Fiddler - Extensions
This page contains useful extensions for Fiddler. For best results,
please ensure that you're running the latest version
Tip: If you are a Web Developer, you
Last Updated: Oct 16, 2011. Approximately 300 times faster than the old version, and less likely to mangle poorly-formatted script.
CertMaker for iOS and Android
iOS devices and Android devices may not work with the default HTTPS interception certificates used by Fiddler. To resolve this incompatibility, you
may install a Certificate-generating plugin that generates interception certificates compatible with those platforms.
Windows 8 AppContainer Loopback Utility
Windows 8 "Metro-style" apps require additional configuration to work with Fiddler. The EnableLoopback Utility allows you to easily reconfigure these apps to work with Fiddler. This utility is only useful on Windows 8 and does not run on earlier versions of Windows. Download Now (60kb) or Learn more...
The Differ tab allows you to compare two traffic profiles.
Download now (47kb).
The SAZClipboard is a simple extension that allows you to open a .SAZ file outside of the main Fiddler UI. You can then drag sessions between this clipboard from the Fiddler UI. Learn more...
The Gallery extension (50kb) displays
thumbnails of all images found among the selected sessions.
The AnyWHERE extension (40kb) allows you to trivially spoof the responses to browsers' GeoLocation webservice queries. Works with IE9, FF4, Chrome, and Opera. Full source is included. Note: You must enable HTTPS decryption for this tool to work.
The RulesTab extension is a lightweight way to tweak your Rules script directly within Fiddler2. This extension is not as powerful as the RulesTab2 extension above (no syntax highlighting or Intellisense), but it requires less memory.
The Content Blocker sample (11kb) is a simple example of using IAutoTamper to block traffic based on URI.
The Image Flipper sample (6kb) is a simple example of using IAutoTamper to automatically flip all downloaded images 180 degrees.
This list is provided for informational purposes only, and we make no representations or warranties, either expressed, implied or statutory, regarding the items, manufacturers, or compatibility of the items available within. Some of the links below send you to sites that are not under our control. We are not responsible for the contents of any linked site or any link contained in a linked site or any changes or updates to such sites. These links are provided to you only as a convenience, and the inclusion of any link does not imply endorsement by Eric Lawrence or Microsoft. Report a problem.
neXpert Performance Report Generator
neXpert is an add-on which aids in performance testing of web applications. Learn more...
StresStimulus is an add-on which aids in load-testing of web applications. Learn more...
Watcher - Passive Security Auditor
Watcher is a runtime passive-analysis tool for Web applications. It detects Web-application security issues as well as operational configuration issues. Watcher provides pen-testers hotspot detection for vulnerabilities, developers quick sanity checks, and auditors PCI and OWASP compliance auditing. It looks for issues related to mashups, user-controlled payloads (potential XSS), cookies, comments, HTTP headers, SSL, Flash, Silverlight, referrer leaks, information disclosure, Unicode, and more. Learn more...
Ammonite - Security Scanner
Ammonite is an web application security scanner
extension for Fiddler. Ammonite detects common vulnerabilities such as
SQL injection, OS command injection, cross-site scripting, file
inclusion, and buffer overflows. Ammonite includes unique features
that make it particularly well suited for penetration testers and
x5s - Automated XSS Security Testing Assistantx5s aims to assist penetration testers in finding cross-site scripting vulnerabilities. It's main goal is to help you identify the hotspots where XSS might occur by:
yamagata21 built this extension which allows fuzzing of Web
Andy Cross built this cool extension which analyzes the selected HTML response for inefficiencies.
Full source for the Inspector is provided. Learn more...
WCF Binary-Encoded Message Inspector
This inspector allows you to view WCF binary-encoded messages in a plaintext XML format. Learn more...
Chad Sowald's Request-To-Code
This extension converts a captured request into the C#, VB.NET, or Python code necessary to issue that request: http://www.chadsowald.com/software/fiddler-extension-request-to-code. The code can be run directly from the extension. (Updated 12/16/2012)
- Eyal has written two extensions:
Thomas Deml's Export WCAT Script extension
Microsoft Web Capacity Analysis Tool (WCAT) is the tool of choice of the IIS team as well as the Windows Performance Team. This extension allows you to export scripts from Fiddler and run them in WCAT. Learn more...
Per-Response Latency Extension
Oscar Brito's extension enables you to specify latency based on regular expressions or exact URLs. Source code is available.
Dave Risney wrote the WPAD Server Fiddler extension, which is interesting for a number of reasons, although most folks will never need it.
XML Request Inspector- Fedor Vlasov has written an XML Request viewer that handles x-www-form-urlencoded XML post bodies.
XML DataSet Inspector- Joris Bijnens has written an XML DataSet Inspector which shows XML data using tabs and grids.