Hello

i have problem can't see data in Tunnel possible can fix my problem

or how to setting for see data 

 

i use android app on proxy, if disable Decryption HTTPs app can login

when enable Decryption HTTPs app can't login 

 

i install Certificate to Desktop and mobile done and

" this tunnel will be shown in the Web Sessions list. "

how to see ?

 

thankyou

Hello

i have problem about sniffer android app not use FiddlerRoot.cer trusting the certificate. 

how to make app use FiddlerRoot.cer trusting the certificate ?

or have solution for fix ?

 

A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

Version: 3.1 (TLS/1.0)
Random: 5B 58 4D 7F 62 A3 B1 10 57 97 F2 D2 55 17 F5 E0 65 8A 01 07 F2 3E 77 B1 A4 CC C2 79 02 BC 46 62
"Time": 5/9/2580 21:55:23
SessionID: empty
Extensions: 
server_name mobile-api-gateway.xxxx.com
ec_point_formats uncompressed [0x0], ansiX962_compressed_prime [0x1], ansiX962_compressed_char2  [0x2]
elliptic_curves sect571r1 [0xE], sect571k1 [0xD], secp521r1 [0x19], sect409k1 [0xB], sect409r1 [0xC], secp384r1 [0x18], sect283k1 [0x9], sect283r1 [0xA], secp256k1 [0x16], secp256r1 [0x17], sect239k1 [0x8], sect233k1 [0x6], sect233r1 [0x7], secp224k1 [0x14], secp224r1 [0x15], sect193r1 [0x4], sect193r2 [0x5], secp192k1 [0x12], secp192r1 [0x13], sect163k1 [0x1], sect163r1 [0x2], sect163r2 [0x3], secp160k1 [0xF], secp160r1 [0x10], secp160r2 [0x11]
SessionTicket empty
Ciphers: 
[002F] TLS_RSA_AES_128_SHA
[0035] TLS_RSA_AES_256_SHA
[C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
[C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
[000A] SSL_RSA_WITH_3DES_EDE_SHA
[00FF] TLS_EMPTY_RENEGOTIATION_INFO_SCSV

Compression: 
[00] NO_COMPRESSION

************************************

 

Encrypted HTTPS traffic flows through this CONNECT tunnel. HTTPS Decryption is enabled in Fiddler, so decrypted sessions running in this tunnel will be shown in the Web Sessions list.

Secure Protocol: Tls
Cipher: Aes128 128bits
Hash Algorithm: Sha1 160bits
Key Exchange: ECDHE_RSA (0xae06) 256bits

== Server Certificate ==========
[Subject]
  CN=*.xxx.com, O="xxxx Co., Ltd.", L=xxxx S=xxxx, C=xxxx

[Issuer]
  CN=Entrust Certification Authority - L1K, OU="(c) 2012 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US

[Serial Number]
  75232D3D56BA3EA30000000050DD25E9

[Not Before]
  30/6/2560 10:08:38

[Not After]
  8/8/2562 10:38:36

[Thumbprint]
  6D0BB124B87D9747714104A2C1114F20276E9D08

[SubjectAltNames]
*.xxxx.com, xxxx.com

 

thankyou

    Apparently, Google made some changes in later versions of Android that prevent the usage of user certificates in apps. Is there any way to bypass this? I am rooted, by the way.

I am having problems decrypting any SSL traffic on my Windows 10 PC.

I have tried Eric's post on resetting certificates to no avail.

I am seeing this on all SSL requests, this one is for the first request to fiddler to check for fiddler updates, for example: 

09:50:02:3744 fiddler.network.https> HTTPS handshake to www.fiddler2.com (for #1) failed. System.Security.Cryptography.CryptographicException Unspecified error

To try and isolate the issue I installed Charles and it is able to decrpyt SSL requests so I dont believe it is a system-wide / local network issue.

Any help much appreciated as Fiddler is such an excellent tool.

Is it possible for me to block a CONNECT session that is using TLS 1.1 or TLS 1.0?

 

I see that I can script 

if (!oSession.HTTPMethodIs("CONNECT")) 
{ 
}

but I'm not sure what to do to determine TLS version inside the if clause.

Hello, i used Fiddler for years and never got any issue, somehow i'm using it for botting in a Discord channel for some experience points, i simply added a rule with a delay of 30000 and sometimes for an obscure reason the request is either pending (this never complete) or this crash just with that error, what can probably be the reason ?

Also cheer up on this software, it's the best HTTP/HTTPS debugger so far and very useful combined with hackish stuff =P.

Hello Guys.!

I have a big problem.

I tryed to capture https packets on Android mobile app using chrome and etc browsers.

But, When I tryed to capture https packets on Android app I got a this pop-up issue.

Could you please fix this issue? 

Eric - you have developed a fantastic product in Fiddler and I hope it has given you the means to spend the rest of your days in comfort and security.

I cannot begin to list the number of times Fiddler has 'saved my sorry ass' as I try to navigate the horrors of Microsoft + HTTP + the Internet + Websites galore.  Despite EVERYTHING - and with the aid of Fiddler - I have managed to develop network apps that do just about everything ... but I wouldn't have even got beyond first base without Fiddler.

Its a stupendous product of which you can be justly proud.

 

Kind regards

 

Ray

Hello,

im using chrome, i want to prevent/block fiddler white webview from automatically opened when browser unable to open pages (ex. internet time out)

any ideas how to do it ?

or any idea how to access and edit webviewer script ?

Good day. 

 

I've been trying to capture HTTPS traffic from an Android app running in an emulator(LDPlayer).

Emulator was configured to use Fiddler's proxy and i'm seemingly able to decrypt HTTPS tunnels(pic1), but then i get these logs(pic2) and i guess incomplete responses(pic3). Looks like the problem is in application using wildcard hostname in his requests. What is the most possible cause for this behaviour?

 

Thanks.