How To: Inject custom HTTP headers with Fiddler

When you’re testing a web service or web site with authentication credentials posted via HTTP headers, you might want a way to inject testing credentials without login in. could help with that, but its rules need to be configured. Below I’ll describe how to do that Fiddler v4.5 (did not experiment in earlier versions).

In you can add your own rules editing CustomRules.txt which is located here C:\%UserProfile%\Documents\Fiddler2\Scripts. Or you can open it from the menu.


The file contains the class Handlers. At first we should add a menu item to enable the custom headers.

public static RulesOption("Enable X-MyWebService headers")
var m_XMyWebServiceHeaders: boolean = false;

The code above should be placed in the beginning of the class definition. will read it and add the item on-the-fly under “Customize Rules…”. Now you can enable or disable the headers.


It’s just  a flag and you need to add another piece of code to the custom rules. You should find the method OnBeforeRequest and a condition to add the headers when the flag is enabled.

static function OnBeforeRequest(oSession: Session) {
  // skipped
  if (m_XWebServiceHeaders) {
    if (oSession.uriContains("/localhost:54675/WebService/")) {
      oSession.oRequest.headers["X-WebService-AppVersion"] = "1";
      oSession.oRequest.headers["X-WebService-Token"] = "2924e6dd-55aa-41a7-9e64-cd1d01c834a2";
  // skipped

In my work project the custom headers can be found in the miscellaneous section. At the same time in the Firebug they are not present.


That’s it for now.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Post

%d bloggers like this: