FreeHttp is a Fiddler plugin. With FreeHttp you can modify the request or response message according to your own settings, which is very useful for testing and debugging.
For example, if you find that the online page js file is wrong, you can directly replace the new js file with the rule. You can directly verify it online without making any changes to the online service.
Also when you find that the service interface data does not meet expectations, you can directly modify the verification, or even clear the login status of the mobile browser or WeChat service number.
I hope that after you understand its basic functions and working principle, you can provide convenience in practical work.

FreeHttp origin

Nowadays, the Internet or IT industry is almost inseparable from HTTP. A considerable part of the connection between the system and the system needs to use HTTP. In the usual work (especially the test work), I will gradually find myself in addition to the HTTP report. There is a need for text, and in many cases it is necessary to tamper with HTTP message assisted testing or debugging.
Fiddler actually provides breakpoints. The AutoResponder and FiddlerScript functions can directly or indirectly implement the message tampering function. However, during use, they will find that they are difficult to operate in many cases, and even some situations do not meet my needs. .
In order to meet some of my specific needs, I used the Fiddler extension interface to slowly develop and develop plug-ins for myself. Later, as the work needs to add more and more functions to the plug-in, I have developed a function to implement the function into a general form. Help other students (it became the prototype of FreeHttp)
After using the spare time to gradually implement the function of the current version, due to time and level restrictions, I believe that FreeHttp still has many defects and deficiencies, I hope everyone can bear with me.
I found that the problem can be directly raised, I will fix it as soon as possible, hoping to facilitate the work of everyone.

The basic implementation process of FreeHttp tampering with http messages is as shown above (green line represents http request, yellow line represents http response)

FreeHttp access requests and responses need to rely on fiddler proxy, which means that as long as the http request message of the terminal device connected to the fiddler proxy can be falsified by FreeHttp, it also supports tampering with https (when it encounters http2.0 request, it will be downgraded to Http1.1, then tamper with the message)

 FreeHttp plugin installation

1: Your computer needs to have Fiddler installed (if it is not installed, please go to the official website to download and install


2: Go to the Scripts directory of the Fiddler installation directory and copy FreeHttp.dll to this directory (download it to:


http://lulianqi .com/file/

unzip to get FreeHttp.dll )

3: Restart Fiddler to appear in the panel FreeHttp tag

FreeHttp basic interface

The basic operation interface is as shown below and is mainly divided into 5 parts.

  1. Session matching rule editing area “Url Filter”
  2. Htpp request or response tampering rule editing area
  3. Rule editing control strip
  4. Http session capture/tampering or rule execution log
  5. A list of http tampering rules has been created

When the request is sent or received, freehttp will match the tampering rule in the tampering rule list (matching the content in the Url Filter). If the matching is successful, the tampering of the http message will be performed (tampering with the content of the rule editing area)


As shown above, you can easily adjust the layout of each display area.

One: rule matching area


1.1: “get http sesion in left session list” to get the session information

Indicates that the session information is obtained from the fiddler session list.
Clicking this icon will automatically populate the url of the selected session into the urlfilter input box, and fill in the request and response information of the session into the “Request Replace” and “Response Replace” of the Http tampering rule below.

(As shown above: select fiddler default update session, click the get button, the yellow area is the obtained information)

1.2: “select url filter method” Url matching method

Indicates the url matching method (matches the content in the rear text box), supports Contain, StartWith, Is, Regex, AllPass

  • Contion: Matches when the current Http request session url contains the specified value.
  • StartWith: Matches when the current Http request session url starts at the specified value.
  • Is: Matches when the current Http request session url is exactly the same as the specified value.
  • Regex: Matches the current Http request session url by specifying a regular match.
    (For example, [“http://://../. And ending with “.js” and containing a random version of js request url)
  • AllPass: Matches any Http request session url.
    (When you need to tamper with the specified rules for all requests through fiddler, such as adding a tag head to all requests, or setting to disable the validation cache, you may need to use the AllPass match)



(As shown above: when the mouse hovers over the area, there will be a matching mode prompt)

1.3: “edit advanced http filter” advanced matching

Click this icon to perform an advanced match of the http tampering matching rule.
Including matching check on request header and request entity
If the previous Url Filter option already helps you filter the target http request, you don’t have to set it again.
By default, the “edit advanced http filter” icon is displayed in black, indicating that no advanced http filter has been set.
If you have already set the advanced http filter for the current matching rule, the icon will be displayed in blue.
Click on the icon to set the advanced http filter in the pop-up window.
As shown above, the advanced http filter is divided into 4 parts.
1: Url Filter part of the content is exactly the same as the previous Url Filter (not separately explained here)
2: The Head Filter section can help you set the head header filter. Click the “+” pop-up action box and press the prompt to enter the Key to Value (indicating that the matched http request must be satisfied, the request header must contain the Key value request header, and the request header Content must contain a Value value)
Click the target control area 『+』 pop-up add dialog to add
Click the target control area “-” to delete the rules that have been added but are no longer needed (do not select any of the specified items to remove the current one)
Double-click any item to pop up the edit box to edit the added item.
3: The logic of the HTTP Body Filter section is consistent with the Url Filter. The only difference is that the filter condition here is the requested body.
4: The Rule Alias ​​section is used to set the alias of the rule (this alias will be displayed in the “Tamper Rule” tampering rule list area later)
Note that the above 2, 3, and 4 are not mandatory items. If you don’t need them, you don’t need to fill them in. (There are no set 2, 3, and 4 items. The advanced http filter is not set.)

