How do I use Fiddler to modify the status code in an HTTP response?

http fiddler httpresponse http-status-codes

43,069

Solution 1

Ok, so I assume that you're already able to monitor your client/server traffic. What you want to do is set a breakpoint on the response then fiddle with it before sending it on to the client.

Here are a couple of different ways to do that:

Rules > Automatic Breakpoints > After Responses
In the quickexec box (the black box at the bottom) type "bpafter yourpage.svc". Now Fiddler will stop at a breakpoint before all requests to any URL that contains "yourpage.svc". Type "bpafter" with no parameters to clear the breakpoint.
Programmatically tamper with the response using FiddlerScript. The best documentation for FiddlerScript is on the official site: http://www.fiddler2.com/Fiddler/dev/

Once you've got a response stopped at the breakpoint, just double click it to open it in the inspectors. You've got a couple of options now:

Right next to the green Run to Completion button (which you click to send the response) there's a dropdown that lets you choose some default response types.
Or, on the Headers inspector, change the response code & message in the textbox at the top.
Or, click the "Raw" inspector and mess with the raw response to do arbitrary things to it. Also a good way to see what your client does when it gets a malformed response, which you'll probably test accidentally :)

Solution 2

Another alternative is to use Fiddler's AutoResponder tab (on the right-hand panel). This allows you to catch a request to any URI that matches a string and serve a "canned" response from a file. The file can contain both headers and payload. The advantage of this approach is that you don't have to write FiddlerScript and you don't have to handle each request manually via a breakpoint.

You would set the rule up in Fiddler like shown below (ensure you enable unmatched requests passthrough otherwise all other http requests will fail).

In this example, any request whose URI includes "fooBar" will get the canned response. The format of the file will vary depending on your APIs (you can use your browser to intercept a "real" response and base it on that) but mine looked like the following:

HTTP/1.1 409 Conflict
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, DELETE, PUT, PATCH, OPTIONS
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Access-Control-Max-Age: 86400
Content-Type: application/vnd.api+json
Content-Length: 149
Date: Tue, 28 Mar 2017 10:03:29 GMT

{"errors":[{"code":"OutOfStock","detail":"Item not in stock","source":{"lineId":{"type":"Order line Number","id":"1"}},"meta":{"availableStock":0}}]}

I found that it needed a carriage return at the end of the last line (i.e. after the json), and that the Content-Length header had to match the number of characters in the json, otherwise the webapp would hang. Your mileage may vary.

Solution 3

Create a FiddlerScript rule. Here's what I used in order to generate a local copy of a website that was intentionally using 403 on every page to thwart HTTrack/WGET. https://gist.github.com/JamoCA/22db8d68a9a2fb20cb04a85360185333

/* 20180615 Fiddler rule to ignore all 403 HTTP Status errors so WGET or HTTrack can generate local copy of remote website */
   SCENARIO: Changing the user agent or setting a delay isn't enough and the entire remote server is configured to respond w/403.
   CONFIGURE: Add below rule to FiddlerScript OnBeforeReponse() section.  Configure HTTrack/WGET/CRON to use proxy 127.0.0.01:8888 */

static function OnBeforeResponse(oSession: Session) {
  if (oSession.HostnameIs("TARGETHOSTNAME_FILTER.com") && oSession.responseCode == 403) {
    oSession.responseCode = 200;
    oSession.oResponse.headers.HTTPResponseCode = 200;
    oSession.oResponse.headers.HTTPResponseStatus = "200 OK";
  }
}

43,069

w5m

Software Engineer for an engineering consultancy, primarily using Delphi, SQL Server, PHP & MySQL. #SOreadytohelp

Updated on June 16, 2020

Comments

w5m almost 4 years

I need to test some client application code I've written to test its' handling of various status codes returned in an HTTP response from a web server.

I have Fiddler 2 (Web Debugging Proxy) installed and I believe there's a way to modify responses using this application, but I'm struggling to find out how. This would be the most convenient way, as it would allow me to leave both client and server code unmodified.

Can anyone assist as I'd like to intercept the HTTP response being sent from server to client and modify the status code before it reaches the client?

Any advice would be much appreciated.
- w5m almost 13 years
  
  Thanks for the link EricLaw. I'd previously been to that page at work, but was unable to view the videos at that time. At home, it appears I can view these and I found them to be most helpful. Fiddler certainly is a powerful beast!
- Ohad Schneider almost 10 years
  
  Also see stackoverflow.com/a/1935570/67824
- Sergey over 9 years
  
  @EricLaw: The updated link may be: telerik.com/videos/fiddler/tag/tips-tricks
w5m almost 13 years

Absolutely fantastic - that was exactly what I was after. Many thanks chrisbro!
WORMSS over 9 years

Is there a way to make Fiddler auto select the latest request that has a breakpoint? I have all my filters already setup so I will only ever receive the stuff I am interested in, and I will only get 1 at a time due to my workflow.
russthegibbon about 7 years

It's worth noting that you can restrict the autoresponder rule so that it only fires for certain http methods. For example: to return the canned response for a POST but let a PATCH pass through untouched the rule above would look like "METHOD:POST fooBar".