If you’re trying to diagnose web problems, or you’re concerned about security, then it can sometimes be useful to watch your PC’s HTTP and HTTPS traffic.
Fiddler is one possible solution, an industrial-strength web debugging proxy with a lengthy feature list and enough monitoring power to satisfy the most demanding of developers.
It’s an amazing application, but if it sounds too complex for you – or you’re just short of time – then the same company also provides FiddlerCap, a tiny tool which captures and displays web traffic at the click of a button.
To get started, install and launch the program, and click “Start Capture”.
Open a browser window, visit a few sites and every HTTP connection – HTML code, scripts, images, whatever – is displayed. A report table lists their host, path and HTTP status.
A “Stop” button stops capture on demand, and a “Save” button saves the report as a Session Archive Zip (SAZ) file for viewing in the full version of Fiddler (there’s no “save in plain text” option).
FiddlerCap’s most interesting feature is its ability to monitor secure connections. Check the “Decrypt HTTPS traffic” box (if you’re currently running a capture, click “Stop” first), FiddlerCap generates and uses its own local certificate for HTTPS connections, decrypting and displaying the results.
If you try this then your browser will probably complain that it doesn’t recognise the certificate. Under normal circumstances that error is a major red flag, but in this case it’s safe to ignore the warning. FiddlerCap is a well-known, trustworthy tool which removes its certificate when done, and you can continue as normal.
(Of course if you capture HTTPS traffic at a sensitive site, like your bank, it’s very possible that the report will include confidential information. Don’t turn on HTTPS encryption unless you need it, don’t enable it for any longer than necessary, don’t leave FiddlerCap open if others are around, and don’t save a report unless you’re completely sure what it contains.)
FiddlerCap doesn’t do much, then, but it does make HTTP and HTTPS monitoring very easy. If that’s interesting to you, give it a try.