How To: Inject custom HTTP headers with Fiddler

When you’re testing a web service or web site with authentication credentials posted via HTTP headers, you might want a way to inject testing credentials without login in. Fiddler could help with that, but its rules need to be configured. Below I’ll describe how to do that Fiddler v4.5 (did not experiment in earlier versions).

In Fiddler you can add your own rules editing CustomRules.txt which is located here C:\%UserProfile%\Documents\Fiddler2\Scripts. Or you can open it from the menu.

filddler_custom_rules

The file contains the class Handlers. At first we should add a menu item to enable the custom headers.

The code above should be placed in the beginning of the class definition. Fiddler will read it and add the item on-the-fly under “Customize Rules…”. Now you can enable or disable the headers.

fiddler_custom_headers

It’s just  a flag and you need to add another piece of code to the custom rules. You should find the method OnBeforeRequest and a condition to add the headers when the flag is enabled.

In my work project the custom headers can be found in the miscellaneous section. At the same time in the Firebug they are not present.

fiddler_custom_headers_inspect

That’s it for now.




No Comments


You can leave the first : )



Leave a Reply