1.4: “new or edit rule” creation rule

Confirm the creation of a new rule in the create mode
Confirm saving the current rule in edit mode
This button has the same meaning as the confirmation button in the “Rules Editing Control Bar” below.

Two: request or response tampering rule editing area


There are 4 tabs in the HTTP tampering zone to request modification of “Request Modific”; request to replace “Request Replsce”; response to modify “Response Modific”; response to replace “Response Replace”
By setting these four types of tampering rules, you can arbitrarily tamper with the request or response of the specified Http request, making it look like you need it.
Tampering also includes support for files and dynamic parameterization and external file data sources.

2.1: “Request Modific” request modification



“Request Modific” can complete the tampering of the http request, and the request modification is divided into 4 pieces according to the HTTP self structure.
They are the modification of the request url, the removal of the request header, the addition of the request header, and the modification of the request entity.

2.1.1: Request line uri Modify “Uri Modofic”

This editing area is used to control the url that matches the http request.
Do not enter any value, it means not to modify the item
The first text box enters the content to be replaced, and the second text box enters the content after the replacement
Note: This replacement rule will replace all matching strings in the target (if multiple matches are found, they will all be replaced)
If the first text box is left blank and only the content is entered in the second text box, it represents the entire uri of the replacement request line.
If the request line is GET HTTP/1.1, enter “” (empty not input) in the first text box, in the second text box Enter “”
If the request “Url Filter” rule matches, the request request line will be changed to GET HTTP/1.1 before sending.


As shown above, enter “isBeta=False” in the first text box and “isBeta=true” in the second text box.
If the request “Url Filter” rule matches, if the request line is GET HTTP/1.1, then Url Modific is executed (because the url contains “isBeta=False”), Before the request is issued, the request line will be changed to GET HTTP/1.1

2.1.2: Request headers remove “Head Modific” “Remove Head”

The editing area is used to control the header of the modified http request, and delete the specified request head.
Click the target control area 『+』 pop-up add dialog to add
Click the target control area “-” to delete the head removal rule that has been added but is no longer needed (do not select any of the specified items to remove the current one)
Double-click any item to pop up the edit box to edit the added item.
(Click on Add as shown above, pop-up window to add, or double-click any item to pop up the window for editing)
The above “Remove Head” setting indicates that the Pragram, Cache-Contorl, If-None-Match, If-Modified-Since request headers in the request header are removed.

2.1.3: Add “Head Modific” “Add Head” to the header of the request header

The editing area is used to control the header of the modified http request, and the specified request head is added.
Click the target control area 『+』 pop-up add dialog to add
Click the target control area “-” to delete the head addition rules that have been added but are no longer needed (removing the current one without selecting any of the specified items)
Double-click any item to pop up the edit box to edit the added item.



(Click the Add pop-up window to add it as shown above, or double-click any item to pop up the window for editing)
The above “Add Head” setting means to add the request header request header Pragma: no-cache, Cache-Control: no-cache (because there is also a Pragme request header in the “Remove Head”, the actual meaning is to modify the Pragme request header to no-cache. )

2.1.3 Remarks

  • About “Remove Head”

Because the header field name in the RFC@2616 request header is not case sensitive, the meaning of host and hoST is the same. Once the rule is matched, the host header in the request header will be removed.

  • About 『Add Head』

Adding a request header allows you to add two fields with the same name. For example, you can add Accept-Encoding at the same time: gzip and Accept-Encoding: deflate These two headers are added to the request header field respectively (even if the same header domain name is used)
Note that because the header fields of the same name do not overlap each other, if you want to implement the modification function of the specified request header, you need to delete the specified header field first, then add the header field.
For example, if you need to change Pragma:xxx to Pragma: no-cache, you need to add a Remove Head test rule, and then add a header field modification rule. Pragma: no-cache

  • About the request or response tampering rules editing area other similar “Add Head” operating rules

Basic operational logic is consistent
Click 『+』Add item
Click “-” to delete the selected item (no items are selected to delete all)
Double click on any item to edit the item

2.1.4: Request body body modification “Body Modific”
If you have a Body in your request, you may also have a need to modify the body of the request body.
Body Modific’s logic is basically the same as Uri Modific, but it also supports regex regular replacement.
Do not enter any value, it means not to modify the item
The first text box enters the content to be replaced, and the second text box enters the content after the replacement
When the first text box starts with <regex>, it means that regular substitution is enabled, and the following content is the regular expression for finding replacement.
Enter “<egex>nloginpwd=.*?&” (without the quotation marks) in the first text box and “nloginpwd=123456&” in the second text box.
The regular replacement rule means that all the texts in the body of the request body start with “nloginpwd=”, and the text ending with “&” is replaced with “nloginpwd=123456”.
As shown above, in the first text box is blank, enter “test” in the second text box
If the “Url Filter” rule is requested to match, the Http request body will be replaced with “test body”
Note that this setting will be replaced even if the original body is empty (actually GET and other requests do not contain the requesting entity, here is just a demonstration)

