If you are interested in knowing which internet connections are opened by your computer while you surf the internet, you can use a free and open-source packet analyzer such as Fiddler, which is used for troubleshooting network problems, software analysis and the development of communication protocols. Fiddler captures the HTTP and HTTPS traffic that passes through a browser, in real time, really showing what happens when you open a certain site or by saving a history of everything done on the internet.
Fiddler, in addition to being able to also work on a computer on the network intercepting traffic, is one of the few programs that also manages to decrypt HTTPS traffic, in order to make clear forms and private information, including passwords, which are sent by the browser.
Fiddler is a free program for Windows PC that can be downloaded in two versions, Fiddler 2 and Fiddler 4, the latest and most complete.
There is also another version of this program that we could define "ultralight" for less experienced users, called FiddlerCap, very basic, which we will talk about at the end.
After installing Fiddler, you can start it directly from the start menu and notice how it starts working immediately and capture the traffic that passes on the internet via the web browser.
Only on Windows 8 PCs it is necessary to activate an additional feature by clicking on the top Win8config button.
Then try opening a site through Internet Explorer or Chrome to see how many connections are established.
If you use Firefox you have to make sure that the option on system proxy settings is active.
Fiddler shows internet connections in a table that contains:
- the protocol which can be HTTPS, HTTPS (which, however, must be enabled) or FTP.
- The host or the name of the server to which the browser connects.
- The URL, that is the path and the HTML file requested by the server.
- Body, the size in bytes of the requested resource.
- The Process, i.e. the PC program from which the traffic was generated.
By clicking on an HTTP session of the table, you can see a tab on the right that displays all the traffic details for that request, with data difficult to read and understand.
What is more interesting is to find out, within the various connections listed in real time, what is seen in the clear by the capture program and if, for example, passwords appear, searches made on the internet any other text written on a website .
In Fiddler you can go to the right section and open the filters tab to view only connections to certain sites, such as google.it
To activate the control on HTTPS connections, go to Tools -> Fiddler Options and then, in the HTTPS tab, activate the HTTPS decrypt option.
A Fiddler fictitious authority certificate is then installed on the browser on which https communications are passed.
This certificate may give an error message on the browser regarding its reliability.
To avoid this, the certificate must be added to the list of trusted and verified ones.
Fiddler can also function as a proxy to check another computer's HTTPS and HTTPS connections on the same network.
To do this, however, you need to activate the function in the Fiddler options on the connections tab and then set, on the computer from which you intend to capture traffic, the proxy listening on port 8888.
Fiddler has many other more complex features and functionalities that it becomes difficult to elaborate on in one article.
Anyone who wants to can read the extensive Fiddler online guide.
As mentioned above there is an easier and basic version of Fiddler called FiddlerCap, a program that allows you to start, stop and save the capture of HTTPS and HTTPS traffic.
The program works automatically in Internet Explorer or Google Chrome browsers and you can click on the details button to see all the connections to the websites you surf.
A similar program, explained in another article, is Wireshark to capture information on the net and intercept traffic .
