How to filter Fiddler capture traffic using host name and process name


This post discusses a couple of ways to filter Fiddler traffic based on domain names (or host names) and client process(es):

Note that before using filter you should make sure Fiddler is configured to capture all processes.  This is indicated at the bottom left corner of Fiddler window.  That area is clickable to change the selection.

image

Filter traffic using Fiddler’s built-in filter feature:

From Fiddler’s right pane –> Filters tab –> select “Use filters” –> under the Hosts section choose “Show only the following Hosts” –> Enter the host names you want to filter on, separated by semicolon

Note:  as you edit this list the text box will change to have the yellow background to indicate the list is unsaved.  Once done, you can just click on the “Actions” button to save the list and the background color should change to white.

image

Under the “Client Process” section, you can also select a particular process to filter on.  This option is great for a standalone application.  It may not be so useful for capturing browser traffic since there are multiple processes with the same name and it’s hard to tell which process is the right one to filter on.

Filter traffic using jscript code in the OnBeforeRequest function:

This option can be used especially for browser scenarios.

From Fiddler’s menu –> Rules –> “Customize Rules…”  -> find the “OnBeforeRequest” function and insert the below jscript code at the beginning of the function –> Make sure to save the changes once done editting.

 

image

 

		// begin filter

		// set this to false to disable filter and true to enable filter
		var filterOn: boolean = true;
		if (filterOn)
		{
			// hide all request by default
			oSession["ui-hide"] = "true";
		
			// here are some common processes:  IE - iexplore.exe; chrome - chrome.exe, MS Edge = MicrosoftEdgeCP.exe, IIS Express - iisexpress.exe, Powershell - powershell.exe
		
			// list of domain names to filter on
			var host = ["localhost","login.microsoftonline.com","graph.microsoft.com"];
		
			// list of processes to filter on
			var processlist = ["chrome","microsoftedgecp","iisexpress","powershell"];
		
			for (var j = 0;j < processlist.length;j++)
			{
				if (oSession.LocalProcess.Contains(processlist[j])){
					for (var i = 0;i < host.length; i++)
					{
						if(oSession.HostnameIs(host[i]))
						{
							oSession["ui-hide"] = null;
						}
					}
				}
			}
		}
		
		// end filter

 

variables:

filterOn:  true to enabe filter and false to disable filter

host:  contains the list of domains to filter on

processlist: contains the list of process names to filter on

References:

Modifying a Request or Response

FiddlerScript CookBook

Understanding FiddlerScript

Comments (1)

  1. Rippo says:

    Nice, use the first one all the time. The second one is megs useful as well esp the “iisexpress” process filter.
    Thanks

Skip to main content