2.2: “Request Replace” request replacement

“Request Replace” can complete the overall replacement of the http request
Request Replace is another tampering mode for http requests. He does not care about matching the original request content of the request, and directly performs the replacement operation on the entire request.
Request Replace There are two ways to edit the replacement rule. Auxiliary mode and Raw mode.
In order to facilitate the creation of replacement rules, “Request Replace” is divided into three parts according to the http request structure, request line, request header request body, and Raw description switch (without format assistance, enter Raw editing for editing)

2.2.1 “Start Line” Edit Replace Request Line

The request line is edited according to the rules of the request line.
Edit the request method (you can perform pull-down auxiliary editing, or manually enter a custom method)
Edit the url (note the integrity of the url)
Editing of the http protocol version (you can perform pull-down auxiliary editing, or manually enter a custom method)


2.2.2 “Request Heads” Edit Replacement Request Header

In the request replacement, the editing of the request header is similar to the setting of the request header in [2.1.3], and the configuration is edited in the same way (the description will not be repeated here)
The request header here will be used together with the “Start Line” above for overall replacement

2.2.3 “Request Body” Edit Replacement Request Body

The basic editing function of the replacement of the request body is very convenient. You only need to fill in the main body of the request body you want in the highlighted part of the figure.
If your body body is binary data, or a file that needs to be uploaded, you can add local files directly here.

Edit the box to the right mouse button, select “add file” in the pop-up menu
Select a local file on your computer

After selecting the file as shown above, “<<replace file path>>C:\Users\administer\Pictures\3613e290-8028-4ddc-946c-b89c67f4f31a.jpg” will be added to the edit box.
Represents 3613e290-8028-4ddc-946c-b89c67f4f31a.jpg This file will be replaced directly as the request entity of the request
You can also manually add files according to the format convention (starting with “<<replace file path>>” followed by the file path)
Note: The file mode is only indicated by the beginning of <<replace file path>> (“data<<replace file path>>C:\test.jpg” will not be treated as a file)
Add parameterized data about “add Parameter”
You can right click on “add Parameter” anywhere you want to add the static data you want.

(Understanding the setting of parameterized data will not affect the main function of using freehttp)

2.2.4 “Raw Mode” Switch Raw Data View

If you are familiar with the Http original message, you can click on the icon in the figure below to enter the raw mode and edit the original message to be replaced.



Enter the raw mode to edit directly (if you use “get http sesion in left session list” to get the session information, here will fill in the request message of the target http in advance for your editing)
You don’t have to worry about the wrong http format you enter will affect the replacement. If you use “raw mode” when you edit or add new, the system will check your input. If the format is wrong, it will give you a clear reminder. Does not meet the standard specifications (see RFC2616 for standard specifications)


In raw mode, you can also use the file to replace the request body. The replacement method is basically the same as the problem replacement in [2.2.3].
Note that only the request body can be replaced with a file.
As shown above, if you already have the body content as test data, you cannot add the file body at the same time.

2.2.4 Remarks

When adding a file to the right button, you can also see “anto Content-Length” in the right-click menu. If you check this option, the body length will be calculated automatically when you create or save the current rule and the Content-Length header will be added for the request.
When you click the Create or Save button, the “Request Replace” tab is currently in the raw mode mode to save the raw mode data, and in the auxiliary mode to use the auxiliary mode data.

2.3: “Response Modific” response modification

“Response Modific” can complete any tampering with the http response. The request modification is divided into three blocks according to the HTTP structure. They are the removal of the response header, the addition of the response, and the modification of the response entity.
The editing and execution mode of “Response Modific” is basically the same as “Response Modific”. The difference is that the response line and response status code cannot be falsified in “Response Modific” (because the modification of the status code means the complete response). Modify, if you need to modify the status code, please use the following “Response Replace”)

2.3.1: Responding to headers to remove “Head Modific” “Remove Head”

The editing area is used to control the head header that matches the http response, and deletes the specified response head.
The editing logic is consistent with the removal of the request header in [2.1.2], and the description will not be repeated here.

2.3.2: Add “Head Modific” “Add Head” to the response headers

The editing area is used to control the head of the modified http response, and the specified response head is added.
The editing logic is consistent with the addition of the request header in [2.1.3], and the description will not be repeated here.

