In the last half of the year I’ve slowly decrease my reading of Tech Republic’s articles. And not by intention, but because there was few things of interest for me. And I become aware of this by reading this article about Fiddler. I’ve been using Fiddler for about eight years – practically from its beginnings; since then so many articles were posted about it, most of them on very popular sites and it probably has millions of users. Now, I was expected some new cool feature to be presented; instead of that, just basic info bout Fiddler – for me, their article is eight years too late.
If I can imagine working with SqlServer without Profiler, I cannot imagine programming for web without Fiddler. What goes over the wire is something that every web programmer should check. Check for your site (or for other sites!) the size of the request/response, POST params, cookies, headers, ajax calls, compression, pausing the request and changing it, etc., and all this with different browsers. The last is my favorite because I can easily try to bypass authorization – the authentication is usually done right – but the authorization is so easy overlooked; and I’m not referring only to the standard sql injections. Actually, many years ago, my first try, was a success – a sql injection didn’t worked, but I changed the id of a post that I was editing on a forum – the server applied the changes without complaining that I’m not authorized to change the post of another user.
Back from where we’ve started, I would’ve understood if the article was presenting some other tool similar to Fiddler, but unknown to the web programming community. Thus, it brings no novelty to me or the community. This is what happens when people post because they have to, not because they have something to say.