A Comprehensive Guide to Using Fiddler for Mobile Data Packet Capture

What is Fiddler？

Fiddler is a robust and user-friendly web debugging tool developed by Microsoft. It records all HTTP and HTTPS requests between clients and servers, enabling you to monitor, set breakpoints, and even modify input and output data.

Additionally, Fiddler features a powerful event-based scripting subsystem and can be extended using .NET languages.

In this article, we will primarily focus on how to use Fiddler to capture data packets from mobile devices in a way.

Pros and Cons of Fiddler

When compared to another popular mobile packet capture tool, Wireshark, Fiddler shares many similarities. For instance, both tools are suitable for various Wi-Fi-enabled devices (such as smartphones and tablets) and do not require rooting or jailbreaking. Additionally, both tools use a computer to capture and display data packets. The key difference lies in the method of capturing data packets: Wireshark does so by connecting the device to the computer's Wi-Fi hotspot, while Fiddler captures packets by placing the computer and the device on the same local area network (usually the same Wi-Fi network) and setting a network proxy for the device.

Fiddler's primary advantage over Wireshark is its ability to intercept and modify outgoing or incoming HTTP/HTTPS packets, including their Request and Response data. However, Fiddler also has its limitations, as it can only capture HTTP and HTTPS packets and is unable to capture other types of network packets.

Fiddler's Working Principle

Fiddler operates as a proxy web server.

As illustrated in the diagram above, Fiddler employs a proxy approach, allowing all client data streams to be sent to it before being forwarded to the target server. The target server's response packets are sent to Fiddler, which then forwards them to the client. As a result, both Request and Response packets pass through Fiddler, enabling it to capture and analyze them. This architectural advantage allows Fiddler to offer powerful features that other tools cannot provide. As long as the device supports HTTP proxy configuration, it supports packet capture.

Fiddler operates at the application layer of the OSI seven-layer network model, using the proxy address 127.0.0.1 and port 8888. When Fiddler starts, it automatically sets the proxy, and when it exits, it automatically unregisters the proxy, ensuring no interference with other programs. However, if Fiddler exits unexpectedly, web pages may become inaccessible because Fiddler has not automatically unregistered the proxy. The solution in this case is to restart Fiddler.

Setting Up Fiddler to Capture Mobile Data Packets

First, ensure that the computer with Fiddler installed and the mobile phone to be monitored are on the same local area network (usually connected to the same Wi-Fi). This is crucial because the mobile phone's proxy needs to be directed to the PC, and it won't work if they cannot access each other.

Follow these steps to capture mobile data packets using Fiddler:

1) Enable remote connections in Fiddler. Go to the Fiddler main menu, select Tools, then Fiddler Options, and click on the Connections tab. Check the box for "Allow remote computers to connect."

2) Restart Fiddler.

3) Obtain the PC's IP address.

4) Configure the mobile phone's proxy settings. Point the proxy to the PC's IP address, enter Fiddler's default port (8888), and save to complete the proxy configuration. Now, Fiddler can capture the mobile phone's HTTP data packets.

Fiddler's Basic Interface

The layout of the Fiddler interface is as follows:

Under the Inspectors tab, there are multiple options to view Request or Response information. The Raw Tab allows you to view the complete message, while the Headers Tab displays only the headers within the message.

Set breakpoints in Fiddler

Setting Breakpoints and Modifying Request

There are two methods to set breakpoints:

Method one:

1) Open Fiddler and click on Rules.

2) Select Automatic Breakpoints.

3) Choose Before Requests.

The disadvantage of this method is that it will interrupt all sessions.

To cancel, go to Rules --> Automatic Breakpoints --> Disabled.

Method two:

1) Enter the command in the command line: bpu msdkdev.qq.com.

2) This method will only interrupt the Request sent to msdkdev.qq.com.

To cancel, enter "bpu" in the command line.

Setting Breakpoints and Modifying Response

There are also two methods to set breakpoints:

Method one:

1) Open Fiddler and click on Rules.

2) Select Automatic Breakpoints.

3) Choose After Responses.

The disadvantage of this method is that it will interrupt all sessions.

To cancel, go to Rules --> Automatic Breakpoints --> Disabled.

Method two:

1) Enter the command in the command line: bpafter msdktest.qq.com.

2) This method will only interrupt the Response returned by msdktest.qq.com.

To cancel, enter "bpafter" in the command line.

Fiddler's Additional Features

Session Comparison Feature

Select two sessions, right-click on Compare, and use WinDiff to analyze the differences between the two sessions.

Session Search Feature

Press CTRL+F to open the Find Sessions dialog box and enter keywords to search. You can also use colors to identify the found sessions.

Save Session Feature

Select the session you want to save, right-click on Save, and choose Selected Sessions.

Decoding Feature

Some HTML in the Response may appear garbled, which could be due to encryption. You can decode it using the following methods:

1) Click on "Response is encoded and may need to be decoded before inspection. Click here to transform" above the Response Raw.

2) Select "Decode" in the toolbar, and it will automatically decode.

Script Configuration Feature

Fiddler includes a script file that can automatically modify HTTP Request and Response, eliminating the need to manually set breakpoints for modification.

This script file, called CustomRules.js, is located at: C:\Users\[your user]\My Documents\Fiddler2\Scripts\CustomRules.js. You can also open the CustomRules.js file in Fiddler by starting Fiddler and clicking on the menu Rules -> Customize Rules.

Conclusion

Fiddler is capable of capturing various HTTP/HTTPS requests sent by mobile devices and browsers. With its powerful features, compatibility with all platforms and browsers, and being completely free, Fiddler is a practical and user-friendly packet capture tool.

Visit Fiddler's official website at: http://www.telerik.com/fiddler