Herding Code 116: Eric Lawrence on Fiddler, IE Internals, and HTTP

This episode of Herding Code the guys talk to Eric Lawrence, the author of the popular Fiddler web debugging proxy. Eric’s also a member of the Internet Explorer team and developer of several popular freeware tools.

• Eric explains how he’s been working on – and now runs – the team that works on the networking components for Internet Explorer.
• Kevin asks Eric to clarify what portions of IE he works on. Eric explains that he’s on fundamentals, which includes things like networking and security, not rendering or the DOM.
• Jon asks Eric about his development focus. Eric says that his main focus is on C#.
• Jon references an interesting bit of Eric’s MIX talk about Fiddler – Fiddler is an HTTP proxy, so it works with all browsers and devices.
• Scott mentions that he’s used Fiddler for low-level network debugging. Eric talks about the broad range of Fiddler users.
• Eric mentions that Fiddler’s used for security testing, and there’s a discussion of fuzz testing. Eric describes "dumb fuzzing" and "smart fuzzing".
• Jon asks how Fiddler is used with mobile devices.
• Jon asks Eric if he’s taking advantage of any "internal" info or API’s as a member of the IE team.
• Jon talks about how the plugin system has really paid off for Fiddler over the years. Eric talks about how he’s supported both a Javascript and a reflection based .NET plugin system.
• Eric mentions how he’s tested a "pure .NET 4" version of Fiddler, and talks about the Fiddler itself runs on Fiddler Core, which is really close to running on the .NET client profile.
• Jon asks Eric about some of the interesting things he’s heard built on top of Fiddler Core. Eric mentions some testing extensions, ELMAH use, and FiddlerCap.
• Jon asks what IE9 features Eric is taking advantage of. Eric talks about IE9’s support for the X-Download-Initiator header, which allows tracing why a resource was requested.
• Eric talks about Fiddler now proxies Cassini traffic for ASP.NET developers, and Jon mentions how he saw from internal bug reports that Eric was driving ASP.NET debugging issues with pre-release versions of IE9.
• Eric mentions that the issue with IE9 betas and Cassini was due to IPv6, and since the podcast was recorded on IPv6 day, the conversation shifts over to a discussion of IPv6.
• Jon asks Eric about IPv6 use in the real world, and Scott K asks about issues with SSL over IPv6.
• Jon asks about IE’s and Fiddler’s support for HTTP verbs beyond GET and POST. Eric talks about how he had to drop some strict enforcement of protocols for non-standard verbs since actual usage often didn’t follow the specs.
• Jon asks Eric about the 100 Continue response. Eric explains why it’s there, and how he handles it in Fiddler, and how IE handles it.
• Jon asks about the Accept header, asking Eric’s opinions on its use and how IE9 handles it. Eric explains how he doesn’t think Accept really works, because proxies and servers don’t correctly handle them.
• Scott K asks about the advantages of being able to analyze aggregate HTTP traffic for a large organization like Microsoft. Eric explains that there’s not really a lot of opportunity for IE, but he does get advanced notice on Fiddler issues from internal Microsoft use against pre-released software.
• Kevin asks about the "Fiddler has detected a protocol violation" error. Eric explains that it’s helpful in debugging issues which browsers will attempt to hide due to being very liberal and forgiving with respect to protocol violations.
• Eric explains that there was an HTTP 0.9 version which didn’t have HTTP headers, and talks about how his awareness of protocol violations on major websites came in handy. He mentions that he’s thought about an HTTP-Lint module, which would be a lot more strict with respect to protocol violations.
• Question from Twitter – James Schmidt – "Will we see Fiddler features move over to IE Dev tools?
• Jon asks about the common import / export format that IE F12 dev tools and Fiddler share… kind of.
• Question from Twitter – Luke Foust – Hear about developing a side project inside Microsoft.
• Jon asks Eric about some of his other freeware applications, including SlickRun and a popup blocker (big in Brazil!).
• One of Eric’s freeware applications was a utility to tweak the number of simultaneous downloads IE would use, which prompts Jon to ask about how simultaneous browser connections have evolved over the years.
• Question Jarrod Dixon – "Possible to open source SlickRun? I use it a lot and would like to add some features?"
• Kevin asks if Eric would consider open sourcing Fiddler at some point.
• Eric wraps up with a description of what’s in the works for Fiddler. Kevin asks for auto-update.

Show Links:

• Eric’s IE Internals blog
• @ericlaw on Twitter
• Fiddler (Web Debugging Proxy) website
• Fiddler blog
• The Devil Went Down to HTTP: Debugging with Fiddler (MIX11)
• MIX11 release notes for Fiddler
• Post: Fiddler is better with Internet Explorer 9
• IE and the Accept Header
• IE9 Standards Mode Accepts only text/css for stylesheets (HTTP 406 post Eric mentioned)
• Some of Eric’s freeware at Bayden Systems
• SlickRun
• Producing Open Source Software (book)

Download / Listen:

Herding Code 116: Eric Lawrence on Fiddler, IE Internals, and HTTP

[audio://herdingcode.com/wp-content/uploads/HerdingCode-0116-Eric-Lawrence-on-Fiddler-IE-Internals-and-HTTP.mp3]