How to modify a request in Fiddler?

Question

I'm looking for a simple way to intercept a web request and modify the contents of the request (mainly POSTs) using Fiddler.

This is to test server-side validation.

I have to use Fiddler, however I haven't found a good simple way to do so.

There have been several documented ways to write scripts to intercept traffic and change headers, but I would like to do it without writing a script - this tool needs to be used by the testers and writing/modifying scripts all the time by different testers may be annoying.

Example:

Simple POST with 2 parameters:

field1=foo, 
field2=bar

I would like to intercept the request, modify the value of field2 to be something like bañ (note the ñ, in my case is invalid and that is what I want to test).

score 97 · Accepted Answer · edited Oct 02 '15 at 15:56

Ok, posting the answer that I put together from piecing it together from the following youtube video:

Tampering Client Requests and Server Responses with Fiddler

Start fiddler (I'm using Fiddler 4)
You will notice that it intercepts all traffic through all browsers and other applications
Set a filter - this will enable you to view only the data you are interested in
1. On the right hand side, click on the filters tab
2. Check 'Use Filters'
3. On Hosts, use 'Show only the following Hosts'
4. In the text box below that, put the host you are testing for. In our case for the test environment, put the following: testing.internalsite.com;
5. In the section called 'Breakpoints', check 'Break request on POST'
Intercept the request
1. In your browser, navigate to the page which you are testing. In our case, it is the welcome page where we will be doing our testing of the server-side validation: https://testing.internalsite.com/yourapp/welcome.do
2. Clear all the existing logged requests by hitting the 'X' in the tool ribbon and choosing 'Remove all'.
3. In your browser, put the data into the form you are interested in testing and hit submit. This is valid data (passes client side validation) which you will be changing with fiddler.
4. In Fiddler, you will see the request with the red icon. Click on the request to load the details on the right side.
5. On the Inspectors tab, followed by the WebForms tab, you can modify the parameters of the form which was submitted. Change the data as appropriate for the test.
6. Hit the 'Run to completion' button
Validate that your response is correct - usually some sort of error message if you are testing the server-side validations

This is simply a method to reconfigure a client-side request - any client-side validation should have an equivalent server-side validation, because a client theoretically always has the ability to control what the machine sends. — Coruscate5, Oct 26 '16 at 01:26
@Sujit.Warrier No. You never have control over what the client can send; meaning you can never trust client data. You *must* validate/cleanse/etc on the server side. — Matthew, Jan 18 '17 at 20:37

score 9 · Answer 2 · answered Feb 06 '17 at 08:42

I use fiddler 4.6.3. You can try this if you are submitting a web form.

Note the post request when you submit a form. Let that request remain in fiddler. Lets modify the request in Fiddler.

1 - Right click request > check "unlock for editing".

2 - Inspector tab > Modify form fields such as username, password etc. in Body section.

3 - Right click request > Replay > Reissue request.

Done ! The only problem with this approach is that you modify the old request. In Charles proxy, this is done in 2-3 clicks vs the many clicks in Fiddler. Plus, you don't have to mess the old request.

"the many clicks in Fiddler"?! Where are they? Your answer contains 2 right clicks and probably 2 left clicks. If "Charles proxy" (never heard of it) has much less clicks the reason can only be that it has much less functionality (or a real overloaded gui with "thousands" of buttons). — The incredible Jan, May 14 '18 at 06:57

How to modify a request in Fiddler?

2 Answers2

Linked