Understanding FiddlerScript

FiddlerScript is one of the most powerful features in Fiddler; it allows you to enhance Fiddler's UI, add new features, and modify requests and responses “on the fly” to introduce any behavior you'd like.

FiddlerScript is based on JScript.NET, a .NET version of JavaScript, so it's easy for web developers to use, and the syntax is close enough to C# that most .NET developers can write simple rules with little effort.

Editing FiddlerScript

To get started, simply click Rules > Customize Rules to open your FiddlerScript file.

If the file opens in Notepad that means you haven't yet installed the FiddlerScript Editor, which offers syntax-highlighting, Intellisense-style code completion, and a Class Explorer:

If you're doing any non-trivial updates to your FiddlerScript, you should definitely install the FiddlerScript editor, which is bundled with the SyntaxView Inspectors that offer syntax-highlighting and formatting of common web types (HTML, CSS, JavaScript, etc).

No matter what editor you use, when you update the script and save it, Fiddler will automatically notice the new file version and attempt to load it. If the script loads successfully, a sound will play and the Fiddler status bar will say “CustomRules.js was loaded at <datetime>” (this text is actually set by the Main function inside the FiddlerScript file itself. You can change it to anything you'd like.) If compilation of the script fails, an error message will be shown and you can use it to help fix whatever problem you've found in your script.

If you ever corrupt your FiddlerScript so badly that you can't fix it, simply delete the CustomRules.js file from \Documents\Fiddler2\Scripts and restart Fiddler. Fiddler will automatically regenerate the file using the latest SampleRules.js file included in the Fiddler installation package.

FiddlerScript Methods

Your FiddlerScript file includes a single static class (named Handlers) which Fiddler uses to locate the methods that are called as it runs.

Generally speaking, all of your code should be placed inside static methods on this class.

Fiddler automatically executes a number of “Application event methods” as it runs:

As Fiddler processes Web Sessions, each Session is passed (as a parameter) to an method based on the current state of the Session.

The “Session event methods” are invoked in the following order:

Targeting Sessions

When using the Session event methods, your code typically consists of two major parts:

  1. Recognizing of Web Sessions of interest (Targeting)
  2. Making changes to those Sessions (Updating)

In most cases, you only want to update certain Web Sessions, so your code should examine the properties of the Web Session to decide if the current Session is one needing modification.

There are several useful helper methods for this task:

if (oSession.uriContains("caseInsensitiveStringFromURI")) {

  /* do something */

}

if (oSession.HostnameIs("SiteICareAbout.com")) {

  /* do something */

}

if (oSession.HTTPMethodIs("POST") &&

    oSession.oRequest.headers.ExistsAndContains("SoapAction", "SendBody") {

  /* do something for SOAP POSTS */

}

In many cases, you don't want to target requests which represent CONNECT tunnels through which secure traffic flows, because you instead only want to modify the HTTPS requests inside the tunnel rather than the tunnel itself.

To do that, simply check to see whether the request's HTTP Method is “Connect” and if so, skip the Session:

if (!oSession.HTTPMethodIs("CONNECT")) {

  /* ignore CONNECT tunnels */

}

Often, complaints that “My rules didn't update the Session properly” turn out to be related to the fact that the Sessions were not targeted properly.

To help identify such problems, each rule should always update the Session's UI so that it's plain to see whether the rule is being applied:

// case-sensitively replace oldString with newString

if (oSession.fullUrl.indexOf("oldString") > -) {

  oSession["ui-backcolor"] = "lime";

  oSession["ui-bold"] = "changing URL for this session";

  oSession.fullUrl = oSession.fullUrl.Replace("oldString", "newString");

}

This rule block changes the Web Session's background color to lime green and bolds its text before replacing all instances of “oldString” in the URL with “newString”.

That way, if the rule is running on Sessions you don't expect (or if it isn't running on Sessions you do) you can more easily identify the problem with your targeting

Understanding FiddlerScript的更多相关文章

  1. GOOD MEETINGS CREATE SHARED UNDERSTANDING, NOT BRDS!

      Deliverables and artifacts were a focal point of BA work during the early part of my career. If I ...

