Thread Contributor: ubersakiSetting up Fiddler for sniffing traffic and basic usage
#1
In this tutorial, we will be setting up Fiddler so we can start catching/reading/seeing the traffic flowing through your device(s). This has many applications including to (but not limited to) product development, application testing, sniffing traffic for hacking or snooping along with much more. I personally use this to help me hack websites, servers, and sniffing traffic from my android devices... for more hacking. At the end of this tutorial, I will show some basic usage aswell. I will also be linking to this tutorial in some of my upcoming tutorials, as this will play an important role in them.

Installation:
Installing Fiddler is super easy and takes 2 minutes. There is very little you have to do to actually get it running and working properly. So with that said, lets begin!

First, we download fiddler from https://www.telerik.com/download/fiddler and install it.

Next we will open fiddler and configure it to catch our traffic (including decrypting HTTPS). Start by opening the options (Tools > Fiddler Options).

When the options dialog pops up, we start in the HTTPS tab. You have to make sure the "Decrypt HTTPS traffic" is checked. Should look like this 

[Image: 02TTTnJ.png]

That should pop up the following image which says it generate a unique root certificate to use, on this popup, you want to click YES. Then another pops up, click yes (its basically saying the same thing.). Then your UAC (for windows) will probably want you to hit yes to do this as admin.. so hit yes. then on the trust certificat box that comes up, hit yes once more. It tells you its been added and you hit OK.

heres what it looks like

[Image: gvYZe27.png]

[Image: 109w2wI.png]

[Image: r0Bdhsy.png]

Next we go to the "Connections" tab. On this screen, you need to make sure the "Allow remote computers to connect" is check and looks like the following

[Image: UuqtoCp.png]

Then it will bring up the following popup.. hit ok and then restart fiddler.

[Image: WMcc7UK.png]

when you restart Fiddler, you will probably get the following popup.. just hit cancel to disable the warning from popping up more, its not important anyway.

[Image: TMwZHQF.png]

Now, your fiddler is ready for use. Keep reading for some basics on using it.


Basic Usage:

Ok, so now we have Fiddler set up and ready to go... what the hell do you do with it though? Monitor that traffic!

So the initial screen, you will see is split in 2 panes. On the left, you have your requests, which shows the URL, host, length of request data, protocol, and the code the page sends back (200=good, 404=not found, etc.). On the right, you can see statistics and composer and the most important tab, INSPECTORS (where we see our post and get requests, response, headers, etc..) and this is also split, top and bottom. The bottom is our response from the server, the top is the sending of the request.

[Image: Q7kmHIv.png]

**NOTE** if you look in my image, you will see where it says "download syntax view"... this is recommended, but not a must so I leave this up to you. I personally from this point will install it.

So, just to play around with it and get used to it... lets try out a website. lets head over to CNN.com and then we should see something like this in the left pane of fiddler.

[Image: d7Fo4BC.png]

on the right side, we should focus on mainly the inspectors, and looking at the different views of the responses and what not.. heres what I see from the cnn site.
TOP
hexview - 
[Image: Og46VJP.png]

raw (I personally use RAW more than any of the others) - 
[Image: MBYE0io.png]

Now, if you look on the bottom half of this pane... you will see our response.. and something interesting here.
it says the response body is encoded.. click to decode.
Look at this image 

[Image: GNCbb0U.png]

You see the little blank boxes etc.. thats the SSL encoded data. But we have it set up to decode SSL right? CORRECT! Thats what our decode button is for.. so lets click it.. and see what it shows us now.. after I click it, I will hit the view in notepad.. to see more data at once.

[Image: loTL58y.png]

looky there, decoded SSL data :)

As you browse the internet, take some time to look through the data on here and get a little familiar with what your looking at before jumping into anything else too major. It's a great learning experience even if you don't do much else with it. At the very least, you will atleast be able to see what exactly is being sent back and forth between connections Wink


Keep a look out for upcoming tutorials using fiddler to get into some.... fun (evil grin)

As always, I hope you enjoyed and learned something new, I am here to answer any questions I can.
#2
Thank you for this, I have used fiddler before but I never knew what to do with the outcome. I just saved all of my sessions for if I would get hacked I would have some network proof to work with.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
Setting up your mobile phone to sniff your traffic with Fiddler ubersaki 2 2,661 09-09-2016, 07:35 AM
Last Post: Bish0pQ

Forum Jump:


Users browsing this thread: 1 Guest(s)