Fiddler Ideas

The free web debugging proxy for any browser, system or platform.

Websocket playback and general handling improvements

In my line of work (security research), WebSockets are becoming increasingly common as a way to mask malicious activity. Fiddler does allow you to view a WebSocket and display the blobs exchanged. However, I have ran into some issues when the data is compressed and there doesn't seem to be native support for decompression. A workaround was suggested here:

More generally, it would be a great feature to be able to replay a WebSocket in 'offline mode', similarly to how you can replay HTTP/S Sessions via AutoResponder.

  • Guest
  • Mar 29 2018
  • Needs review
  • Attach files
  • Eric Lawrence commented
    March 29, 2018 21:06

    Yup, there are two big missing pieces here:

    1. Allow injection of messages on an active websocket connection, via FiddlerScript and the WebSocket Inspectors UI
    2. Enable WebSocket playback from a SAZ file in the AutoResponder