  2. Understanding delete

    简述 我们都知道无法通过delete关键字针对变量和函数进行操作,而对于显示的对象属性声明却可以进行,这个原因需要深究到js的实现层上去,让我们跟随 Understanding delete 来探究一 ...

  3. Life Cycle of Thread – Understanding Thread States in Java

    Life Cycle of Thread – Understanding Thread States in Java 深入理解java线程生命周期. Understanding Life Cycle ...

  4. [转]Part 3: Understanding !PTE - Non-PAE and X64

    http://blogs.msdn.com/b/ntdebugging/archive/2010/06/22/part-3-understanding-pte-non-pae-and-x64.aspx ...

  5. Understanding the Internal Message Buffers of Storm

    Understanding the Internal Message Buffers of Storm Jun 21st, 2013 Table of Contents Internal messag ...

  6. Understanding theory (1)

    Source: verysmartbrothas.com It has been confusing since my first day as a PhD student about theory ...

  7. Understanding Convolutions

    http://colah.github.io/posts/2014-07-Understanding-Convolutions/ Posted on July 13, 2014 neural netw ...

  8. Understanding, Operating and Monitoring Apache Kafka

    Apache Kafka is an attractive service because it's conceptually simple and powerful. It's easy to un ...

  9. [翻译]Understanding Weak References(理解弱引用)

    原文 Understanding Weak References Posted by enicholas on May 4, 2006 at 5:06 PM PDT 译文 我面试的这几个人怎么这么渣啊 ...

随机推荐

  1. 基于webpack的前端工程化开发解决方案探索(二):代码分割与图片加载

    今天我们继续来进行webpack工程化开发的探索! 首先来验证上一篇文章   基于webpack的前端工程化开发解决方案探索(一):动态生成HTML  中的遗留问题:webpack将如何处理按需加载的 ...

  2. springboot通过idea打jar包

    springboot打jar包 一.      检查pom文件 <packaging>jar</packaging> 二.      切换到maven窗口 三.      先c ...

  3. RocketMQ-Console安装

    1.获取源码 git clone -b release-rocketmq-console- https://github.com/apache/rocketmq-externals.git 2.进入工 ...

  4. SPI bus 的收发编程

    https://linux-sunxi.org/SPIdev The SPI bus (or Serial Peripheral Interface bus) is a synchronous ser ...

  5. Andrew Ng机器学习 一: Linear Regression

    一:单变量线性回归(Linear regression with one variable) 背景:在某城市开办饭馆,我们有这样的数据集ex1data1.txt,第一列代表某个城市的人口,第二列代表在 ...

  6. Codeforces C.Neko does Maths

    题目描述: C. Neko does Maths time limit per test 1 second memory limit per test 256 megabytes input stan ...

  7. 【转载】lr运行时设置,每个action 比例

    提供了再脚本运行时所需要的相关选项. 性能测试的关键之一:能否通过脚本来完全模拟用户的行为,可以通过运行设置让脚本运行的更人性化. 1. Run Logic 脚本如何运行,每个action与actio ...

  8. 使用树莓派GPIO控制继电器

      一.使用方法总结: VCC接+5v,GND接负,IN1接GPIO口, 二.然后使用Linux命令或者编程控制GPIO口高低电位即可,如:执行下列命令: gpio readall 列出所有针角 gp ...

  9. Linux——查询服务器公网IP

    前言 服务器查看IP,十分简单,但是如何查看公网IP呢? 步骤 网站:http://www.cip.cc/ 命令行查询(详细): UNIX/Linux: #curl cip.cc Windows: & ...

  10. java SSM面试题

    1. 谈谈你mvc的理解MVC是Model—View—Controler的简称.即模型—视图—控制器.MVC是一种设计模式,它强制性的把应用程序的输入.处理和输出分开.MVC中的模型.视图.控制器它们 ...