Fiddler XSS Inspector: detect cross-site scripting vulnerabilities using fiddler
Fiddler XSS Inspector
The Fiddler tool helps you debug web applications by capturing network traffic between the Internet and test computers. The tool enables you to inspect incoming and outgoing data to monitor and modify requests and responses before the browser receives them. Fiddler also includes a powerful event-based scripting subsystem, which you can extend by using any .NET Framework language.
Fiddler and the HTTP replay options can help you troubleshoot client-side issues with web applications by making an offline copy of the test site. With these tools, you can create offline images of the browsing experience and then package and analyze the results to obtain more detailed debug information.
Copy FiddlerXSS.dll to the Fiddler 2 Inspectors folder, located at %ProgramFiles%\Fiddler2\Inspectors by default.
1) Capture a request containing a query string.
2) Navigate to the XSS inspector tab.
3) Click the Test button and observe the results.