2.3.3: The body of the response body is modified by “Body Modific”

If your response contains a body, you may also have a need to modify the response body.
Also supports full coverage, replacement, regular replacement
The editing logic is consistent with the modification of the body in [2.1.4], and the description will not be repeated here.
The setting above shows that a Set-Cookie header is added for the matching http response. The content is UM_distinctid=167. When the browser receives the tampered response header, it adds a cookie named UM_distinctid to the domain name. A cookie with the same name will be overwritten directly

2.4: “Response Replace” response replacement

“Response Replace” can complete the overall replacement of the http response
Response Replace is another tampering mode of the http response. He does not care about matching the original response content of the request, and directly replaces the entire response.
Response Replace uses Raw mode directly for the replacement of the response, but provides a set of templates for standard response return for easy replacement.
Response Replace is divided into 3 parts according to the editing function, responding to Raw content editing, template selection, Response Direct selection

2.4.1 Response Raw original message editing

In this tab, you can directly edit the Raw original message for replacement. (If you use “get http sesion in left session list” to get the session information, you will fill in the response message of the target http in advance to facilitate your editing.)
You don’t have to worry about the wrong http format you enter will affect the replacement. If you use “response replace”, the system will check your input when you save or create a new one, and give you a clear prompt to tell you where the standard does not meet the standard specification. See RFC2616)
Same as [2.2.4] requesting “Raw Mode” replacement, supporting files and parameterized data, except for the format required by the message, the other editing logic is consistent with the rules in [2.2.4], and the description will not be repeated here.

2.4.2 “Select Replace Template” selection template

If you need to create a response response yourself, you can use a template to assist with your editing, and the template contains the basic format for most regular responses.
Select the template you want from the above figure. The template of [HTTP/1.1 200 OK] is selected in the above figure. The template content is an example returned by the regular Http 200. You can modify it directly on the example.

2.4.3 “Response Direct” returns the response directly

This option is used to control the response return timing. When the “Url Filter” matches the http request and the tampering rule is “Response Replace”, you can use this to set whether the request returns directly.
When “Response Direct” is checked, the federer will not send the request to the target server, but use the residual in the Response Replace to return directly, that is, the client will receive your custom response as soon as the request is sent. This mode is necessary for the case where the actual request does not exist or is temporarily disconnected (for example, if you want to use a temporarily undeveloped interface, you need the option mock interface), and you can set the execution time of the interface. In the following [3.3] “set response latency”, how to specify the response time for the response setting
When “Response Direct” is not checked, the regular request path is used and the request is sent to the server (even if the service is returned and will not be used). After the service returns the response, the replacement operation is performed (the default is not checked). )

Three: rule editing control bar and general settings editing area

The rule control edit bar consists of 3 parts, as shown in Figure 1, 2, 3, 4, rule control, 5 quick rule editing, 6 tampering tools and general settings.

3.1 “affirm rule” to confirm the creation of rules or save rules to modify

The function of this button is consistent with [1.4] “new or edit rule”
Confirm the creation of a new rule in the create mode
Confirm saving the current rule in edit mode
If you click OK in the previous year (yellow mark area), an editable tampering rule will be created.
Please note that the text prompt on the right side of the “url Filter” above (New Mode means that it is now in the creation mode) will display the current mode.
It is also necessary to explain which editing mode the current tampering rule editing area stays in, that is, which rule is saved (“Request Modific” “Request Replsce” “Response Modific” “Response Replace”
A single rule contains only one tampering rule. If you need to perform multiple tampering on the same request at the same time, you can create multiple tampering rules for it (this scenario exists in the actual application)
If the currently created rule is “Request Modific” or “Request Replsce”, the created rule will appear in the “Request Rule” list. If it is “Response Modific” or “Response Replace”, the creation will appear in “Response”. Rule
After the creation is completed, the log below will be recorded accordingly, and the current editing area will be cleared (the editing area in the figure is not cleared for demonstration purposes only, and the editing area data will be completely cleared in actual use)
When you click OK, the system will check the rules you edited. If there is any non-compliance, there will be a corresponding prompt, and a short time highlight will be displayed in the wrong editing area (usually if the new rule will be Added at the end of the rule class table and highlighted for a short time to prompt)

3.2 “cancel edit” cancel

The “cancel edit” function is relatively simple and is only used to clear the information saved in the editing area.
Clear the information directly in the creation mode, and cancel the editing status of the current rule in the edit mode.

3.3 “set response latency” setting response delay

“set response latency” can be used to set the response delay of “Response Rule” (“Response Modific” and “Response Replace” are “Response Rule”)
As shown above, the icon button has three states (can set, unable set, is seted)
1.can set: The delay setting is set to the current tampering rule. Clicking the icon will pop up the setting box.
2.unable set: The delay setting is not configurable for the current tampering rule. At this time, the icon cannot be clicked because the response delay is a delay for http response, that is, the setting is invalid for “Request Modific” “Request Replsce”. of seted: The third state is that the delay has been set. As shown in the figure, the value will be displayed directly at the position of the icon.
(This time you can also click on the value to modify it)
Set the window as shown above, you can directly fill in the value (in milliseconds), if filled or empty, it means no delay

3.4 “set parameter pick info” to set parameterized data acquisition rules

“set parameter pick info” is used to capture initialization data in the original request or response (add or modify existing parameterized data)
The icon has two states meaning
1: The tampering rule does not set any parameter capture rules.
2: The tampering rule has at least one parameter capture rule set.
In both states, you can click the icon to go directly to the edit box. If there are already set rules, the existing rules will be loaded directly in the edit box.

