Wipe cookies with a custom Fiddler rule (and menu item)

 January 11th, 2013 by Chris Weber

Sometimes there’s a need to simply wipe all the cookies from an HTTP request.  Maybe you want to re-issue a request without cookies, or maybe you want to browse a list of URLs to test that authentication is being required on all of them.  The following FiddlerScript will create a new menu item, under Rules, in Fiddler.  It can be enabled or disabled easily from there.

There’s two parts to creating a new rule with a menu item, but as you can see there’s not a lot to it.  First off, add the following at the beginning of the “Handlers” class.  These two lines will name your rule “Wipe Cookies”, disable it by default, and set it up to show up under the Rules menu item.

public static RulesOption("Wipe Cookies")
var m_WipeCookies: boolean = false;

Then, enter the following into the “OnBeforeRequest” function.  This will ensure that when you enable this rule, but simply clicking it from the Rules menu, the Cookie header will be removed from the HTTP request.

if (m_WipeCookies) {
  if (oSession.oRequest.headers.Exists("Cookie")) {
    oSession.oRequest.headers.Remove("Cookie");
  }
}

As you can see adding custom rules via FiddlerScript is rather simple.  Happy bug hunting!

 

Tags: Fiddler

This entry was posted on Friday, January 11th, 2013 at 8:09 am and is filed under Development, Security Testing. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.



Leave a Comment

Related searches:
january december february request october
gipoco.com is neither affiliated with the authors of this page nor responsible for its contents. This is a safe-cache copy of the original web site.