Fiddlercap - designed to help the non-expert gather HTTP logs (great for helping to track down malware-adverts)

One of the biggest problems I face when tracking down malicious banner advertisements is gathering proof sufficient to convince a web site and/or advertising network that they have a problem.  Sometimes I am unable to reproduce a reported hijack by a banner advertisement despite my best efforts.  When my correspondent is inexperienced they can struggle to gather the required data for me to analyse and publicise.

Eric Lawrence of Microsoft has also seen the need for a product that will make it easy for the inexperienced to generate an HTTP or HTTPS log, so he has created a simpler version of Fiddler especially to address this need.

Called Fiddlercap, the product can be used to easily take a snapshot of HTTP traffic, which is then sent to a "debugging buddy" (that would be me) :o)

My only question is whether Fiddlercap and Fiddler can be installed side by side.  I must ping Eric about that, see what I can find out.

You can download Fiddlercap here: http://www.fiddler2.com/fiddler/help/log.asp

Published Thu, Aug 30 2007 22:57 by sandi
Filed under:

Comments

# re: Fiddlercap - designed to help the non-expert gather HTTP logs (great for helping to track down malware-adverts)

Thursday, August 30, 2007 11:57 AM by cghost

Hi,

Nice. I may need to enlist your aid as a "debugging buddy" on a problem I have going right now.

2 comments on Fiddlercap.

The Fiddlercap screen does not scroll down as it is intercepting traffic. It stays on the first line. Fiddler scrolls down so you always see the last line. I like that better.

The Fiddlercap screen (at least on my computer) won't display all the lines. For example the number beside "capturing" will read 87, but all I can see in the detail is 85.

# re: Fiddlercap - designed to help the non-expert gather HTTP logs (great for helping to track down malware-adverts)

Thursday, August 30, 2007 9:01 PM by EricLaw [MSFT]

Sandi: You can install FiddlerCap side-by-side with Fiddler, although if you have (and are comfortable with) Fiddler, you don't really need FiddlerCap.

cghost: FiddlerCap doesn't scroll with the idea being that if you're going to be debugging your own traffic, you're going to use Fiddler2.  On the other hand, if you're a  non-technical user, you're probably not going to care very deeply about what appears in the session list.  I considered hiding the session list altogether, but that causes a variety of problems.

The number in the status bar is the total number of sessions in the session list; the numbers in the detail are the id numbers of the session.  It is strange that you'd see a session count > 1+lastID (since the ID # is based at zero).  It's possible there's a bug here.

# re: Fiddlercap - designed to help the non-expert gather HTTP logs (great for helping to track down malware-adverts)

Friday, August 31, 2007 7:54 AM by sandi

Hi Eric,

Thanks for the response; I'm glad I can have them side by side - keeps me familiar with both products, makes it easier for me to guide newbies, and good for screenshots too ;o)

# re: Fiddlercap - designed to help the non-expert gather HTTP logs (great for helping to track down malware-adverts)

Saturday, September 08, 2007 6:13 PM by JeanInMontana

Hi Sandi,

Certainly not an expert here.  I try like hell though. :]]

This is exactly what I needed for that mystery shopping site.  I am just positive "something" got to me from there but I couldn't ever reproduce it and I haven't heard from you or Ben Edelman, so assume the same held for both of you.