(Understanding the setting of parameterized data will not affect the main function of using freehttp)

3.5 “Quick Rule” quick rule

The current version has a total of 6 quick rules to help you quickly complete the tampering rules settings.

3.5.1 “disable cache” disables caching

The quick rule is for Request Modific, which can remove the conditional cache for the request matching the rule and force the server not to use the cache.
After using the quick rule as shown above, the default value will be added directly in the “Head Modific” in the “Request Modific”. At this time, you can click on the confirmation to quickly complete the creation of a Request Rule.

3.5.2 “add cookie” to add a request cookie

The quick rule is for Request Modific, which can add a specific cookie to the request that matches the rule.
After selecting the item, the dialog box shown above will pop up, and you can directly input the cookie you need to set (note the format of the cookie key=value)

3.5.3 “delete cookie” to delete client cookies

The quick rule is for Response Modific, which can add a Set-Cookie to the response of the matching rule (by setting the specified cookie to expire immediately, thereby implementing the function of deleting the client cookie)
After selecting the item, the dialog box shown above will pop up. Enter the name of the cookie you want to delete at the Name (and in order to let the browser accurately locate the cookie you want to delete, you also need to pay attention to modify the Domain and Path to the correct value, in general The next domain is the current website domain name, Path is /)

3.5.4 “set client cookie” setting client-side cookies

The quick rule is for Response Modific, which can add a specified Set-Cookie to the response of the matching rule, and set the client cookie (this is the effect of the client-side cookie through Set-Cookie, such as in the mobile browser, or some software built-in The web browser does not provide debugging mode. At this time, Set-Cookie will be a good solution.)
After selecting the item, the dialog box shown above will pop up, and you can enter the specified value as prompted.

3.5.5 “copy session cookies” to copy cookies

The quick rule is designed for Response Modific to quickly set all cookies for a given session to another domain in the client (this feature allows you to share the same share across multiple browsers, even multiple devices, multiple domains) Cookie, which is very effective in skipping authorization during debugging or testing)


To use this function as shown above, you need to select the source request for copying cookies in the Session list on the left side of Fildler ( is selected). After selecting the specified session, click copy session cookies to view it. The cookie information from github is automatically added to the Add Head edit box in Heads Modific (this rule will add Set-Cookies to the matching request to achieve the copy effect)

3.5.6 Add UserAgent to Add UserAgent

The quick rule is for Request Modific, which can add a specified UserAgent to the request matching the rule.
As shown in the above figure, the item is relatively simple, just fill in the UserAgent you need.

3.6 “Modific Tool” tampering tools and general settings

There are 4 tools in the current version for your convenience or other settings.

3.6.1 “show selected session stream” shows session stream information

This tool can display the session of your choice in a new window in RAW mode (the window is always displayed at the top level, but it does not affect your operation under the main window). You can use this window to view the session while creating the tampering rule. Information without switching Tab (you can also directly select the session in the session list to drag to the editing area, the raw form of the message will also be displayed in the log area, but will not open a new window)
As shown above, select any request in the left session list of fiddler. Click show selected session stream will pop up a new independent window to display the original message of the session you selected.

3.6.2 “http tamper setting” basic settings

This item provides some basic settings for the FreeHttp plugin.

  • Is only match fist tamper rule: (default) whether to perform only the first successful tampering rule (because you can have multiple tampering rules for the same request, you can use this option to control whether an http message can be executed. Multiple matching rules tampering rules)
  • Is skip tls handshake: (default is) whether to skip matching the TLS handshake packet (unless you need to debug the TLS handshake, it is recommended that you maintain the default settings)
  • Is default enable tamper rule: (default no) Whether rule matching is enabled by default (there are independent enable switches in “Request Rule” and “Response Rule”, this option is used to control the default state when the software starts)


3.6.3 “parameter data manage” parameterized data manager

This item provides centralized management of parameterized data for FreeHttp
After selecting this item, pop-up layer manager window, you can add, modify, debug, etc. parameters in the manager.
The following will introduce the use of parameterized data in detail, here is not specified

3.6.4 “issues and suggest”

Clicking on the selection will open the problem submission page using your default browser. You can submit your questions and comments on this page (submitting the problem here may require you to have a github account. If you are not able to log in, you can send an email directly to


submit your questions and suggestions)

Four: “Execution Log” execution log

This area only displays the operation of the tampering rule and the execution log.
The log unified format starts with data and uses color to distinguish between errors, prompts, and information logs.

