Conditions and Actions in Fiddler's Rules
The article lists and explains the supported matching conditions and applicable actions while creating a rule with the Rules tab in Fiddler Everywhere. It also covers the specific of final and non-final actions and their immediate result on the modified traffic.
Conditions
The Rule Builder can add and use single or multiple conditions needed to trigger different actions. The conditions are logical structures with different statements whose numbers can vary between two and four. A statement field that handles text (string modifier) is case-insensitive by default (you can use the Aa
button to change them to case-sensitive) and can be auto-completed with suggestions corresponding to the captured sessions.
For more information, refer to the following list.
Condition Value | Field Options | Field Options | Field Options | Usage Description |
---|---|---|---|---|
Protocol | HTTP or HTTPS | n/a | n/a | Differentiate the traffic based on the used protocol (HTTP vs. HTTPS). |
Host | String modifiers | Search value | n/a | Matches a specific keyword in the Host column. |
Path | String modifiers | Search value | n/a | Matches a specific keyword in the path column. |
URL | String modifiers | Search value | n/a | Matches a specific keyword in the URL column. |
Status Code | String modifiers | Search value | n/a | Matches a specific keyword in the Result column. |
Method | String modifiers | Search value | n/a | Matches sessions using specific HTTP Method. |
Process | String modifiers | Search value | n/a | Matches a specific Process ID. |
Client IP | String modifiers | Search value | n/a | Matches session with specific Client IP. |
Remote IP | String modifiers | Search value | n/a | Matches session with specific Remote IP. |
Body Size | Number modifiers (compares bytes) | Search value | n/a | Matches session with specific Body Size. |
Duration | Number modifiers (compares milliseconds) | Search value | n/a | Matches sessions with specific Duration. |
Comment | String modifiers | Search value | n/a | Matches sessions with specific Comment column. |
Request Body | String modifiers | Search value | n/a | Matches sessions with specific keyword in the Request Body column. |
Request Header | Header name | String modifiers | The search value | Matches sessions with specific keyword in the explicitly mentioned Request header column. |
Response Body | String modifiers | Search value | n/a | Matches sessions with specific keyword in the Response body. |
Response Header | Header name | String modifiers | The search value | Matches sessions with specific keyword in the explicitly mentioned Response header column. |
Cookie | Cookie name | String modifiers | Search value | Matches sessions with specific keyword in the explicitly mentioned Cookie. |
Certificate Information | Field name | String modifiers | Search value | Matches sessions with specific keyword in the explicitly mentioned certificate field. |
Caching | String modifiers | Search value | n/a | Matches sessions with specific keyword in the HTTP Headers related to content caching. |
Content-Type | String modifiers | Search value | n/a | Matches sessions with specific keyword in the Content-Type column. |
Request Time | String modifiers | Search value | n/a | Matches specific date string in the Request Time column. |
Request Date | Date modifiers | Date form | n/a | Matches session executed on a specific date. |
Rules Modified | Boolean | n/a | n/a | Matches sessions modified by a rule. |
TLS Version | String modifiers | Search value | n/a | Matches traffic based on the used TLS Version. |
Magic String | The "magic string" content | n/a | n/a | Uses the legacy Fiddler Classic string literals and regular expressions. |
Actions
When Fiddler Everywhere identifies a request that matches the rule's conditions, it automatically maps it to the action set in the rule. An action field that handles text (string modifier) is case-insensitive by default (you can use the Aa button to change them to case-sensitive) and can be auto-completed with suggestions corresponding to the captured sessions. Note that multiple actions will be executed in their numbered order, and action with the final action type will prevent the execution of all subsequent actions.
