Conditions and Actions in Fiddler's Rules
The article lists and explains the supported matching conditions and applicable actions while creating a rule with the Rules tab in Fiddler Everywhere. It also covers the specific of final and non-final actions and their immediate result on the modified traffic.
Conditions
The Rule Builder can add and use single or multiple matching conditions needed to trigger different actions. The conditions are logical structures with different statements whose numbers can vary between two and four. A statement field that handles text (string modifier) is case-insensitive by default (you can use the Aa button to change them to case-sensitive) and can be auto-completed with suggestions corresponding to the captured sessions.
For more information, refer to the following list.
| Condition Value | Field Options | Field Options | Field Options | Usage Description |
|---|---|---|---|---|
| All Sessions | n/a | n/a | n/a | Matches all captured sessions |
| URL | String modifiers | Search value | n/a | Matches a specific keyword in the URL column. |
| Host | String modifiers | Search value | n/a | Matches a specific keyword in the Host column. |
| Path | String modifiers | Search value | n/a | Matches a specific keyword in the path column. |
| Protocol | HTTP or HTTPS | n/a | n/a | Differentiate the traffic based on the used protocol (HTTP vs. HTTPS). |
| Method | String modifiers | Search value | n/a | Matches sessions using specific HTTP Method. |
| Status Code | String modifiers | Search value | n/a | Matches a specific keyword in the Result column. |
| HTTP Version | String modifiers | Search value | n/a | Matches a specific HTTP Version. |
| Session Type | Predefined types | n/a | n/a | Matches a session through its type (e.g., WebSocket, gRPC, Aborted, Tunnels, Images, etc.). |
| Request Header | Header name | String modifiers | The search value | Matches sessions with specific keyword in the explicitly mentioned Request header column. |
| Response Header | Header name | String modifiers | The search value | Matches sessions with specific keyword in the explicitly mentioned Response header column. |
| Request Body | String modifiers | Search value | n/a | Matches sessions with specific keyword in the Request Body column. |
| Response Body | String modifiers | Search value | n/a | Matches sessions with specific keyword in the Response body. |
| Request Cookie | Cookie name | String modifiers | Search value | Matches sessions with specific keyword in the explicitly mentioned Request Cookie. |
| Response Cookie | Cookie name | String modifiers | Search value | Matches sessions with specific keyword in the explicitly mentioned Response Cookie. |
| Request Body Size | Number modifiers (compares bytes) | Search value | n/a | Matches session with specific Request Body Size. |
| Response Body Size | Number modifiers (compares bytes) | Search value | n/a | Matches session with specific Response Body Size. |
| Request Time | String modifiers | Search value | n/a | Matches specific date string in the Request Time column. |
| Request Date | Date modifiers | Date form | n/a | Matches session executed on a specific date. |
| Duration | Number modifiers (compares milliseconds) | Search value | n/a | Matches sessions with specific Duration. |
| Client IP | String modifiers | Search value | n/a | Matches session with specific Client IP. |
| Remote IP | String modifiers | Search value | n/a | Matches session with specific Remote IP. |
| Certificate Information | Field name | String modifiers | Search value | Matches sessions with specific keyword in the explicitly mentioned certificate field. |
| TLS Version | String modifiers | Search value | n/a | Matches traffic based on the used TLS Version. |
| Process | String modifiers | Search value | n/a | Matches a specific Process ID. |
| Comment | String modifiers | Search value | n/a | Matches sessions with specific Comment column. |
| Rules Modified | Boolean | n/a | n/a | Matches sessions modified by a rule. |
| Magic String | The "magic string" content | n/a | n/a | Uses the legacy Fiddler Classic string literals and regular expressions. |
Actions
When Fiddler Everywhere identifies a request that matches the rule's conditions, it automatically maps it to the action set in the rule. An action field that handles text (string modifier) is case-insensitive by default (you can use the Aa button to change them to case-sensitive) and can be auto-completed with suggestions corresponding to the captured sessions. Note that multiple actions will be executed in their numbered order, and action with the final action type will prevent the execution of all subsequent actions.
