Hi there,
I'm using Fiddler allowing external clients to connect. Capturing is disabled and sessions are filtered with "Non-Browser".
While debugging some stuff, I've seen some strange requests (google.pl, cirillic search queries, strange urls) listed on my Fiddler sessions list. So I thought that there was a malware on my PC doing all that requests, but when I unchecked "Allow remote computers to connect", these requests stop immediately. So, in a certain way, an automatic bot has connected to my Fiddler (I don't know how it discovered my IP, however I've used the Fiddler default port, 8888, I will try to change it), and has done all that requests.
Since I'm debugging a single URL, via FiddlerScript I've tried to block all the requests done by the bot, using scripts like the one below:
var hostname = oSession.hostname;if (!hostname.Contains("myfavouritehost")) { oSession.Ignore();}//or if (!hostname.Contains("myfavouritehost")) { oSession.oRequest.FailSession(403, "Go to hell", "Go to hell");}But...
- in the first case, I'm simply ignoring the listing of the session, but I'm anyway letting the bot do the requests
- in the second case, I'm blocking it, yes, but it shoots hundreds of requests per minute, so the RAM usage raise to 2GB+ within 12 hours
How can I simply ban/blacklist a client IP, and so refuse all its connections, without taking trace of that connections in my sessions list? (so... silently?)
Thanks.
1 Answer, 1 is accepted
In general, I would strongly recommend you NOT put an instance of Fiddler on a PC that is directly connected to the Internet and not protected by a firewall. If you do, changing the default port will help only a little, but it'll be easy enough to find via a port-scan.
If you do use this configuration, you can do a number of tricks to reject unwanted traffic. You can look at the oSession["X-ClientIP"] flag and reject any traffic coming from a remote IP address; you should do so explicitly by using the FailSession API and not by calling Ignore, as the latter API will simply hide the traffic from you but allow your connection to be used by botnets and the like.
Alternatively, you can use the Rules > Require Proxy Authentication to demand authentication credentials from any client that connects. Before you do so, inside Fiddler's QuickExec box beneath the Session list, type
prefs set fiddler.proxy.creds MTox
Where MTox is a base64 encoded string of the form UserName:Password (you can base64 a string using the Tools > TextWizard command).
After you set this preference and enable the proxy authentication rule, any client that connects must send proxy credentials or Fiddler will return a demand for credentials.
Regards,
Eric Lawrence
Telerik