Fiddler Virus?

2 posts, 0 answers
  1. Stephen
    Stephen avatar
    2 posts
    Member since:
    May 2014

    Posted 16 Jul 2014 Link to this post

    Hello,

    Anyone had recent problems with a virus on fiddler 4.4.9.0?  I have been using fiddler as a proxy server to monitor web service traffic from several embedded devices that talk to my web service.  Recently I have been getting a flood of http packets from some unknown Chinese ip address.  I verified that somehow fiddler is the culprit by running wireshark and fiddler simultaneously.  When fiddler is running I start to get one or two Chinese ip address starting to hit my server.  Over time ( a few minutes ) it becomes a flood of http packets.  I record the chinese ip addresses with wireshark.  I then set the display filter in wireshark to trigger whenever one of these Chinese ip addresses hits the server.  When I run fiddler I get a flood of hits on wireshark.  When I shut down fiddler I get virtually no hits on wireshark.  The problem started a couple of weeks ago around the time when I upgraded fiddler 4.4.9.0.  However, I cannot be sure that the problem is due to 4.4.9.0.  I checked the location of the ip addresses using one of the popular web ip geolocators.  All them are originating from Shijianzhuang, Hebei, China.  The isp is China Unicom in Hebei.  Anyone else having the same problem?  Any fixes?  I will uninstall and re-download fiddler later today and see if the problem persists.

    Best Regards,
    Steve Mansfield 
  2. Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 16 Jul 2014 Link to this post

    Hi, Stephen--

    I don't really understand your question. Fiddler is non-malicious, if that's what you're asking. Generally speaking, Fiddler shows traffic from your local computer only, not from "embedded devices" so it sounds like maybe you've set some other configuration? If you were to run Fiddler on a public IP and allow arbitrary connections, then Fiddler could serve as a proxy for anyone who chose to use your IP as a proxy, but you'd see their traffic inside Fiddler itself.

    If you have a PCAP of the traffic in question, please feel to email it to me using Help > Send Feedback inside Fiddler and I'll have a look upon my return to the office.

    Regards,
    Eric Lawrence
    Telerik
     

    Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

     
Back to Top