Apart from returning files or predefined responses, a rule can perform the following specific actions:
| Action name | Field Options | Field Options | Preview box | Usage Description | Action type |
|---|---|---|---|---|---|
| Mark Session | Choose background color | Choose foreground color | Sample Preview box | Marks the session with selected colors. | Non-final |
| Update URL | Value modifiers | New value | n/a | Uses the selected value modifier and the new value to update the current URL. | Non-final |
| Update Query String | Query Parameter Key | Value modifiers | New value | Uses the selected value modifier and the new value to update the query parameters. | Non-final |
| Update Status Code | n/a | n/a | n/a | Modifies the status code returned by the server while preserving the other data untouched. | Final |
| Update Request Header | Header Name | Value modifiers | New value | Uses the selected value modifier and the new value to update the request header. | Non-final |
| Update Response Header | Header Name | Value modifiers | New value | Uses the selected value modifier and the new value to update the response header. | Non-final |
| Update Request Body | Value modifiers | New value | n/a | Uses the selected value modifier and the new value to update the request body. | Non-final |
| Update Response Body | Value modifiers | New value | n/a | Uses the selected value modifier and the new value to update the response body. | Non-final |
| Update Request Cookies | Cookie Key | Value modifiers | New value | Uses the selected value modifier and the new value to update the cookie value. | Non-final |
| Update Response Cookies | Cookie Key | Value modifiers | New value | Uses the selected value modifier and the new value to update the cookie value. | Non-final |
| Set Breakpoint | Before Sending a Request or Before Sending a Response | n/a | n/a | Pauses the session before the sending request (to the server) or response (to the client). The action works only for newly established connections. | Non-final. |
| Return File | File Picker | n/a | n/a | Returns the picked response file. | Final |
| Return Manual Response | Text field for creating manual response | n/a | n/a | Returns the manually created response. | Final |
| Return Predefined Response | Predefined responses | n/a | n/a | Returns the selected predefined response. | Final |
| Return CONNECT Tunnel | n/a | n/a | n/a | This action should be used when you wish to test a URL, which will not be resolved by your DNS Server. The option is also reffered as "Accept all CONNECTs" | Final |
| Do Not Show | n/a | n/a | n/a | Hides the matched session for appearing in Fiddler. When the Do Not Show action is applied, no other actions will be executed. | Final |
| Do Not Decrypt | n/a | n/a | n/a | Skips decryption for a matched session and shows only CONNECT tunnels. Only conditions for Host, URL, Process, Client IP, HTTP Version, and Remote IP can be used. The action works only for newly established connections. | Final |
| Close Gracefully | n/a | n/a | n/a | This action will close the connection gracefully. | Final |
| Close Non Gracefully | n/a | n/a | n/a | This action will close the connection forcefully. | Final |
| Delay Request | Number value (milliseconds) | n/a | n/a | Delays the request execution with "n" milliseconds. | Non-final |
| Comment | String modifiers | New value | n/a | Action to modify, add, or remove a session comment | Non-final |
| Magic String | The "magic string" content | n/a | n/a | Uses the legacy Fiddler Classic string literals and regular expressions. | Final |
Final and Non-Final Actions
Rule actions can be divided into final and non-final depending on their behavior.
When you work with final and non-final actions, take into consideration the following insights:
Final actions immediately prevent any other action from executing if this action comes lower on the list for the specific rule. Final actions also prevent any rule with lower priority, which matches the request, from executing any actions.
Final actions are valid only when the rule is matched during the HTTP request.
If a session is matched with conditions that depend on its response (for example, a response body contains "HTML"), then any final action in any rule that matches the session will be ignored. The reason for this behavior is that final actions replace the response. By design, Fiddler is not intended to replace a response that was already received and matched conditions in a rule.
Non-final actions will allow other actions from the same rule or different rules with lower priority, which match the session, to execute.
The following examples demonstrate what will happen when you combine final and non-final actions in one or multiple rules.
Non-Final Actions Only
When only non-final actions are executed, all matching rules have their actions performed and applied.
Final Actions Only
When one or more rules include final actions, the execution of the actions immediately stops after the most promoted rule that contains a final action takes place. No other demoted rules will be executed after that. For example, Do Not Show and Do Not Decrypt are final actions.
Mix of Final and Non-Final Actions
When one or more rules include final actions, the execution of the actions immediately stops after the most promoted rule that contains a final action takes place. No other demoted rules will be executed after that.
Note that each rule has its priority in the Rules list and can be demoted and promoted, which will change the order of execution. Final rules won't block non-final rules with higher priority.
For a illustration of this scenario, refer to the following cases:
-
You have a rule with a final action (for example, the Close Gracefully final action).
In this case, the rule containing the final action has higher priority in the Rules list. Only the first rule will execute when the matching request is made, and other demoted rules won't be triggered.
-
You have a rule with non-final actions (for example, the Mark Session and the Update Request Header non-final actions).
In this case, the rule containing the non-final action has higher priority in the Rules list. When the matching request is made, the non-final action will execute, and then the following demoted rule will be triggered as well. If you add additional rules after the rule containing the final actions, they won't be executed.
