Live Traffic Grid

Live Traffic Grid

The Traffic pane provides essential features of Fiddler Everywhere including the captured traffic visualized within the Live Traffic grid.

Live traffic summarizes each captured session that shows in the Live Traffic grid. It also provides functionalities to work with these sessions through the Live Traffic toolbar, the Inspectors types, and the corresponding Rules tab. The feature enables the saving and sharing of sessions, editing issued requests, marking, commenting sessions, and applying rules.

Defining a Session

A (web) session represents a single transaction between a client and a server, sometimes known as a request/response pair. Each session appears as a single entry in Live Traffic grid. Each session object has a Request and a Response, representing the data the client sends to the server and the data the server returns to the client. The session object also maintains a set of flags that record metadata about the session and a timers object that stores timestamps logged during the processing of the session.

Live Traffic Toolbar

The toolbar of the Live Traffic section provides various functionalities such as filtering by multiple criteria, using independent browser instances, searching, saving, and sharing sessions, and managing the user interface.

The Live Traffic toolbar provides the following functionalities:

Filtering Traffic

Use the filtering options (the Filters toolbar option and the column filters) to create and apply complex filters on your captured sessions in the Live Traffic grid.

Learn more about the filtering options in Fiddler Everywhere...

Independent Browser Capturing

Use the Open Browser button to capture traffic from a specific browser instance without modifying the system proxy settings.

Use the Open Browser button to start independent browser instance

Learn more about the independent browser capturing...

Terminal Capturing

Use the >_ Terminal button to capture traffic from a specific terminal instance without modifying the system proxy settings.

Use the Terminal button to start independent terminal instance

Learn more about the independent terminal capturing...

Removing All Sessions

The Remove All button deletes all captured traffic from the Live Traffic grid. The action requires explicit confirmation. To remove only specific sessions, select the desired ones and use the remove options from the context menu.

Searching

To search for specific values in the URL and the headers of all sessions, use the Quick Search text input. The search action immediately filters all sessions containing the search terms and highlights the matched data. If a match is in a hidden column (for example, due to an applied filter), a warning icon shows next to the search box, which helps you show the column(s) quickly.

Quick Search option to highlight & filter sessions based on a match

Searching within Request and Response Bodies

Version 5.9.0 of Fiddler Everywhere introduced the option to quickly search within multiple response bodies as a feature requested by the community. Note that in some cases, the Fiddler Everywhere application can search in hundreds or even thousands of sessions that can have large HTTP bodies - the immediate result of a similar search could lead to degradation of the performance (due to the processing time and memory resources needed to complete the search). It's recommended to use the search in bodies feature only with a smaller set of captured sessions.

To enable the feature to search in bodies, toggle the button at the right end of the Quick Search input field.

Quick search option to highlight and filter session based on a matched results from both URLs, and HTTP Bodies

Saving Sessions

To save captured sessions, use the main menu's Save button, automatically saving all captured traffic. To save only specific sessions, select the desired ones and use the advanced saving options from the context menu.

To save sessions for later or prepare sessions for sharing:

  1. Click the Save button. As a result, a Save Sessions prompt window appears.

  2. Enter a session name in the Give your session a name field.

  3. Choose whether to store the session in the Local Storage or in the Cloud Storage.

  4. (Optional) Choose a folder (within the Fiddler UI) to store the session.

  5. (Optional) Use the password protection switch to enable encryption and set a password.

  6. Click Save. The saved session immediately loads in the save Sessions tree.

Sharing Sessions

Sharing sessions dramatically improve collaboration, and Fiddler Everywhere provides the following options to export and share sessions:

  • Sharing through the Share button from a saved session entry in the save Sessions tree.

  • Sharing through the Share option from the Live Traffic grid context menu.

  • Sharing through the Share button from the Live Traffic grid toolbar. The Live Traffic toolbar comes with a Share button that will save in a file the currently displayed sessions, captured within the Live Traffic grid, and then will share them through an explicitly provided email.

To share a session through the toolbar:

  1. Click the Share button. As a result, the Save Session prompt window appears.

  2. In the Save Sessions prompt window, enter a valid name and choose a folder to store the session.

  3. In the Share Sessions prompt window, enter a valid email and click Share. Entering notes is optional.

Managing Columns

Use the Columns menu to manage which columns to show up in the Live Traffic grid.

You can also create a custom column through the Add Custom Column option near the bottom of the menu. Manage columns from the Fiddler's UI

Learn more about each column present in the Live Traffic grid here...

