DEV Community

Cover image for Network Sniffing with Fiddler
Kim Arnett 
Kim Arnett 

Posted on

16

Network Sniffing with Fiddler

Now and then when you encounter a problem, you have to put on your Hacker hoodie and just go for it. That's how I discovered some of the debugging capabilities of Fiddler.

As an iOS developer - it's difficult to capture the network calls your app is making to determine why weird things are happening. After you've determined it's not your code, the next step is determining where it's coming from. Enter network sniffing.

Fiddler is a free HTTP proxy server application. Translated to English: Fiddler is an application that you can hook up your device to (through a proxy) and watch the network traffic go back and forth. There are other tools out there, like Charles for Mac, but today we're discussing Fiddler.

First, download Fiddler on your PC.

Configuration

You'll need to do some configuration to connect another device to the proxy.

  1. Click Tools -> Fiddler Options -> Connections
    Select the checkbox for Allow remote computers to connect

  2. For HTTPS connections, click on the HTTPS tab under Fiddler Options.
    Select the checkbox for Capture HTTPS CONNECTs, and the Decrypt HTTPS traffic checkbox.

You'll have to initiate the SSL Certificate for Fiddler too.
Click Actions -> Trust Root Certificate

  1. Click OK

  2. Restart Fiddler. After any changes, you must restart Fiddler.

Note: You may have to enable Fiddler to go through the firewall.

Connection Info

On the right side of the Fiddler window, you'll see an "Online" status. If you don't - please refer to Telerik's documentation. It's great!
If you hover over your online status, you'll see the IP address at the bottom of the window. That's the IP address you'll need for the next step.

Device Setup

  1. Go to your device's network settings, and enable a proxy.

  2. For server, enter the IP Address from Fiddler.

  3. For port, enter "8888" (or whatever is in the Fiddler Options -> Connections menu.)

  4. For HTTPS:
    Go to a web browser and enter "[IPADDRESS]:8888"
    You should see a "Fiddler Echo Service" page.
    Download the FiddlerRoot certificate
    Install & Trust the certificate

Note: It's recommended to delete the certificate when you're finished

Ta-Da!

You should now be all set to go.
Now you can capture detailed network traffic, requests and responses, and figure out where things are going awry. Use your powers for good and not evil.

Originally posted on KaydaCode

Image of Timescale

🚀 pgai Vectorizer: SQLAlchemy and LiteLLM Make Vector Search Simple

We built pgai Vectorizer to simplify embedding management for AI applications—without needing a separate database or complex infrastructure. Since launch, developers have created over 3,000 vectorizers on Timescale Cloud, with many more self-hosted.

Read full post →

Top comments (5)

Collapse
 
ben profile image
Ben Halpern

I think this is a layer of the stack that application developers often find unapproachable, or not for them. But it's pretty straightforward once you get to know the tools, thanks for the post, Kim.

Collapse
 
craser profile image
Grumpy and

I started using Fiddler a few years back, and a debugging proxy of some kind has been in my toolkit ever since. (On macOS I use Charles.) Of all the tools I've picked up over the years, Fiddler & Charles have generated by far the most "Woah! How did you do that?" reactions.

Fiddler is one of those tools that once you use it for a while, and see what it can do, you'll never want to be without it.

Collapse
 
kaydacode profile image
Kim Arnett 

Definitely agree - I was extremely intimidated to get started with it, but now that I feel comfortable enough to get started, I have been able to do so much with it! I didn't include it in the article, but once I needed to replicate the API calls of an app that was no longer supported. The team didn't know any of the calls and had no documentation. So, I used Fiddler to sniff the traffic, find the calls, parameters being passed, and essentially reversed engineered the documentation. :)
I haven't tried Charles yet, but I've also heard good things.

Collapse
 
craser profile image
Grumpy and

Yep, that's pretty much the killer scenario for Fiddler. And I think if you wrote up that experience it would make a great article here. Kind of a "Level 2" after folks have had a chance to play around a bit and get used to Fiddler.

I just wish it was a little easier to get started. I've had several colleagues get excited when they see what it can do, but then give up when they see how fiddly the initial setup can be. I hope your article gets more people interested in getting past that first step!

Collapse
 
brodericks19145 profile image
Broderickson Priddy

Network sniffing with Fiddler allows users to capture and analyze HTTP/HTTPS traffic, making it a powerful tool for debugging web applications, monitoring API calls, and identifying security vulnerabilities. By intercepting requests and responses, developers can inspect headers, cookies, and payload data for troubleshooting or optimization. Similar to how the Sniffies app map provides a real-time interactive view of nearby connections, Fiddler offers a clear visual representation of network traffic, helping users understand and refine their application's communication with servers efficiently.

Heroku

This site is powered by Heroku

Heroku was created by developers, for developers. Get started today and find out why Heroku has been the platform of choice for brands like DEV for over a decade.

Sign Up