Using Conditions and Actions
A rule in Fiddler Everywhere is a feature that enables you to use a condition to match targeted traffic (HTTP requests and responses) and then apply a specific action to modify its original behavior.
The article lists and explains the supported matching conditions and applicable actions while creating a rule with the Rules tab in Fiddler Everywhere. It also covers the specifics of final and non-final actions and their immediate result on the modified traffic.
Conditions
The Rule Builder can add and use single or multiple matching conditions needed to trigger different actions. The conditions are logical structures with different statements whose numbers can vary between two and four. A statement field that handles text (string modifier) is case-insensitive by default (you can use the Aa button to change them to case-sensitive) and can be auto-completed with suggestions corresponding to the captured sessions.
For more information, refer to the following list.
| Condition Value | Field Options | Field Options | Field Options | Usage Description |
|---|---|---|---|---|
| All Sessions | n/a | n/a | n/a | Matches all captured sessions |
| URL | String modifiers | Search value | n/a | Matches a specific keyword in the URL column. |
| Host | String modifiers | Search value | n/a | Matches a specific keyword in the Host column. |
| Path | String modifiers | Search value | n/a | Matches a specific keyword in the path column. |
| Protocol | HTTP, WebSocket, Socket.IO, RPC, gRPC, SSE | n/a | n/a | Differentiate the traffic based on the used protocol |
| Method | String modifiers | Search value | n/a | Matches sessions using specific HTTP Method. |
| Status Code | String modifiers | Search value | n/a | Matches a specific keyword in the Result column. |
| HTTP Version | String modifiers | Search value | n/a | Matches a specific HTTP Version. |
| Request Header | Header name | String modifiers | The search value | Matches sessions with specific keyword in the explicitly mentioned Request header column. |
| Response Header | Header name | String modifiers | The search value | Matches sessions with specific keyword in the explicitly mentioned Response header column. |
| Request Body | String modifiers | Search value | n/a | Matches sessions with specific keyword in the Request Body column. |
| Response Body | String modifiers | Search value | n/a | Matches sessions with specific keyword in the Response body. |
| Request Cookie | Cookie name | String modifiers | Search value | Matches sessions with specific keyword in the explicitly mentioned Request Cookie. |
| Response Cookie | Cookie name | String modifiers | Search value | Matches sessions with specific keyword in the explicitly mentioned Response Cookie. |
| Request Body Size | Number modifiers (compares bytes) | Search value | n/a | Matches session with specific Request Body Size. |
| Response Body Size | Number modifiers (compares bytes) | Search value | n/a | Matches session with specific Response Body Size. |
| Request Time | String modifiers | Search value | n/a | Matches specific date string in the Request Time column. |
| Request Date | Date modifiers | Date form | n/a | Matches session executed on a specific date. |
| Duration | Number modifiers (compares milliseconds) | Search value | n/a | Matches sessions with specific Duration. |
| Client IP | String modifiers | Search value | n/a | Matches session with specific Client IP. |
| Remote IP | String modifiers | Search value | n/a | Matches session with specific Remote IP. |
| Certificate Information | Field name | String modifiers | Search value | Matches sessions with specific keyword in the explicitly mentioned certificate field. |
| TLS Version | String modifiers | Search value | n/a | Matches traffic based on the used TLS Version. |
| Process | String modifiers | Search value | n/a | Matches a specific Process ID. |
| Comment | String modifiers | Search value | n/a | Matches sessions with specific Comment column. |
| Rules Modified | Boolean | n/a | n/a | Matches sessions modified by a rule. |
| Magic String | The "magic string" content | n/a | n/a | Uses the legacy Fiddler Classic string literals and regular expressions. |
Actions
When Fiddler Everywhere identifies a request that matches the rule's conditions, it automatically maps it to the action set in the rule. An action field that handles text (string modifier) is case-insensitive by default (you can use the Aa button to change them to case-sensitive) and can be auto-completed with suggestions corresponding to the captured sessions. Note that multiple actions will be executed in their numbered order, and action with the final action type will prevent the execution of all subsequent actions.