Toggling Layout

The last icon on the right side of the toolbar presents an option to restructure the main Fiddler Everywhere layout structure for the Live Traffic grid and the Inspectors. The layout change option is available for the Live traffic tab, comparison, and saved sessions tabs. The layout options are as follows:

  • (Default layout) Live Traffic grid on the left side and the Inspectors on the right (top for Request Inspectors and bottom for Response Inspectors).
  • (Alternative layout) Live Traffic grid at the top and the Inspectors at the bottom (left for Request Inspectors and right for Response Inspectors).

You can collapse the side panels Sessions and Requests and toggle the main layout to optimize your working space.

Live Traffic Grid

The Live Traffic grid displays all captured web sessions with their technical details structured in columns.

Many operations start by selecting one or more entries in the Live Traffic grid and activating other features.

  • To select more than one session, hold the Ctrl (Command on Mac) or Shift keys while clicking the desired rows.

  • Double-click or press Enter (Return on Mac) to activate the default inspectors for a single selected session.

When the Inspectors are activated, they will automatically decide which inspector type is best suited to display the request and response of the selected session.

List Icons

The Live Traffic grid uses icons to provide additional context for each recorded session. To trigger an explanatory tooltip, hover over a Live Traffic grid entry icon.

The following table displays the icons which Live Traffic grid supports for its entries:

Icon Name Description
Represents a generic successful response.
Uploading content for a session in progress (the request is being sent to the server).
Uploading paused for the session in progress.
Downloading content for the session in progress (the response is being read from the server).
Downloading paused for the session in progress.
The session was aborted by the client, Fiddler, or the Server.
The response was a server error.
The response returned status code 401 Unauthorized.
The response redirect status code 300, 301, 302, 303 or 307.
A tunnel is used for WebSocket traffic.
The request used the HTTP CONNECT method - establishes a tunnel used for HTTPS traffic.
A tunnel used for RPC traffic.
No content loaded.
Not modified.
Partial content.
The response was an image.
The response was a JavaScript file.
The response was a CSS file.
The response was an HTML file.
A tunnel is used for GRPC traffic.
The response was a Flash file.
The response was an XML file.
The response was a Silverlight file.
The response was an audio file.
The response was a video file.
The response was a font file.
The response was a JSON file.
The request used the POST method.

Breakpoint Indicators

A paused session or otherwise a session that hit an active breakpoint will have a special "Paused" icon in the Live Traffic grid.

Certificate Indicators

Each list icon can contain an additional triangle warning that indicates different server certificate issues.

  • A small orange triangle warning indicates that the server uses a certificate that is about to expire within 30 days. You can expand and inspect the certificate expiration warning in detail through the Response inspector notification.

    Certificate expiring note

  • A small red triangle warning indicates that there are certificate errors. You can expand and inspect the certificate error in detail through the Response inspector notification.

    Certificate error note

  • Absence of the triangle warning means no issues with the server certificate. You can still expand and inspect the used certificate in detail through the Response inspector notification.

    Valid Certificate details

Learn more about how to use the server certificate details in Fiddler Everywhere here...

Columns

The following table lists the Live Traffic columns and the information they display. Apart from just being a descriptive tag, each column name can be applied as a matching condition filter (for example, you can create a filter that matches TLS Version column values and apply actions applicable only for a session with TLS 1.3). In addition to the predefined columns listed below, Fiddler Everywhere allows you to create your own custom columns.

Column name Description
# A unique identification number generated by Fiddler Everywhere. The column also contains an icon that represents the session type and might contain certificate expiration indicator.
Scheme The protocol type (HTTP or HTTPS) used by the session.
Host The hostname and the server's port to which the request was sent. The column also indicates requests with CONNECT method with the Tunnel to value (CONNECT tunnels in Fiddler).
Path The path refers to the exact location of a page, post, file, or asset. The path resides after the hostname and is separated by a forward slash (/).
URL The URL contains the protocol, the hostname, the port, and the path from the request.
HTTP Version The protocol version used for communication between the client and the server (HTTP/1.1, HTTP/2, HTTP/2 + HTTP/1.1, and HTTP/1.1 + HTTP/2)
TLS Version The TLS version used for communication between the client and Fiddler and between Fiddler and the server. The possible values are SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3, and combination of all listed in scenarios when the TLS version differs for the request and response. https://docs.telerik.com/fiddler-everywhere/security#tls-version-specificsLearn more about the TLS version specifics in Fiddler Everywhere here...
Status Code The HTTP response status code
Method The HTTP method used by the request that was made (GET, POST, PUT, and so on)
Process The local OS process from which the traffic originated—for example, `chrome:8212` indicates a Google Chrome browser instance.
Client IP Indicates the client IP that sent this request. Mostly applicable when multiple computers on a network are pointed to a single Fiddler instance.
Remote IP Indicates the IP address of the server used for this request.
Protocol The protocol type (HTTP, gRPC, Socket.IO, etc.,) used by the session.
Session State Indicates the session type as either opened (active) or closed.
Body Size The number of bytes in the response body.
Caching Values from the Expires and Cache-Control headers of the response.
Content-Type The Content-Type header from the response.
Request Time Indicates when the session was executed in an HH:MM:SS:ms format.
Request Date Indicates the date when the session was executed in a MM:DD:YYYY format.
Duration Indicates the duration (in milliseconds) that took for the session to complete.
Rules Modified Indicates if the session is modified by active rules from the Rules tab.
Comments Shows the custom comments added by you or the author of a shared session.

