PRGS Blog 870x220 RITM0113449

Fiddler Everywhere steps in with a new Preconfigured Browser Capturing feature that presents an alternative to managing the root certificate and aims to further ease the traffic-capturing process.

You can now inspect HTTP(S) traffic without the need to trust the Fiddler’s root certificate or change the system proxy. If this was ever a problem, inconvenience or a company-policy limitation to you, this new feature serves as a workaround, and we hope it will make your experience with Fiddler Everywhere easier and smoother.

Keep on reading to learn more about the Preconfigured Browser Capturing option along with some common scenarios where this feature can be useful.

How To Start Preconfigured Browser Capturing?

As mentioned, this feature provides an alternate way to capture and inspect traffic with Fiddler Everywhere. It does not require you to add extra configurations such as trusting the root certificate or changing the system proxy.

Instead, you can directly trigger the option from the Open Browser button located in the live traffic grid. When clicked, it will open a clean Chrome instance and will point the traffic to the Fiddler Everywhere proxy. The traffic captured from this browser instance will appear in the live traffic grid even if the Live Traffic Capturing is turned off.

Preconfigured Browser Capturing

By default, the Preconfigured Browser Capturing detects the Chrome browser and will open Chrome any time you choose to inspect it from the Open Browser option. However, you can easily configure your preferred browser to work with by setting the path from the Browsers tab in the Settings dialog and choosing another Chromium-based browser.

System Traffic vs. Preconfigured Browser Traffic

Up until now, you could only capture HTTPS traffic if the HTTPS root certificate was trusted and enabled. This is the way the connection between your computer and the internet is established. After this setup is complete, you can see the incoming data from web and desktop applications in the Live Traffic grid if the tab is switched on for Capturing.

The Preconfigured Browser Capturing does not require this preliminary setup to capture traffic. What you should keep in mind is that through this option you will only be able to inspect web traffic from the particular Chrome instance that you opened through the Open Browser button. This does limit the incoming data that you can inspect, but on the other hand, it gives you control over the traffic that you will see in Fiddler Everywhere.

How do the two options work together? Technically the two options are not conflicting and can work simultaneously. All traffic will appear in the Live Traffic grid, and it is up to you to decide if you want to:

  • Not trust the root certificate – this way the Open Browser button will be your only option to capture HTTPS traffic.
  • Have the root certificate trusted, which allows you to capture traffic from your whole machine and non-browser applications.
  • Have the root certificate trusted but Capturing switched OFF—this way you can stop incoming traffic from the whole machine and use just the Preconfigured Browser Capturing that will generate web traffic from the open Chrome instance.
  • Have both Capturing turned ON and the Open Browser option working that will show merged traffic in the grid. In this case you can easily filter out data by using the Search bar, the Advanced Filters, or the filters option available from the three dots on each column.

When Is Preconfigured Browser Capturing Useful?

We listened to your feedback and considered your insights about the traffic-capturing process as a whole and the challenges you were facing. Therefore, we believe this feature will make Fiddler Everywhere easier to use and speed up debugging in the following cases:

Reluctant To Trust the Root Certificate

We realize that for some of you, whether you encounter Fiddler Everywhere for the first time or not, it might be challenging to trust certificates from unknown sources. Even though the Fiddler’s root certificate is unique and generated per machine, we understand that you might still be reluctant to undergo this process, which until now would have prevented you from using the application properly.

You can now benefit from the Preconfigured Browser Capturing option and work around this process, yet still be able to capture and inspect HTTP(S) traffic and take full advantage of Fiddler Everywhere in your workflow.

Despite any security concerns you might have, please be advised that the root certificate is uniquely generated for your machine, and no one will be able to decrypt your traffic, unless you send them the certificate.

Unauthorized To Trust the Root Certificate

This is often observed in cases where, due to company policies, employees do not have permission to trust the root certificate and, therefore, were not able to capture traffic until now. The Preconfigured Browser Capturing is a viable alternative for those of you who are in such a situation but still need Fiddler Everywhere as a web debugging proxy tool in your work process.

Unable To Set System Proxy

When Fiddler Everywhere is launched, it starts a local server on the machine and sets it as a system proxy so that all HTTP(S) requests are sent to this proxy and not directly to the network. For some companies of large scale, this process is not permitted, and, therefore, the user is unable to capture traffic successfully with Fiddler Everywhere.

Now that the Preconfigured Browser Capturing is available, it serves as a workaround to trusting the root certificate. Now, by clicking on Open Browser, you can fiddle with incoming and outgoing data easily!

Unable To Bypass VPN Connection

Often employees are required to use a VPN to have network connectivity. In such cases, for the VPN and Fiddler Everywhere to work simultaneously, you need to add addresses for the application proxy to explicitly bypass it. However, certain VPNs do not respect the bypass proxy settings and, as a result, it is not possible to use both a VPN and Fiddler Everywhere at the same time.

This is another problem that the Preconfigured Browser Capturing solves as it allows you to avoid this setup and ensures that traffic will be captured while the VPN connection is running. Simply disable the Live Traffic toggle so Fiddler will not interfere with your VPN and click on Open Browser to get the capture process going. 

Wrap-up

In short, while the System Traffic Capturing stays as the default approach for Fiddler Everywhere, the Preconfigured Browser Capturing is an alternate way to inspect traffic. Whether you are facing one of the challenges described in this article or you prefer to control the incoming and outgoing traffic visible in the application, Fiddler’s innovative approach is here to ease the process. Keeping in mind the advantages and disadvantages of each option, you can choose the way that works best for you to capture traffic in Fiddler Everywhere.

You will want to make sure you are using the latest version of Fiddler Everywhere by staring at the application and installing the update. If you are new to your Fiddler journey, go ahead and take advantage of the 30-day free trial. Check out our What’s New page to see fresh and improved features.


Simona Yaneva
About the Author

Simona Yaneva

Simona Yaneva is a part of the Product Management team for the Telerik Fiddler Family of products—Fiddler Everywhere, Fiddler Classic, Fiddler Jam, FiddlerCap and FiddlerCore. She is interested in the variety of areas of work that Product Management covers and the processes that make a product or technology successful and most valuable to users. In her free time, Simona enjoys good food, music and dancing.

Related Posts

Comments

Comments are disabled in preview mode.