Fiddler Ideas

Fiddler is perhaps the single most versatile piece of software I've ever had the pleasure of working with, and as such it would make life and work easier for countless testers and developers (and those of us combining these jobs). 

The idea is to be able to sniff packets going through a remote machine—passively. Doing it with wireshark requires me to ssh over into the machine and start tcpdump writing to stdin, from which wireshark then reads:

ssh root@remote.host "/usr/sbin/tcpdump -i eth0 port 80 and http -s 0 -w -" | "/cygdrive/c/Program Files/Wireshark/Wireshark.exe -k -i -"

It starts a wireshark session and lets me see the captured packets in real time, which infinitely more convenient than any mucking about with remote saves with tcpdump, etc. But I don't have access to the convenience of Fiddler UI, and I would kill for it. In fact, even if I save the remote wireshark capture, Fiddler would claim that there is no IPv4 or IPv6 traffic in the pcap-ng (or pcap, or tcpdump...) capture, even though Wireshark clearly shows all the relevant http requests from which to glean the information.

My current (and actually nicely working) solution is to use iptables to route all outgoing traffic from port 80 on the remote host to Fiddler's port 8888 in remote capture mode. It has its benefits in that I get full control over the sessions, but it is not always a viable solution, and to be able to passively monitor with Fiddler in real time would give it yet another level of versatility and omnipower! :)