Combining power of Fiddler with Burp

Both are pretty powerful tools when it comes to intercept and modify http communications. But at some point of time, they become even more powerful combo if tied with each other. They complement each other. In a recent pentest I came across a similar situation where in Burp was not able to intercept a specific kind of traffic and Fiddler came to rescue.

The application was designed to upload video. The initial communication was straight forward, I mean logging into application, filling up the video details etc. And all these were easily captured by Burp except the point where you hit the Upload Video and it connects to a different server and surprisingly it was not captured by Burp, not sure why, even after repeated attempts. So, I fired Fiddler to see if the it sees this request. But it's a;ways to play with requests using Burp due to it's various functionalities like, Intruder, Repeaters etc. But it was necessary to capture this request in Burp.

So the below steps can be performed:

1, First start the Fiddler and let it run on it's default port (8888).

2. In outgoing stream settings inside Fddler, provide the following settings: https://; http://
3. Start the burp, specify the same port under proxy settings: 127.0.0.1:8080

Now run both in parallel, Fiddler will feed all the requests to Burp, which in turn will now capture the requests which it was not able to do earlier.

Now once, the request is captured, perform your needed activity in Burp- Scanner, Intruder, Repeater etc.!

Comments

Popular posts from this blog

SQL Injection in search field

File Upload through Null Byte Injection