Fiddler Ideas

The free web debugging proxy for any browser, system or platform.

Websocket playback and general handling improvements

In my line of work (security research), WebSockets are becoming increasingly common as a way to mask malicious activity. Fiddler does allow you to view a WebSocket and display the blobs exchanged. However, I have ran into some issues when the data is compressed and there doesn't seem to be native support for decompression. A workaround was suggested here:

More generally, it would be a great feature to be able to replay a WebSocket in 'offline mode', similarly to how you can replay HTTP/S Sessions via AutoResponder.

  • Guest
  • Mar 29 2018
  • Under review
  • Attach files
  • Eric Lawrence commented
    29 Mar, 2018 09:06pm

    Yup, there are two big missing pieces here:

    1. Allow injection of messages on an active websocket connection, via FiddlerScript and the WebSocket Inspectors UI
    2. Enable WebSocket playback from a SAZ file in the AutoResponder