffic before the request is sent to the server (before request) or before the response reaches the client (before response). When a breakpoint triggers, Fiddler permits manual editing of any part of the request or response headers and body. After modification, the flow can be resumed to observe the effect of the changes.
• Composer. The Composer tool enables construction and transmission of custom HTTP requests from scratch. The method, URL, headers, and request body can be specified. Fiddler sends the request and displays the server response in real time. This functionality is employed for testing RESTful APIs or for replaying and modifying previously captured requests to analyze specific server behaviors.
• Performance analysis (Statistics). The statistics panel provides quantitative metrics for selected sessions. It displays total transaction time, DNS resolution time, TCP connection time, request send time, response wait time (latency), and receive time. Timeline visualizations are also provided, illustrating the sequence and duration of each communication phase.
• Decrypted HTTPS traffic inspection. Fiddler acts as a root certificate authority, generating certificates in real time. When a client establishes an HTTPS connection, Fiddler presents a certificate signed by its own root CA. This enables traffic decryption, inspection of encrypted communication content, and re-encryption for forwarding to the original destination. The user must trust the Fiddler root certificate in the operating system to avoid security warnings.
• Scripting extension system (FiddlerScript). Fiddler incorporates a scripting engine based on .NET (JScript .NET) allowing low-level modification of proxy behavior. Through scripts, complex filtering rules can be created, headers automatically modified, custom statistics logged, specific domains blocked, or traffic altered based on programmatic conditions. The script executes for each session and has full access to the Fiddler object model.
• Session export and import. Captured sessions can be saved to files in .saz format (Fiddler Archive). This format compresses all sessions and their metadata into a ZIP archive, including complete requests and responses. These sessions can be reopened later in Fiddler for offline analysis without network connectivity. Export to standard formats such as HTTPArchive (.har) is also available for use with other analysis tools.
• Remote device traffic inspection. Fiddler can function as a proxy for other devices on the same network, including mobile phones, tablets, or game consoles. By manually configuring the IP address of the machine running Fiddler as the proxy on the remote device, and ensuring the Fiddler root certificate is installed on that device, traffic generated by mobile applications or IoT devices can be captured, inspected, and modified.
• Extensibility via add-ons. Fiddler functionality can be extended through add-ons developed in any .NET language. Add-ons exist for visualizing specific formats (e.g., image viewers, JSON, AMF), for integrating Fiddler with other tools (such as Visual Studio), or for adding new analysis capabilities, including load generators or security validators.

Fiddler development was initiated by Eric Lawrence in 2003 while working at Microsoft. The first public release occurred in October 2003. It was originally created as an internal tool to facilitate web application debugging during his work on the Internet Explorer team. The program is written in C# and utilizes the .NET Framework. In 2012, the project was transferred to Telerik (subsequently acquired by Progress Software), which continued its development and distribution as freeware with an additional commercial version named Fiddler Everywhere.

Alternatives to Fiddler:

Charles

Charles is a web proxy that runs on your own computer, recording and displaying all data sent between your browser or client application and remote servers.

Price: $50   Size: 65.8 MB   Version: 5.0.3   OS: Windows, Linux, MacOS