OWASP Fiddler Addons for Security Testing Project

Main
Welcome to the OWASP page presenting Fiddler addons for security testing. This is home of the Watcher and x5s security testing tools built as extensions for the Fiddler HTTP proxy. A quick overview:


 * Watcher is a passive vulnerability scanner for Web applications
 * x5s is an active cross-site scripting testing tool for Web applications
 * Fiddler is an HTTP debugging proxy with support (and scripting support) for traffic interception, traffic modification, replay, comparison, data parsing, offline usage, NTLM/basic/digest auth, and much more

The Fiddler HTTP debugging proxy has a long history with a wide user base and was chosen as the platform for building security testing tools found on this page. By leveraging Fiddler we can focus our efforts on the security testing logic and let the proxy do its job.