Skip to content
July 12, 2026
  • Linkedin
  • Twitter
  • Facebook
  • Youtube

Daily CyberSecurity

Zero-hour alerts. Unmatched analysis.

Primary Menu
  • Home
  • CVE Data
    • CVE Watchtower
    • Top Exploited CVEs
    • CVE Stats by Vendor
    • Q2 2026 Report
  • Cyber Criminals
  • Data Leak
  • Linux
  • Malware
  • Vulnerability
  • Submit Press Release
  • Vulnerability Report
Light/Dark Button
  • Home
  • Technique
  • Advanced Web Debugging with Fiddler
  • Technique

Advanced Web Debugging with Fiddler

Do Son June 10, 2017 3 minutes read
Web Debugging Fiddler

On this post, I will introduce a penetration of the web test development industry. It is more popular a web traffic capture package analysis tool. Fiddler’s function here is not to say, a simple summary is to capture the package, change the package, replay. The focus of this article is not to introduce the basic usage of Fiddler, but to introduce how to build their own custom programming Fiddler. Most of the contents of this article from the Internet, such as the contents of the old can be self-bypass, all when the personal inquiries, can be sprayed.

Modify the rules file CustomRules.js

CustomRules.js is written in Jscript.NET and has a syntax similar to C #. By modifying the CustomRules.js can modify the http request and response, without interrupting the program, you can also do a special treatment for different url.

CustomRules.js file location

Fiddler Tools Menu Bar:

rules->CustomRules
Local computer disk storage address:
C:\Documents and Settings\[your user]\MyDocuments\Fiddler2\Scripts\CustomRules.js

Common content

First share a common content:

static function OnBeforeRequest(oSession: Session) {

// oSession.oRequest.headers.Remove("Cookie");
// oSession.oRequest.headers.Add("Cookie", "username=admin;");
// oSession.oRequest["Referer"]="http://securityonline.info";
// if (oSession.HTTPMethodIs("POST")){ //POST修改为GET
// oSession.RequestMethod="GET";
// }
// var strBody=oSession.GetRequestBodyAsString();
// // // strBody=strBody.replace("111","222");
// strBody="11111111111111111111111111111111111"+strBody;
// // // strBody=strBody.ToUpper();
// // // strBody=strBody.ToLower();
// oSession.utilSetRequestBody(strBody);
}

As shown above, modify the code under the OnBeforeRequest function to automatically modify some of the parameters in the request packet before sending the request. Such as can be added to change the cookie, headers header parameters, you can modify the type of request package, the main role is to achieve a specific role in the penetration test, such as bypassing the firewall.

Common function

Http request function: that is, modify the contents of the function, you can send http request packet before modifying some parameters.

static function OnBeforeRequest(oSession: Session)

Http response function: that is, modify the contents of the function, you can receive http response packet before modifying some parameters

static function OnBeforeResponse(oSession: Session)

The method properties in the function

Filter an url

if (oSession.host.indexOf("thief.one") > -1) {}

Modify the display style in the session

oSession["ui-color"] = "orange";

Remove a field from the http header

oSession.oRequest.headers.Remove("");

Modify the contents of a field in the http header

oSession.oRequest["Referer"] = "http://securityonline.info";

Modify host

oSession.host = "securityonline.info";

Modify the Origin field

oSession.oRequest["Origin"] = "http://securityonline.info";

Delete all cookies

oSession.oRequest.headers.Remove("Cookie");

Create a new cookie

oSession.oRequest.headers.Add("Cookie", "username=ddos;");

Gets the body string in the Request

var strBody=oSession.GetRequestBodyAsString();

Use regular expressions or replace methods to modify string

strBody=strBody.replace("security","ddos");

Play a dialog box to check the modified body

FiddlerObject.alert(strBody);

Will modify the body, re-write back to the Request

oSession.utilSetRequestBody(strBody);

Modify request url

For example: Replace the http protocol in the request URI with the https protocol.

oSession.fullUrl = "https" + oSession.fullUrl.Substring(oSession.fullUrl.IndexOf(':'));