Apart from returning files or predefined responses, a rule can perform the following specific actions:
| Action name | Field Options | Field Options | Preview box | Usage Description | Action type |
|---|---|---|---|---|---|
| Mark Session | Choose background color | Choose foreground color | Sample Preview box | Marks the session with selected colors. | Non-final |
| Update URL | Value modifiers | New value | n/a | Uses the selected value modifier and the new value to update the current URL. | Non-final |
| Update Query String | Query Parameter Key | Value modifiers | New value | Uses the selected value modifier and the new value to update the query parameters. | Non-final |
| Update Status Code | n/a | n/a | n/a | Modifies the status code returned by the server while preserving the other data untouched. | Non-final |
| Update Request Header | Header Name | Value modifiers | New value | Uses the selected value modifier and the new value to update the request header. | Non-final |
| Update Response Header | Header Name | Value modifiers | New value | Uses the selected value modifier and the new value to update the response header. | Non-final |
| Update Request Body | Value modifiers | New value | n/a | Uses the selected value modifier and the new value to update the request body. | Non-final |
| Update Response Body | Value modifiers | New value | n/a | Uses the selected value modifier and the new value to update the response body. | Non-final |
| Update Request Cookies | Cookie Key | Value modifiers | New value | Uses the selected value modifier and the new value to update the cookie value. | Non-final |
| Update Response Cookies | Cookie Key | Value modifiers | New value | Uses the selected value modifier and the new value to update the cookie value. | Non-final |
| Set Breakpoint | Before Sending a Request or Before Sending a Response | n/a | n/a | Pauses the session before the sending request (to the server) or response (to the client). The action works only for newly established connections. | Non-final. |
| Return File | File Picker | n/a | n/a | Returns the picked response file. | Non-final |
| Return Manual Response | Text field for creating manual response | n/a | n/a | Returns the manually created response. | Non-final |
| Return Predefined Response | Predefined responses | n/a | n/a | Returns the selected predefined response. | Non-final |
| Return CONNECT Tunnel | n/a | n/a | n/a | This action should be used when you wish to test a URL, which will not be resolved by your DNS Server. The option is also reffered as "Accept all CONNECTs" | Final |
| Do Not Show | n/a | n/a | n/a | Hides the matched session for appearing in Fiddler. When the Do Not Show action is applied, no other actions will be executed. | Final |
| Do Not Decrypt | n/a | n/a | n/a | Skips decryption for a matched session and shows only CONNECT tunnels. Only conditions for Host, URL, Process, Client IP, HTTP Version, and Remote IP can be used. The action works only for newly established connections. | Final |
| Close Gracefully | n/a | n/a | n/a | This action will close the connection gracefully. | Final |
| Close Non Gracefully | n/a | n/a | n/a | This action will close the connection forcefully. | Final |
| Delay Request | Number value (milliseconds) | n/a | n/a | Delays the request execution with "n" milliseconds. | Non-final |
| Comment | String modifiers | New value | n/a | Action to modify, add, or remove a session comment | Non-final |
| Magic String | The "magic string" content | n/a | n/a | Uses the legacy Fiddler Classic string literals and regular expressions. | Non-final |
Final and Non-Final Actions
Rule actions can be divided into final and non-final depending on their behavior and whether their presence will allow our actions and rules to be executed.
When you work with final and non-final actions, take into consideration the following insights:
Final actions prevent the execution of any other rule with lower priority (placed lower in the Rules list).
Final actions prevent the execution of any other rule with lower priority (placed lower in the Rules list).
Final actions are valid (as final) only when the rule matches an HTTP(S) session.
If a session matches with conditions that depend on its response (for example, a response body contains "HTML"), then any final action in any rule that matches the session will be ignored. The reason for this behavior is that final actions replace the response. By design, Fiddler is not intended to replace a response that was already received and matched conditions in a rule.
Non-final actions are non-blocking - they will allow actions from any other active rules to execute.
A non-final action can be explicitly made final by checking the "Make this action final" option.
The following table demonstrate what happens when you combine final and non-final actions in one or multiple rules.
| Actions Type | Result |
|---|---|
| Only non-final actions | All matching rules have their actions performed and applied |
| Only final actions | When a final action triggers, the execution of the rule immediately stops. No other demoted actions or rules will be executed after that. For example, Do Not Show and Do Not Decrypt are final actions. |
| Mix of final and non-final Actions | When a final action triggers, the execution of the rule immediately stops. No other demoted actions or rules will be executed after that. For example, the Do Not Show action will block the execution of the Update Response Body action |
Note that each rule is prioritized in the Rules list and can be demoted and promoted, which will change the execution order. Final rules won't block other active rules that have higher priority the Rules list.
For an illustration of this scenario, refer to the following cases:
-
You have a rule with a final action (for example, the Close Gracefully final action).
In this case, the rule containing the final action has higher priority in the Rules list. When the matching request is made, only the first rule will execute, and other demoted rules (and actions) will not be triggered.
-
You have a rule with non-final action (for example, the Mark Session action).
In this case, the rule containing the non-final action has higher priority in the Rules list. When the matching request is made, the non-final action will execute, and then the following demoted rule will be triggered as well. If you add additional rules after the rule that contains final actions, they won't be executed.