Five: “Tamper Rule” tampering rules list

The “Tamper Rule” tampering rule mainly displays and manages the rules you have created. You can set the rules that need to be effective, delete or modify existing rules, and sort the rules.
The list is divided into 2 parts (the operation logic of these 2 parts is the same, only the stored rule types are different)

  • The upper list is the “Request Rule” request tampering rule (by “Request Modific”, with the edit icon display and “Request Replsce” as the replacement icon display)
  • The lower list is the “Request Rule” response tampering rule (by “Response Modific”, with the edit icon display and “Response Replace”, replaced by the icon display)

5.1 Tamper Rule Control Options

Tamper Rule control options are mainly composed of 2 parts
The control bar in the upper right corner is 『+』Add, 『-』Delete, 『Enable』Control from left to right
Click Add: the edit panel will switch directly to “Request Modific” to prompt you to edit (if you click on the “Additional Edit Panel” on the “Response Rule”, you will switch to “Response Modific”)
Click Delete: delete the selected Rule. If you do not select any Rule, you will be asked if you want to delete all the rules.
Enable control: The Request Rule is independent of the Enable Control of the Response Rule. You can set their enable status separately. Only when you select Enable, Fillder will match the checked status in the list. After the match hits the execution rule (you Can be set to be directly enabled at startup, see [3.6.2] “http tamper setting”)
Right click anywhere in the tampering rule list area to propose the Rule control menu.

  • Remove selected rule Delete selected rule
  • Remove all rule remove all rules
  • Enable this rule
  • Enable all rule All rules take effect
  • Unable all rule to make all rules invalid
  • Edit this rule Edit current rule

5.2 Tamper Rule information display

The rules you created above will be displayed in the Tamper Rule list. Each rule will display the following information in the list.
1: Whether to match check box (if you want to tamper with the rule, in addition to setting the “Enable” control, you also need to set this to check the status)
2: Replace/Edit icon, where only one icon is displayed to indicate whether the current tampering rule is an editing rule or a replacement rule
3: The serial number of the current tampering rule. Note that the serial number is a unique serial number that is automatically generated. When you add or delete a rule, the serial number of each rule is regenerated.
4: Rule name, if you do not set the rule alias, it will directly display the matching url and match the url value (for the setting of alias, please refer to [1.3] “edit advanced http filter”)

As shown above, when you move your mouse over the rule icon, the details of the rule match are displayed (only matching information is displayed, no tamper details are displayed)
The above rule indicates that the request satisfies the following rules at the same time
1: The request url must be equal to ”

2: The request must contain a request header named “Data”, and the value of the request header contains “GMT”
3: The request body must contain the specified string in the above figure

5.3 Rule editing and sorting

As shown above, you double-click on any tampering rule in the rule list to enter the edit mode and edit the current rule.
The rule in edit mode is displayed with a red background at the list, and the red line in the figure also shows the status of the current edit panel.
Please note that after editing, be sure to click Save to make the changes take effect (the current background color will disappear after the save is successful)
If you want to give up the modification, please click Cancel (see: [3.2] “cancel edit” to cancel)
The matching of the rules is from top to bottom, so the top rule will be matched first. If you set the “is only match fist tamper rule” to ON, then if there are 2 effective rules, you can match them. Actually, the actual rules can be matched. If the current matching rule is successfully matched, the following matching will be stopped.
In this case, a change in the order of the rules will be necessary.
The adjustment of the Rule order is also very convenient. You only need to select the rule you want to adjust the position (multiple selection is supported) and drag it to the position you need.

Here to show you how to quickly create a rule and complete the modification of the http request or response

as an example (the request is actually a request for a fillder update check)
Suppose we want to change the value of isBeta in the url to true and change the Connection: header to Keep-Alive.
You only need to fill in the information shown above, click on the bottom right corner to confirm
Set the rule matching as shown above and check the rules you need to participate in the match (the request with the sequence number 6 in the figure is the rule we just created)

When the system matches the http request, the matching session in the left side of the fiddler session list, and the right rule list are matched. The rule is highlighted in light yellow (the highlight of the rule list will be 2-3 seconds). After disappearing, the corresponding log will appear in the log log area.
Tampering results as shown in the Inspectors red mark above, you can see that the modification of http has taken effect

Goal: Replace the logo of the baidu homepage with the logo of google
Our first request to find the baidu homepage logo is:

We searched the web for a google logo:

(If you can’t access this link, you You can choose any other image url to test)
With FreeHttp we have a variety of solutions to achieve the goal
1: Use “Request Modific” to modify the request url content so that he actually requests the google logo
Set the rules as shown above
The effect is as shown in the actual request for the baidu logo is actually modified to google (these changes are not visible to the client browser, but because it is an image file, please pay attention to the browser cache when testing)

2: Use “Response Replace” to modify the request to redirect to google’s link
Set the rules as shown above (if you have just set the Request Modific rule for the link to the image, set the previous rule to unavailable in order not to affect the test process)



The effect is shown in the figure, the request of bd_logo1.png is actually redirected to the new address, which also achieves the effect just.

3: Use “Response Replace” to directly replace the returned image content
Set the rules as shown above (local images need to be prepared in advance)
The effect is as shown in the figure (the effect is the same, the actual principle is slightly different, this time is the request response directly using the local file change)

4: Use “Response Modific” to modify Baidu homepage HTML, and change the address of the image element to the link of google
Set the rules as shown above (note that this time is not to modify
the response of

, Url Filter matches

The effect is shown in the figure. You can see that the address of the HTML of the Baidu homepage has been directly modified. The browser parses the url that was tampered with and requests the wrong image.