Network speed limit

1000/download speed = time to be delayed (milliseconds), such as 20kB/s delay50 milliseconds to receive data.

if (m_SimulateModem) {

// Delay sends by 300ms per KB uploaded.
oSession["request-trickle-delay"] = "300";
// Delay receives by 150ms per KB downloaded.
oSession["response-trickle-delay"] = "150";
}

Fiddler can customize a lot of features, these are usually some of the usual content, such as you want to know more usage please refer to the official documents: Fiddler document

Share this article:

Facebook Post LinkedIn Telegram
Tags: Fiddler

Search

Translation

CVE WATCHTOWER
🚨

Receive alerts for vulnerabilities being exploited in the wild.

⚡

Get notified instantly when a Proof of Concept (PoC) exploit is published.

🔍

Access critical info on vulnerabilities even when marked as "RESERVED".

🧠

Insights powered by decades of expertise and global intelligence sources.

🎯

Customize alerts with up to 10 keywords for your specific tech stack.

📊

Export the raw CVE database for SIEM integration and reporting.

Upgrade Package

🚨 Active Exploits in the Wild

  • CVE-2026-1207CVSS 5.4
    An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on...
    Admin intel📅 Updated: Jul 10, 2026
  • CVE-2026-48939CVSS 10.0
    A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment...
    CISA KEV📅 Added to KEV: Jul 10, 2026
  • CVE-2026-56291CVSS 10.0
    The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files...
    CISA KEV📅 Added to KEV: Jul 10, 2026
  • CVE-2026-55255CVSS 8.4
    Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, an Insecure Direct...
    CISA KEV📅 Added to KEV: Jul 7, 2026
  • CVE-2026-48908
    A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in...
    CISA KEV📅 Added to KEV: Jul 7, 2026
  • CVE-2026-56290
    The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable...
    CISA KEV📅 Added to KEV: Jul 7, 2026
  • CVE-2026-20896CVSS 9.8
    Gitea Docker image: `REVERSE_PROXY_TRUSTED_PROXIES = *` default lets any source IP impersonate any user via `X-WEBAUTH-USER`
    Admin intel📅 Updated: Jul 6, 2026
  • CVE-2026-48282CVSS 10.0
    ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted...
    Admin intelCISA KEV📅 Added to KEV: Jul 7, 2026📅 Updated: Jul 3, 2026
Powered by CVE Watchtower

🔴 Live Critical Threats

  • CVE-2026-61447CVSS 10.0
    PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_python() that...
  • CVE-2026-61445CVSS 9.9
    PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in...
  • CVE-2026-60090CVSS 9.8
    PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the...
  • CVE-2026-57827CVSS 10.0
    The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload...
  • CVE-2026-57828CVSS 9.0
    The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file...
  • CVE-2026-14480CVSS 9.9
    OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the...
  • CVE-2026-20744CVSS 9.8
    The charging station websocket endpoint accepts connections without proper authentication, which could...
  • CVE-2026-57807CVSS 9.8
    Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security...
  • CVE-2026-55879CVSS 9.3
    OpenReplay is a self-hosted session replay suite. From 1.24.0 before 1.25.0, the...
  • CVE-2026-12761CVSS 9.8
    The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for...
Powered by CVE WATCHTOWER

Our Websites
  • Penetration Testing Tools
  • The Daily Information Technology
  • Top Exploited CVEs
  • Daily CyberSecurity

    • About SecurityOnline.info
    • Advertise with us
    • Announcement
    • Contact
    • Contributor Register
    • Login
    • Disclaimer
    • DCMA
    • Privacy Policy
    • About SecurityOnline.info
    • Advertise on SecurityOnline.info
    • Contact Us

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works

    • CVE Watchtower
    • CVE Statistics by Vendor 2026
    • Q2 2026 Report
    • Top Exploited CVEs
    • Linkedin
    • Twitter
    • Facebook
    • Youtube
    © 2017 - 2026 Daily CyberSecurity. All Rights Reserved.