Capturing Modes

Fiddler Everywhere is a local forward TLS proxy that can capture HTTP(S), WebSocket, Server-Sent Events (SSE), and gRPC traffic. The traffic can be generated from locally installed applications or remote devices (within the same local network).

The application supports capturing modes such as automatic system capturing, independent browser capturing, and terminal capturing. Upon startup, Fiddler Everywhere will also capture traffic from any application explicitly set to use Fiddler's address and port as an HTTP proxy, which can include traffic from remote devices.

Capturing Modes Comparison

The following table demonstrates the supported functionalities and differences between the Fiddler's capturing modes.

Feature System Capturing Network Capturing Independent Browser Capturing Terminal Capturing Explicit Capturing
Captures browser traffic? Yes Yes Yes (Chromium browsers) n/a Yes
Captures application traffic? Yes Yes Browsers only Terminals only Yes
Captures remote traffic? Yes No n/a n/a Yes
Captures Android traffic? Yes No n/a n/a Yes
Captures iOS traffic? Yes No n/a n/a Yes
Captures HTTPS from? The system proxy Network adapter Browser Terminal and its child processes Client application
Supports modifying traffic (through Rules) ? Yes Yes Yes Yes Yes
Supports breakpoints (through Rules) ? Yes Yes Yes Yes Yes
Supported protocols HTTP, HTTPS, WebSocket, SSE, gRPC, Socket.IO HTTP, HTTPS, WebSocket, SSE, gRPC, Socket.IO HTTP, HTTPS, WebSocket, SSE, Socket.IO HTTP, HTTPS, WebSocket, SSE, gRPC, Socket.IO HTTP, HTTPS, WebSocket, SSE, gRPC, Socket.IO
Support for HTTP/2 Yes Yes Yes Yes Yes
Support for TLS 1.3 Yes Yes Yes Yes Yes
Support for IPv4 Yes Yes Yes Yes Yes
Support for IPv6 Yes No Yes Yes Yes
Supported OS Windows, macOS, Linux macOS Windows, macOS, Linux Windows, macOS, Linux Windows, macOS, Linux
VPN compatibility Partial Partial Yes Yes Depends on the app
Proxy Modification Modifies the OS proxy N/A (Installs Network Extension) Sets proxy only within the browser instance Sets proxy only for the terminal instance Manual proxy configuration
Needs Configuration Requires Fiddler CA Requires Fiddler CA No additional configuration needed No additional configuration needed Requires Fiddler CA
Needs admin privileges? Yes Yes Yes - to run a browser with params Yes - to run a terminal with params Depends on the app
Certificate Authority (CA) Automated & Manual CA installation Automated & Manual CA installation Preconfigured CA Preconfigured CA Manual CA installation

System Capturing

The client logs all HTTP, HTTPS, WebSocket, SSE, and gRPC traffic between your computer and the Internet and helps you analyze and debug the incoming and outgoing traffic from virtually any application that supports a proxy—browsers, desktop applications, CLI tools, and others. You can use the captured traffic to debug issues, identify performance bottlenecks, or share it with your teammates.

To capture system traffic with Fiddler Everywhere:

  1. Start Fiddler Everywhere.

  2. Enable system capturing as described in the following OS-specific articles:

Use the "System Proxy" switch to toggle on and off the system capturing mode

Learn more about the system capturing mode here...

Network Capturing

The Fiddler Everywhere version 5.2.0 introduced the network capturing mode as a BETA feature for macOS. The mode works on a lower level than an HTTP(S) proxy and allows you to capture TCP traffic from all applications that use the active network adapter without changing the system or client proxy.

Learn more about the network capturing mode here...

The network capturing mode in Fiddler has many advantages compared to the traditional HTTPS proxy capturing. The main differences are:

  • You don't need to change or set an HTTPS proxy on your operating system or client applications.
  • You have more control over which network segment or processes to monitor.
  • It brings additional value in overcoming known HTTPS proxy limitations in specific operating systems and clients.

One of the brightest examples of network capturing benefits is the infamous case where Safari on macOS ignores the proxy settings for WebSocket traffic. Because of that known issue, there is no way to debug WebSocket traffic that goes through a proxy (on Safari) while using HTTPS proxy tools. However, with the network capturing mode, you can capture WebSocket and all TCP traffic on a lower level, making the issue obsolete.

Independent Browser Capturing

Independent browser capturing is a feature that allows you to capture traffic from a sandboxed browser instance. Currently, Fiddler Everywhere supports independent browser capturing only for Chromium browsers.

Use the "Browser" button to capture traffic from independent browser instance

Learn more on how to capture traffic from an independent browser instance here...

Terminal Capturing

Similarly to the independent browser capturing option, Fiddler lets you use a dedicated terminal instance to capture traffic from your preferred terminal on-the-fly. The option is accessible through the >_ Terminal button, enabling you to quickly capture and inspect traffic from terminal applications like Node.js libraries and curl.

Use the "Terminal" button to capture traffic from Node.js or other terminal application

Learn more on how to capture traffic from a terminal here...

Explicit Capturing

The Fiddler Everywhere application acts as a proxy from the moment it starts, and by default, its proxy address is 127.0.0.1:8866. Any application (including apps from remote PCs, mobile devices, etc.) explicitly directed to go through the Fiddler Everywhere proxy address will have its traffic captured, even when the system capturing is turned off.

Example for explicitly making a curl request that goes through the Fiddler Everywhere proxy:

curl --url https://www.example.com/ -x 127.0.0.1:8866 --ssl-no-revoke -v

Remote Traffic Capturing

Fiddler Everywhere can capture traffic from remote devices on the same local network. That includes remote PCs, gaming consoles, IoT devices, smartphones, tablets, etc. All you need to do is set the Fiddler proxy address and port as a manual proxy on the remote machine (similar to the explicit capturing mode) and install the Fiddler certificate authority within the remote device certificate manager.

If you only need to capture remote traffic, then there is no need to install the Fiddler CA on the Fiddler host machine. You only need to download and install the Fiddler CA on the remote device. Once the proxy configuration is in place, Fiddler Everywhere will automatically capture and decrypt the remote HTTPS traffic.

Below you will find some detailed guides for different scenarios:

Learn more on how to capture traffic from an Android device here...

Learn more on how to capture traffic from an iOS device here...

Learn more on how to capture traffic from generic remote devices here...

HTTP Version Specifics

Fiddler Everywhere supports HTTP/1.x and HTTP/2 traffic capture and composing. Note the following specifics when handling HTTP/2 requests.

  • The HTTP/2 support in Fiddler Everywhere is enabled by default. If needed it can be disabled through the Connections menu.

  • With the Enable HTTP/2 support option, the connection between a client and a server will default to HTTP/2 if both support it. When the option is disabled, Fiddler Everywhere forces the communication to go through HTTP/1.1.

  • Even with HTTP/2 support enabled, Fiddler Everywhere does not guarantee that all requests will use HTTP/2. Fiddler will only communicate using the client's version if a client only supports HTTP/1.1 or lower. If the client works with HTTP/2 but the server does not, Fiddler will allow the HTTP/2 request, but internally it will translate the request to HTTP/1.1 when communicating with the server.

  • Some browsers will share a single HTTP/2 connection to a website between tabs and keep a connection open even after a tab is closed. That can lead to unexpected behavior with the HTTP/2 support in Fiddler Everywhere, so if you experience similar issues, try to restart the browser.

  • Fiddler shows the HTTP/2 pseudo-headers as they are sent/received in their original order. Some client applications further modify the pseudo-header order, which can cause different behavior for some corner cases.

WebSocket Capturing

The WebSocket protocol provides full-duplex communication channels over a TCP connection. WebSocket is distinct from the HTTP protocol. Both protocols are located at OSI layer seven and depend on TCP at OSI layer four. Although different, WebSocket is designed to work over HTTP ports 443 and 80 and support HTTP proxies and intermediaries, thus making it compatible with HTTP.

Fiddler Everywhere supports WebSocket capturing out-of-the-box through all capturing modes. The application provides dedicated WebSocket inspectors to examine and extract data from the WebSocket session's handshake, metadata, and messages. Encoded WebSocket messages are automatically decoded (if possible) and presented in human readable form in the related WebSocket inspector.

Server-Sent Events

The Server-Sent Events (SSE) is a server technology that enables a client application to receive updates from a server through the HTTP protocol. With server-sent events, a server can send new data to the client anytime by pushing messages.

Fiddler Everywhere supports SSE capturing out-of-the-box for HTTP/2 through all capturing modes. The Fiddler application allows dedicated SSE inspectors to examine and extract data from the SSE session's handshake and messages.

gRPC Capturing

gRPC stands for Google Remote Procedure Call, and while created by Google, now an open-source framework. gRPC utilizes multiple technologies, including HTTP/2, which makes it incompatible with HTTP/1.1 and older versions. Similar to other RPC frameworks, one of its most common usage to directly call methods on remote clients. The main benefits of gRPC are its performance, added security, and the possibility to generate code efficiently. Some well-known usage scenarios are creating microservices application architecture and connecting mobile clients to backend services.

Fiddler Everywhere supports gRPC capturing out-of-the-box through all capturing modes. The Fiddler application provides dedicated gRPC inspectors to examine and extract data from the gRPC session's handshake, and messages.

To capture gRPC, you must enable HTTP/2 support in Fiddler Everywhere through Settings > Connections > Enable HTTP/2 support. This requirement comes from prerequisites of the gRPC framework, which utilizes their HTTP/2 protocol.

Learn more on how to capture and inspect gRPC traffic with Fiddler Everywhere here...

Socket.IO Capturing

Socket.IO is a technology that provides bidirectional, low-latency and event-based communication between a client application and a server.

Fiddler Everywhere supports Socket.IO capturing out-of-the-box through all capturing modes. The Fiddler application provides dedicated Socket.IO inspectors to examine and extract data from the gRPC session's handshake, and messages.