Easy Request Response Rules in Fiddler

2 minute read

Fiddler as a tool has gotten more and more advanced over time. With it’s powerful scripting capabilities, there isn’t much you can’t do with it when dealing with HTTP requests. One of the problems with the scripting interface is the high barrier to entry. Fortunately, for a lot of things, there is an easier way. This post will focus on request response rules due to the fact that I’m often asked about them due my work on add-ins for Office.

Sticking with the Office add-ins example, here is how you can rewrite a call to a script to one you have locally for easy debugging. (If you don’t already have it, you can download Fiddler here)

Setting up HTTPS Support

Fiddler should do everything you need out of the box with one minor exception: SSL (or TLS hopefully) requests. In order to make it work with these requests, there is an extra step. Open Fiddler Options from the Tools menu, and select the HTTPS tab. Make sure that the Decrypt HTTPS traffic box is ticket and click OK. Fiddler can now intercept your HTTPS traffic and decrypt it. The problem is that you machine will, hopefully, reject these requests due to being Man in the middled. In order to ensure that your device will accept these certificates, the Fiddler certificate needs to be added to your store. This varies from device to device, but the gist of it is you will use the device which is making the connection you want to rewrite part of, browse to X.X.X.X:8888 in your web browser, where X.X.X.X is the IP address of the machine running Fiddler, and chose to download the FiddlerRoot certificate towards the bottom of that page. More details about how to handle this for your device or browser can be found here.

Setting the AutoReponder

In the right hand pane, select the AutoResponder tab at the top. Make sure Enable rules and Unmatched requests passthrough are checked. Now, click Add Rule. At the bottom of the pane you will see a section named Rule Editor. For the first text field, you are going to enter EXACT:https://the.url.of/my/script/here.js , then for the bottom field, you have two choices. You can return a local file, or a response.

For the local file, just select Find a file... in the dropdown, browse to the file you want to return, and select Open. Then click Save on the right hand side.

If you want to return a different file hosted somewhere else (maybe a newer version of a script or similar), simple enter the URL of the file in the bottom field, and click Save

Next Step

There isn’t one. That’s it. Make sure your device is set to use the machine running Fiddler as a proxy (remember it’s on port 8888), and you are good to go. If it doesn’t work quite as expected, make sure files aren’t being returned from the cache.