Creating Custom Columns

Add, edit, or remove a custom column to the columns list. Afterward, the columns are visualized similarly to the Fiddler's predefined columns.

Add a custom column through one of these actions:

  • Open the Columns menu and the click on the Add Custom Column item.

    Created custom column

  • In the prompted custom column dialog, specify an HTTP Header (it's value will populate the column data) and assign a column name. The header's value will appear in the session grid if the header is present in the captured session. Otherwise, the column stays empty.

    Create a custom column in Fiddler Everywhere

  • Open the Headers inspector in HTTP request/response, right-click on a selected header to load the context menu, and choose Add as a column.

    Create a custom column in Fiddler Everywhere

After the successful creation, the new column is immediately available in the Live Traffic grid. Adding a new column makes the new column visible in all tabs (both Live Traffic and opened snapshots). Unchecking the column is persisted per tab - it won't apply globally.

Created custom column

Edit a custom column through the Columns menu and click the edit icon. Remove a custom column through the Columns menu and click on the remove icon (a deletion confirmation displays).

Filter by a custom column through the filtering button to the right of the column name.

Reset Columns

To reset all columns to their default Fiddler's state, open the Columns menu and use the Reset option at the bottom. This action resets all columns (shows the default selection) but won't remove any custom-made columns (it will only hide them).

Traffic Sorting and Filtering

By default, the captured traffic is sorted in the order sessions appear during the traffic capturing, sorted by the unique identification number column, and no active filters are applied. You can use the built-in sorting and filtering options to optimize the outcome.

Sorting Options

To create a custom sorting order, click the desired column. For example, click the URL column to sort alphabetically based on the URL or click the Body Size column to sort based on the session size in bytes. The default sorting order is based on the unique identification number (order of appearance).

Filtering Options

Each column has a filter button, which popups an additional Filter menu to create.

The column Filter menu lets you add filters for the currently selected column —for example, filter all the traffic by the host name or by a specific status code. Columns with active filters will have a blue filter indicator. You can remove a column filter through the Clear button in the Filter menu (for the filtered column) or through the Filters toolbar option.

Apply complex filters by using the Filters toolbar option (which supports all Fiddler's columns as possible match conditions) or learn more about the Column Filters options.

Context Menu Options

The context menu for the Live Traffic grid exposes actions you can apply for one or more sessions. To show the context menu, right-click (Windows OS), or press Control and mouse-click (macOS).

Live Traffic context menu

Replaying

To replay previously captured sessions, use the Replay context menu option, which can be accessed with the keyboard by pressing R.

Editing in the Composer

The Edit in Composer context menu option loads the selected request in a new composer window where it can be edited, saved for later usage and sharing, and reissued.

Resuming Paused Sessions

To resume the execution of sessions that hit active breakpoints, use the Resume Paused Sessions context menu option, which can be accessed with the keyboard by pressing F5.

Adding New Rules

You can use a captured session entry to quickly mock client or server behavior. For similar cases, you can use the session URL alongside the Rules tab. Creating rules allows you to test complex scenarios and various mock responses.

To add a new rule:

  1. Select the desired session entry and right-click to open the context menu. Select Add New Rule.

  2. A new rule is automatically created. The rule will use the URL from the selected session entry and, by default, will apply the initial response through the Manual Response action option.

Saving

To save selected sessions, use the Save context menu option. The saved sessions will appear in the save Sessions tree to the left of the Fiddler Everywhere interface, and from there, you can later re-open, export, and share them.