The use of parameterized data allows you to dynamically modify the contents of http using tampering rules, and supports capturing data for tampering rules in http requests or correspondingly.
The current version supports the following types of parameterized data (all kinds of parameterized data can be valued using “=” current value, “+” next value, and “-” last value.

  • Key-Value This is the most direct parameter type. It only provides the Key Value function. It is generally used to fix constants or store data captured from HTTP messages.
  • Index This parameter type provides an index-like function (you can set its starting value and range, and you can set the progress of each value) (the max is 2147483647)
  • LongIndex This parameter type is similar to Index, but LongIndex provides a larger range (the max is 9223372036854775807)
  • StringIndex This parameter is similar to LongIndex, but it provides an index of constant length (such as 0001 to 9999 instead of 1 to 9999).
  • Time This parameter allows you to get the current time in the specified format.
  • Random This parameter allows you to get a random string/number in the specified format.
  • List This parameter provides a specific list, such as “Little Red”, “Little Black”, “Small Flower”, you can use this parameter to sequentially or randomly take out the set 3 values.
  • CSV This parameter allows you to directly use the data in the CSV file.

8.1 “parameter data manage” parameterized data manager

Click parameter data manage in the Modific Tool to pop up the parameterized data manager as shown above (in the request replace machine response replace edit area right-click menu add parameter data -> edit data can also open the manager)
The parameterized data manager is mainly used to centrally manage the parameterized data you add.

8.1.1 Basic display and operation of parameterized data manager

The above “parameter data manage” is mainly divided into the above three parts.
1: parameter data manage category (click on different categories to switch between lists)

  • KeyValue: contains a list of Key-Value parameters
  • Parameter: contains Index, LongIndex, StringIndex, Time, Random, List parameter list
  • DataSouce: contains a list of CSV parameters

2: Parameter list
The list displays the name, category, and current value of the parameter in turn (may be different for each time, the list only shows the current value)
You can add a delete parameter by adding a delete button at the top right of the list.
3: Control the current parameters
You select any parameter in the parameter list, which will enter edit mode here.
This area displays the parameter name (not editable), the current value (editable), and the control button.
There are 3 control options

  • Edit current value: Click this button to set the current parameter with the content of the text box in the area (note that not any value is legal, such as the letter “ABC” must be illegal for an Index type parameter)
  • Take one value: get the next value of the current parameter
  • Reset parameters: reset the current parameters


8.1.2 Adding parameterized data

Just click the Add button to pop up the Add box, and then select the 4 information in the map to complete the addition.
1: Pull down to select the parameterized data category (large category)
2: Pull down to select the specific category of parameterized data
3: Fill in the parameterized data name you need to add
4: Fill in the format requirements of your parameterized data (when you select the category, return to the display format requirements, meanings and examples in the yellow highlighted area of ​​the figure to help you fill in the correct format requirements)
After filling out, click Add to complete the addition. Here are a few examples to illustrate the addition process.


Fill in the above picture and add a simple Key-Value parameter each time, the parameter name is cookie, the value is FPkj······

The above diagram will add a parameterized data named RandomId of type Random, which is a 10-bit length number.


The above diagram will add a parameterized data named timestamp of type Time, which will provide the current millisecond timestamp.

The above diagram will add a parameterized data named csv, type CSV, which uses the local file D:\mycsv.csv as the data source and reads the data in UTF-8 (note that the @ prefix indicates the use of absolute paths, By default, @ indicates a relative path, and the relative path is the FreeHttp folder in the root directory of the fiddler installation.


(65001 stands for utf8, coded code page reference)
Note that if you add CSV type data, if you edit the file directly in the computer, you need to re-add the data source to make your edits take effect.

8.1.3 Viewing and Exporting CSV Type Data

Double-clicking on any CSV data type will bring up the data source display/edit box.
As shown above, you can select any data in the csv table (because the actual CSV parameter values ​​are in the order from left to right and top to bottom, so the current cursor is very important, the data that is selected when the edit box is opened is the The current cursor position of the data source, you can set the cursor position by selecting, click Save to take effect)
You can also edit (double-click any item to edit), delete (select line by keyboard Delete), add (direct statistics in the last line)
After editing, you can click the save data icon in the upper left corner to save, or click export data to export your data directly to a file (the data in the CSV parameters may all come from HTTP capture, so export may be necessary for you)

8.2 Using parameterized data in rules

The parameters you add in the parameterized data manager can be used directly in the “Request Replsce”, “Response Replace” rules.

8.2.1 Adding parameters using inserts

As shown above, you can right-click the mouse in the “Request Replsce” or “Response Replace” editing area, select add Parameter Data in the right-click menu, select the category of the added parameter, and select the parameter you want to add (here you select the ran2 you just added) , finally choose the value method
After the selection is completed, the parameters are automatically added to the back of the cursor (yellow highlighted area in the figure)

8.2.2 Adding parameters using drag and drop

As shown in the above figure, you can drag and drop the parameters you want in the parameter manager to any part of the editing area. It will also be added automatically for you (the parameters added by dragging and dropping are all “next”. , you can modify it manually)

8.2.3 Adding by Manual Editing

Just follow the specified format *# parameter name (value method) * # you can manually add parameters yourself
The parameter name needs to be an existing parameter name.
The default value has the next (+), the last (-), the current value (=) 3 can be used
In addition to supporting the above three default values, the CSV data parameter also supports the use of two-dimensional coordinate system address values, such as *#dtb(0-2)*#, which refers to the 0th column of the csv data source of dtb, the second line. Data (starting with 0)
The default next value (+) also supports (+N), which means that the next N value is taken.

Note: You need to manually check the use Parameter Data after manually adding parameters.
Because the parameterized data is used, the content of the message will be dynamically generated each time the rule is executed. You may not be able to predict the length of the message entity. For this reason, all messages using parameterized data will be automatically added with the correct Content-Length.
If you are using the parameter and intentionally construct the wrong Content-Length, please add a Response Modific.

8.3 Dynamically picking up parameterized data

FreeHttp dynamically obtains the data in the http message to set or add parameters.
As shown above, there is a “set parameter pick info” icon in the control bar ([3.4])
You can pick parameters in the Http request message, or in the response message, depending on the type of tampering rule you are currently creating.
Click the icon to enter the parameter picking rule settings window.
Fill in the parameter name, picking method, picking additional items, picking range, picking expressions, and then clicking the Add or Remove button as prompted.

  • Parameter name: If the parameter name used already exists in the parameter manager, the picking will modify the parameter value of the current parameter (the modification actually changes the next value. For Key-Value, the current value is the same as the next value. a value), if it is a new parameter, it will directly add a Key-Value parameter
  • Picking method: The current version supports Regex, XML, String 3 picking methods
  • Pickup add-on: Additional instructions for picking methods
  • Picking range: Both the request message and the response message support the Line request/response line, the Heads request/response header, and the Entity request/response entity is the search range.

Let’s take Regex as an example (Xml uses Xpath is similar to Regex) to explain the filling of the parameter picking rules (get the data in the User-Agent brackets)
Parameter Name fills in ua_1, PickType selects Regex
PickAdditional selects 1,1 to take the first item of the matching result (because Regex may have multiple results in XPath matching), 0 means to return multiple results together with commas, of course you can manually fill in 2,3,4 The index indicates the Nth price
PickRange selects Heads (because User-Agent is in the head header)
Pick Expression Fill in \(.*?\)

If you are not familiar with Regex, you can use Str directly (using Str can also do most of the search)
As shown above, select PickType as Str, PickAdditional as str-str (str-str: pick the target value at the beginning and end of the string, str-len: start with the specified string and specify the length, index-len: start with the specified index and specify the length, Filling in the length of 0 means picking up the maximum length)
PickRange still chooses Heads, Pick Expression fills in (-)

Finally, use str-len to get the isBeta parameter in the request line as shown above. Click OK after completion.

After the HTTP request is matched, the set parameter picking will be executed. The parameters in the above figure have been picked up in the request message (note that the result of matching with Str method does not contain the first and last strings, so the above figure ua_2 will One less parenthesis)
The parameter picking process will also be printed in the log area

8.4 Example of parameterized data

Goal: Match the request and return {“mes”:”hello value”}
Where is a non-existent domain name, value may be an arbitrary string (the actual requirement is a mock to the interface that does not exist)

The following configuration can be
Add a Request Modific rule as shown above, because you only need to get the name name and you don’t need to modify the request, so you don’t need to fill in any information (not modified), just add a parameter picking rule.
Add a Response Replace as shown above, because the actual interface does not exist, all must be manually replaced with a virtual return, return the body using the testName parameter that the request will get (note the Response Direct)
After the addition is complete, set the 2 rules you just added to take effect.


As shown above, you are using a browser (valid for any client that uses the fiddler proxy) to access

You can see that the interface that does not exist has returned the data as expected, and the name was successfully removed.

Implementation and source code

Complete project source code:


For the Fiddler extension plugin development environment configuration, please refer to the official documentation

(this document has detailed the process of building and debugging the project)
Fiddler’s open interface can be found in “Lulu. Debugging with Fiddler” (the book not only introduces the origin of Fiddler, but also introduces the use of Fiddler, including the extended interface provided externally)

The current FreeHttp extension development uses the .net framework version 4.5 (you need to pay attention to the Fiddler version of your debug reference when configuring the development environment, and the highest version supported by your development environment)

The basic basic structure is as follows



After downloading the project and loading it successfully, you can see the basic structure as shown above.
The following is an overview of the features of the main namespace in the figure.

  • 1: AutoTest namespace mainly provides picking and management of parameterized data
  • 2: The FiddlerHelper namespace provides functionality directly related to Fiddler tampering
  • 3: FreeHttpControl namespace provides UI interface and form operation logic
  • 4: The HttpHelper namespace provides the function of processing HTTP protocol packets.
  • 5: MyHelper namespace provides public accessibility tools
  • 6: WebService namespace provides the ability to make network services
  • 7: FiddlerFreeHttp inherits from IAutoTamper, which is the entry point for data exchange with FIddler. FiddlerSessionTamper is a tool class for FiddlerFreeHttp.