Developing a Fiddler Plugin to Decrypt SDK Requests in C#

Fiddler is a powerful HTTP debugging proxy that can be extended with custom plugins to automatically modify requests and responses, making it indispensable for functional testing. When SDK traffic is encrypted, testers need a way to view the plaintext data.

This article walks through creating a Fiddler plugin that decrypts SDK requests and shows the clear‑text JSON in the UI.

Environment preparation

Install .NET Framework 4.5.2, Visual Studio 2015 (or newer), and Fiddler4. Add the Fiddler executable as a reference in the project.

Enable Fiddler debug features

Run the following commands in the Fiddler console to see errors and verbose logs:

prefs set fiddler.debug.extensions.showerrors  True

prefs set fiddler.debug.extensions.verbose True

Use FiddlerApplication.Log.LogString() to write custom log messages.

Create a new C# class‑library project

In Visual Studio, create a C# Class Library; the plugin will be compiled as a .dll and placed in Fiddler’s Inspectors folder.

Add a reference to Fiddler.exe and set the required version attribute in AssemblyInfo.cs :

[assembly:Fiddler.RequiredVersion("4.6.20171.9220")]

Adjust the version number to match the local Fiddler installation.

Plugin construction

Fiddler provides several extension points such as IFiddlerExtension , IAutoTamper , Inspector2 , and IHandleExecAction . For this use‑case, implement Inspector2 and IRequest2 to intercept the request, decrypt the payload, and render the JSON.

Typical interface implementation snippets:

// Example: implement IRequest2 to access request body
public void OnBeforeRequest(Session oSession) {
    // Decrypt oSession.oRequest.bodyBytes here
    // Populate UI with decrypted JSON
}

Design a custom UI control (UserControl) and add it to the Inspector tab via the Visual Studio designer (right‑click → Add → User Control).

After building, copy the generated .dll to the Fiddler Inspectors directory. Automate this step with a post‑build command:

copy "$(TargetPath)" "C:\Path\To\Fiddler4\Inspectors\$(TargetFilename)"

Running and debugging

Configure Visual Studio to launch Fiddler after a successful build so the new plugin loads automatically. Use the Fiddler log tab to verify that your plugin is invoked and that decrypted data appears.

Result

The final plugin shows the decrypted request body in JSON format, greatly simplifying validation for functional testers. The source code is available at https://github.com/willysys/SDKDecryption.git .

Conclusion

When standard Fiddler features are insufficient, developers can create custom plugins to meet specific testing needs, such as automatic decryption and validation of encrypted SDK traffic.