The option displays a Save prompt window. To save the desired sessions:

  1. Select the sessions, open the context menu, and click the Save option.

  2. Enter your session name and choose the folder storing the entry.

  3. (Optional) Use the password protection switch to enable encryption and set a password. Only users with knowledge of the password can open the entry.

  4. Click Save. The saved session immediately loads in the save Sessions tree.

  5. Double-click the saved session to load it in a new Composer tab. Note that encrypted sessions will prompt for a password before loading.

Alternatively, you can save all captured traffic through the Save button from the toolbar.

Exporting

The Export context menu option allows you to export the selected sessions in various formats such as SAZ (Fiddler Archive), HTTPArchive, WCAT, MeddlerScript, cURLScript, and more.

Sharing

The Share context menu option enables the sharing of selected sessions. Before any session is shared, it is saved as an entry in the save Sessions tree. Then, the threshold can be transmitted through email.

The option initially displays a Save and then a Share prompt window.

  1. Select the sessions, open the context menu, and click the Share option.

  2. The selected sessions are saved. Enter your session name and click Save and proceed.

  3. The Share prompt window appears. Enter a valid email and, optionally, add notes. Once ready, click Share. Note that when sharing an encrypted session, the recipient will need the password to access it.

Alternatively, you can share captured traffic through the Share button from the toolbar.

Removing

To delete a selected sessions from your Live Traffic grid, use the Remove context menu options.

Copying

To place session information in the clipboard, use the Copy context menu option, which supports the following options:

  • Copy URL(s)—Places the session URL in the system clipboard; Can be triggered with the keyboard by pressing Cmd+U (on Mac), or Ctrl+U (on Windows).

  • Copy All Columns (Tab Separated)—Places verbose session details (from all visible columns in the Live Traffic grid or from saved session snapshots) in the system clipboard; Can be triggered with the keyboard by pressing Cmd+C (on Mac), or Ctrl+C (on Windows).

  • Copy as Fetch—Converts the request as a Fetch code and puts it in the system clipboard.

  • Copy as cURL—Converts the request as a curl command and puts it in the system clipboard.

  • Copy as PowerShell—Converts the request as a Windows PowerShell code and puts it in the system clipboard.

    The Copy as PowerShell feature generates Windows PowerShell code, not PowerShell (NetCore). These two PS variations use different APIs for HTTP requests (WebRequest vs. HttpClient), making the generated code compatible only with Windows PowerShell.

  • Copy as Python (Requests)—Converts the request as a Python code and puts it in the system clipboard.

Selecting

To select sessions directly related to the currently selected session, use the Select context menu option. You choose parent, children, and duplicate sessions.

  • Parent request—selects the session that is a parent of the currently selected session; can be accessed with the keyboard by pressing P.

  • Children requests—selects the sessions that are children of the currently selected session; can be accessed with the keyboard by pressing C.

  • Duplicate request—selects the session that is identical to the currently selected session; can be accessed with the keyboard by pressing D.

Marking

Use the Mark context menu option to apply colors or strike out single or multiple sessions.

  1. Select the sessions, open the context menu, and click the Mark option.

  2. Click the preferred marking style to apply it.

Saved and shared sessions will contain the custom marking.

Comparing

Select two sessions and use the Compare context menu option to load the Compare Sessions tab.

Learn more on how to compare sessions with Fiddler Everywhere here...

Adding Sessions to Compare Groups

Add sessions to compare groups through the Add to compare groups. This functionality allows you to add and inspect more sessions in the Compare Sessions tab.

Learn more on how to work with compare groups here...

Commenting

To add comments on single or multiple sessions, use the Comment context menu option.

  1. Select the sessions, open the context menu, and click the Comment option, which can be accessed with the keyboard by pressing M.

  2. A Comment dialog appears. Enter the comment and click Ok.

  3. The text is added to the comment field for the selected sessions.

Saved and shared sessions will contain the added comments.

Bypassing the Proxy

The Bypass option lets you quickly add a root domain or specific subdomain address to the bypass list on-the-fly while actively capturing. that the Fiddler Everywhere proxy will explicitly bypass. To add an endpoint to the bypass list:

  1. Select the desired session entry.

  2. Right-click to open the context menu. Then choose one of the following bypass options:

    • Select Bypass > Add <*.domain.xxx> to the bypass list to add the root domain and its subdomains to the bypass list. Adds a wildcard entry in the form **.domain.xxx*.

    • Select Bypass > Add to the bypass list to add a specific domain address to the bypass list.

Consider the following rules when bypassing a domain: