Coming hot on the heels of the Fiddler 4.5 release a few weeks ago, Fiddler 4.5.1 is now available for download. The new release contains a few small features and some important bug fixes, so please upgrade as soon as possible.
Before we get into what’s new, I’d like to answer a common question: “What’s the difference between Fiddler 2.5 and Fiddler 4.5?”
The code in Fiddler 2 and Fiddler 4 is more than 99% common, just conditionally compiled such that Fiddler 2 targets the .NET 2 CLR and Fiddler 4 targets the .NET 4 CLR. In general, you should prefer to run Fiddler 4, and it is likely that Fiddler 2 will be retired in a year or two.
So, if the code is 99% the same, what’s different?
With that out of the way, let’s see what’s new in Fiddler 4.5.1…
Within FiddlerScript (Rules > Customize Rules), the ToolsAction and ContextAction attributes now enable you to create new submenus:
To do so, simply specify the name of the submenu as a second parameter to the attribute:
public static ToolsAction("ColorPicker", "&Utilities")
function doColorPicker()
{
var oCD = new ColorDialog();
oCD.Color = Utilities.ParseColor("Blue");
oCD.FullOpen = true;
if (DialogResult.OK == oCD.ShowDialog())
{
FiddlerApplication.Log.LogFormat("Selected color: #{0:x2}{1:x2}{2:x2}",
oCD.Color.R, oCD.Color.G, oCD.Color.B)
UI.ActivateView("Log");
}
oCD.Dispose();
}
You can also specify both a ToolsAction and a ContextAction on the same function to expose it on both the Tools menu and the Web Sessions context menu.
For instance, maybe you’d like the ability to rate Sessions using one to four stars. Add the following script:
public static ToolsAction("★☆☆☆", "Star") ContextAction("★☆☆☆", "Star")
function do1(arrSess: Session[]) { doStar(arrSess, 1); }
public static ToolsAction("★★☆☆", "Star") ContextAction("★★☆☆", "Star")
function do2(arrSess: Session[]) { doStar(arrSess, 2); }
public static ToolsAction("★★★☆", "Star") ContextAction("★★★☆", "Star")
function do3(arrSess: Session[]) { doStar(arrSess, 3); }
public static ToolsAction("★★★★", "Star") ContextAction("★★★★", "Star")
function do4(arrSess: Session[]) { doStar(arrSess, 4); }
public static function doStar(arrSess: Session[], iCount: Int32) {
var sStar: String = "";
for (var iX = 0; iX < 4; iX++) {
sStar = sStar + ((iX < iCount)? "★" : "☆");
}
for (var i = 0; i<arrSess.Length; i++) {
arrSess[i]["ui-star"] = sStar;
arrSess[i].RefreshUI();
}
}
To generate the following submenu:
You can then add a column to show the stars using the Customize Columns command or using the following line in your script’s Main function:
UI.lvSessions.AddBoundColumn("Stars", 100, "ui-star");
The new column will render the value of each Session’s new ui-star flag:
Fiddler offers many different ways to retarget traffic from one host to another; all of these fall into one of three categories: Reroute, Rewrite or Redirect:
Previously, Fiddler’s Tools > HOSTS… command only offered the ability to reroute traffic. Now, an optional third parameter allows you to instead specify that matching traffic should be rewritten or redirected.
It is easy to experiment with these new options.
Click Tools > HOSTS… and click the checkbox to enable remapping. In the box below, add your rules; for example:
#Test Redirect rule with wildcard source
bayden.com *exredir.com redirect
#Test Reroute rule
bayden.com exreroute.com reroute
#Test Rewrite rule
bayden.com exrewrite.com rewrite
#test unspecified rule (will reroute)
bayden.com ex.com
Click Ok, and observe the behavior in Fiddler and your browser when you visit https://www.exredir.com/echo.aspx, https://exreroute.com/echo.aspx, and https://exrewrite.com/echo.aspx.
Back in 2012, I received the first reports of problems where Fiddler was unable to connect to certain HTTPS servers; the browsers would work fine but the connection would time out when Fiddler was in use. The problem turned out to be that the servers were misconfigured and sending an unrecognized_name TLS Warning alert; the .NET Framework’s SslStream hangs if this alert was received before the handshake. This problem appears to have been resolved in the latest (e.g. 4.5.2) version of the .NET Framework, but this won’t help users who are using Fiddler 2 with .NET2. Unfortunately, the workaround I suggested at the time (configure connections to the affected servers to use Ssl3) is no longer workable as many servers have disabled Ssl3 due to the POODLE attack.
To resolve this, Fiddler 2.5.1 supports a new Session flag (https-DropSNIAlerts) which can be used to accommodate buggy servers. Inside Rules > Customize Rules > OnBeforeRequest, add
if (oSession.HTTPMethodIs("CONNECT") && oSession.HostnameIs("BuggySite.com"))
{
oSession["https-DropSNIAlerts"] = "yup";
FiddlerApplication.Log.LogString("Legacy compat applied for request to BuggySite.com");
}
This option configures Fiddler to watch the network stream to the server; if an unrecognized_name alert is seen, Fiddler will discard its bytes. Because this alert occurs before encryption is established, this modification is not detected and does not break the channel.
If you’d like, you can set the fiddler.network.https.DropSNIAlerts preference to true to apply this mitigation to all HTTPS connections.
The new Fiddler version recognizes the Project Spartan executables as browser processes, such that the “Web Browsers” filter in the status bar at the bottom of the window will show Project Spartan’s traffic, and the Browse toolbar button offers a Spartan entry in the dropdown.
Note: Presently, Project Spartan does not properly respect changes to the system proxy setting. As a consequence, you may need to restart the browser after attaching or detaching Fiddler as the system proxy.
Here’s a partial list of other changes introduced with the latest build:
FiddlerCore has been updated to version 4.5.1; the new build includes the core engine improvements described above, and all FiddlerCore hosters should upgrade to the latest build as soon as possible.
Please report any problems using the Send Feedback command on Fiddler’s Help menu. Thank you for your support!
-Eric Lawrence
Eric Lawrence (@ericlaw) has built websites and web client software since the mid-1990s. After over a decade of working on the web for Microsoft, Eric joined Telerik in October 2012 to enhance the Fiddler Web Debugger on a full-time basis. With his recent move to Austin, Texas, Eric has now lived in the American South, North, West, and East.