This is a migrated thread and some comments may be shown as answers.

Fiddler Virus?

1 Answer 134 Views
Fiddler Classic
This is a migrated thread and some comments may be shown as answers.
Stephen
Top achievements
Rank 1
Stephen asked on 16 Jul 2014, 03:42 PM
Hello,

Anyone had recent problems with a virus on fiddler 4.4.9.0?  I have been using fiddler as a proxy server to monitor web service traffic from several embedded devices that talk to my web service.  Recently I have been getting a flood of http packets from some unknown Chinese ip address.  I verified that somehow fiddler is the culprit by running wireshark and fiddler simultaneously.  When fiddler is running I start to get one or two Chinese ip address starting to hit my server.  Over time ( a few minutes ) it becomes a flood of http packets.  I record the chinese ip addresses with wireshark.  I then set the display filter in wireshark to trigger whenever one of these Chinese ip addresses hits the server.  When I run fiddler I get a flood of hits on wireshark.  When I shut down fiddler I get virtually no hits on wireshark.  The problem started a couple of weeks ago around the time when I upgraded fiddler 4.4.9.0.  However, I cannot be sure that the problem is due to 4.4.9.0.  I checked the location of the ip addresses using one of the popular web ip geolocators.  All them are originating from Shijianzhuang, Hebei, China.  The isp is China Unicom in Hebei.  Anyone else having the same problem?  Any fixes?  I will uninstall and re-download fiddler later today and see if the problem persists.

Best Regards,
Steve Mansfield 

1 Answer, 1 is accepted

Sort by
0
Eric Lawrence
Telerik team
answered on 17 Jul 2014, 12:35 AM
Hi, Stephen--

I don't really understand your question. Fiddler is non-malicious, if that's what you're asking. Generally speaking, Fiddler shows traffic from your local computer only, not from "embedded devices" so it sounds like maybe you've set some other configuration? If you were to run Fiddler on a public IP and allow arbitrary connections, then Fiddler could serve as a proxy for anyone who chose to use your IP as a proxy, but you'd see their traffic inside Fiddler itself.

If you have a PCAP of the traffic in question, please feel to email it to me using Help > Send Feedback inside Fiddler and I'll have a look upon my return to the office.

Regards,
Eric Lawrence
Telerik
 

Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

 
Tags
Fiddler Classic
Asked by
Stephen
Top achievements
Rank 1
Answers by
Eric Lawrence
Telerik team
Share this question
or