How To trace HTTPS and REST API using Fiddler

How to trace HTTP(S) and REST API using Fiddler

Fiddler can help you troubleshoot HTTP(S) / REST API / SOAP Web requests very easily.  Fiddler is a web debugging proxy that logs all HTTP(s) traffic between your client machine and a server. It allows you to inspect the HTTP requests and responses in the raw format that in which is it sent and received.

It's also used for performance testing, session manipulation, security testing and can even be used to act as a reverse proxy allowing you to inspect traffic between the web and your phone / tablet / IoT device.

If you are using our REST Adapters that are part of the COZYROC SSIS+ Suite you will find this knowledge base article very useful.

Installing Fiddler

The software is free and you can download it from this link.  If it doesn’t work, submit the Download Fiddler Form in order to download it.

Configuring Fiddler

When you start Fiddler for the very first time, a window will pop up concerning WinConfig containers .  You can ignore it for now and simply opt out.

Figure 1

In order to start capturing HTTPS traffic, we will need to first enable the logging Option. This Option is not enabled out of the box because it needs to have its root certificate trusted.  Otherwise, all HTTPS traffic will be ignored.
  1. From the top menu, Click Tools and select Options from the sub-menu (See Figure 2).
  2. When the Options window appears, Click on the HTTPS tab.
  3. Then Click on the Decrypt HTTPS traffic check box (See Figure 3).
  4. If you receive a pop-up window asking you if you wish to trust the Fiddler Root certificate, Click Yes. Fiddler decrypts HTTPS sessions by re-signing traffic using the certificate.  If you don’t accept, will not work.
  5. After clicking on YES to all the pop-up windows that follow regarding the certificate, on the HTTPS tab, there's a section called Protocols, Click on the existing Protocols and append tls1.1;tls1.2;.
  6. Click on the OK button and close the window.

Figure 2 

Figure 3

Filtering Logs (Optional)

If you are not aware, Fiddler logs everything, and it can be difficult at times to keep track of what it is you're attempting to track and debug.  However, you can filter out all the noise, by enabling Use Filter.
  1. Click on the Filter tab, which is located on the right side of the Session List.
  2. Click on the Use Filter check box.
  3. Then on the drop-down menu -No Host Filter-, Select Show only the following Hosts.
  4. Enter the domain in the text box below -No Host Filter- (e.g., *
  5. Click on the Actions button in the top right corner and from the sub-menu Click on Run Filter now (See Figure 4).

Figure 4


Before you can view the HTTPS traffic in the session list, you must ensure Capture Traffic is enabled. 
  1. From the main menu, Click File.
  2. Click on Capture Traffic (See Figure 5).  If there is no check mark next to Capture Traffic, it is not enabled.
Note: Fiddler only starts capturing traffic when you have enabled it. By default, it runs on the local machine ( Port 8888.

Figure 5

After you have enabled Capture Traffic, from Visual Studio start your SSIS package that contains the REST Adapter connection.  If your SSIS package executes successfully, you will begin to see HTTPS traffic on the session list (See Figure 6).

Figure 6
  1. Select one of those sessions and then Click on Inspectors tab.  Note: by default Fiddler will show you JSON/XML tab.  
  2. However, if you wanted to see the raw text, Click on the SyntaxView tab.
  3. Then Right-Click in the SyntaxView and Select Format Script/JSON (See Figure 7).

Figure 7

And that's all there is to getting started with Fiddler.