Apart from returning files or predefined responses, a rule can perform the following specific actions:
Action name | Field Options | Field Options | Preview box | Usage Description | Action type |
---|---|---|---|---|---|
Mark Session | Choose background color | Choose foreground color | Sample Preview box | Marks the session with selected colors. | Non-final |
Update Request Header | Header Name | Value modifiers | New value | Uses the selected value modifier and the new value to update the request header. | Non-final |
Update Response Header | Header Name | Value modifiers | New value | Uses the selected value modifier and the new value to update the response header. | Non-final |
Update Request Body | Value modifiers | New value | n/a | Uses the selected value modifier and the new value to update the request body. | Non-final |
Update Response Body | Value modifiers | New value | n/a | Uses the selected value modifier and the new value to update the response body. | Non-final |
Update URL | Value modifiers | New value | n/a | Uses the selected value modifier and the new value to update the current URL. | Non-final |
Update Query Params | Query Parameter Key | Value modifiers | New value | Uses the selected value modifier and the new value to update the query parameters. | Non-final |
Update Request Cookies | Cookie Key | Value modifiers | New value | Uses the selected value modifier and the new value to update the cookie value. | Non-final |
Update Response Cookies | Cookie Key | Value modifiers | New value | Uses the selected value modifier and the new value to update the cookie value. | Non-final |
Predefined Response | Drop-down with predefined responses | n/a | n/a | Returns the selected predefined response. | Final |
Manual Response | Text field for creating manual response | n/a | n/a | Returns the manually created response. | Final |
Response File | File Picker | n/a | n/a | Returns the picked response file. | Final |
Do Not Show | n/a | n/a | n/a | Hides the matched session for appearing in Fiddler. When the Do Not Show action is applied, no other actions will be executed. | Final |
Delay Request | Number value (milliseconds) | n/a | n/a | Delays the request execution with "n" milliseconds. | Non-final |
Graceful Close | n/a | n/a | n/a | This action will close the connection gracefully. | Final |
Non Graceful Close | n/a | n/a | n/a | This action will close the connection forcefully. | Final |
Magic String | The "magic string" content | n/a | n/a | Uses the legacy Fiddler Classic string literals and regular expressions. | Final |
Comment | String modifiers | New value | n/a | Action to modify, add, or remove a session comment | Non-final |
Do Not Decrypt | n/a | n/a | n/a | Skips decryption for a matched session and shows only CONNECT tunnels. Only conditions for Host, URL, Process, Client IP, HTTP Version, and Remote IP can be used. The rule works only for newly established connections. | Final |
Update Status Code | n/a | n/a | n/a | Modifies the status code returned by the server while preserving the other data untouched. | Final |
Final and Non-Final Actions
Rule actions can be divided into final and non-final depending on their behavior.
When you work with final and non-final actions, take into consideration the following insights:
Final actions immediately prevent any other action from executing if this action comes lower on the list for the specific rule. Final actions also prevent any rule with lower priority, which matches the request, from executing any actions.
Final actions are valid only when the rule is matched during the HTTP request.
If a session is matched with conditions that depend on its response (for example, a response body contains "HTML"), then any final action in any rule that matches the session will be ignored. The reason for this behavior is that final actions replace the response. By design, Fiddler is not intended to replace a response that was already received and matched conditions in a rule.
Non-final actions will allow other actions from the same rule or different rules with lower priority, which match the session, to execute.
The following examples demonstrate what will happen when you combine final and non-final actions in one or multiple rules.
Non-Final Actions Only
When only non-final actions are executed, all matching rules have their actions performed and applied.
Final Actions Only
When one or more rules include final actions, the execution of the actions immediately stops after the most promoted rule that contains a final action takes place. No other demoted rules will be executed after that. For example, Do Not Show and Do Not Decrypt are final actions.
Mix of Final and Non-Final Actions
When one or more rules include final actions, the execution of the actions immediately stops after the most promoted rule that contains a final action takes place. No other demoted rules will be executed after that.
Note that each rule has its priority in the Rules list and can be demoted and promoted, which will change the order of execution. Final rules won't block non-final rules with higher priority.
For a illustration of this scenario, refer to the following cases:
-
You have a rule with a final action (for example, the Close Gracefully final action).
In this case, the rule containing the final action has higher priority in the Rules list. Only the first rule will execute when the matching request is made, and other demoted rules won't be triggered.
-
You have a rule with non-final actions (for example, the Mark Session and the Update Request Header non-final actions).
In this case, the rule containing the non-final action has higher priority in the Rules list. When the matching request is made, the non-final action will execute, and then the following demoted rule will be triggered as well. If you add additional rules after the rule containing the final actions, they won't be executed.