I recently upgraded fiddler classic to the latest version, but after the upgrade, my extension file dll did not take effect. Its function is to decrypt traffic, which may be related to the upgrade of fiddler. I read the upgrade description and it seems to be a security-related issue. please help me.
I looked through the documentation and found nothing of value: https://docs.telerik.com/fiddler/extend-fiddler/extendwithdotnet
Fiddler classic the lastest version information:
5.0.20243.10853 [16/05/2024]
fixes:
Check for updates fails in the beta channel.
Update third party dependencies to mitigate potential security vulnerabilities.
2 Answers, 1 is accepted
Hello,
If the extension is available online, please share a download link so that we can reproduce the issue on our side. Also, let us know if there is a specific error and/or technical information related to the way the extension works (or does not work).
Regards,
Nick Iliev
Progress Telerik
Rank 1
Iron
hello:
Normally, it will display ciphertext or output in the original text, so the text will be displayed regardless of whether the traffic is decrypted or not.This is my extension codes:
using System;
using Standard;
using Util;
using Fiddler;
using Newtonsoft.Json.Linq;
using System.Text;
namespace Response
{
public class ResponseDecryption : Inspector2, IResponseInspector2, IBaseInspector2
{
bool mBDirty;
bool mBReadOnly;
byte[] mBody;
HTTPResponseHeaders mResponseHeaders;
ResponseTextViewer mResponseTextViewer;
string mystring;
public ResponseDecryption()
{
mResponseTextViewer = new ResponseTextViewer();
}
public bool bDirty
{
get
{
return this.mBDirty;
}
set
{
mBDirty = value;
}
}
public byte[] body
{
get
{
return this.mBody;
}
set
{
mBody = value;
try
{
byte[] decodedBody = this.DoDecryption();
if (decodedBody != null)
{
mResponseTextViewer.body = decodedBody;
}
else
{
mResponseTextViewer.body = value;
}
}
catch (Newtonsoft.Json.JsonReaderException ex)
{
FiddlerApplication.Log.LogFormat("An error occurred: {0}", ex.ToString());
}
}
}
public byte[] DoDecryption()
{
String rawBody = System.Text.Encoding.Default.GetString(mBody);
if (rawBody.Contains("result"))
{
dynamic data = JObject.Parse(rawBody);
string status = data.resStatus.ToString();
byte[] bytes = Encoding.Default.GetBytes(status);
mystring = Encoding.UTF8.GetString(bytes);
if (!mystring.Contains("\"success"))
{
return null;
}
else
{
string re = data.result;
string text = DecryptionUtil.Decrypt(re);
if (text != null)
{
string res = "{" + '"' + "resStatus" + '"' + ":" + mystring + '"' + "result" + '"' + ":" + text + "}";
byte[] decodeBody = System.Text.Encoding.UTF8.GetBytes(res);
return decodeBody;
}
else
{
this.Clear();
return null;
}
}
}
else
{
this.Clear();
return null;
}
}
public bool bReadOnly
{
get
{
return mBReadOnly;
}
set
{
mBReadOnly = value;
}
}
public HTTPResponseHeaders headers
{
get
{
return this.mResponseHeaders;
}
set
{
mResponseHeaders = value;
}
}
public override void AddToTab(System.Windows.Forms.TabPage o)
{
mResponseTextViewer.AddToTab(o);
o.Text = "Decryptiontext";
}
public void Clear()
{
mBody = null;
mResponseTextViewer.Clear();
}
public override int GetOrder() => 99;
}
}
Rank 1
Iron
https://docs.telerik.com/fiddler/extend-fiddler/createextension (updated through https://github.com/telerik/fiddler-docs/pull/73/files)
https://docs.telerik.com/fiddler/extend-fiddler/loadextension (updated through https://github.com/telerik/fiddler-docs/pull/72/files)
Rank 1
Iron
Update third party dependencies to mitigate potential security vulnerabilities. " This sentence already implies that it is related to dependencies, but it would be better if it could be stated more clearly, so that the problem can be more accurately located.