I configured fiddler to redirect all https traffic destined to oldURL.com to newURL.com, using the below fiddlerscript sample from the Telerik Fiddler documentation.

This has been working fine for several months. Today I attempted to execute the same monthly process, but this time it failed.
After some investigation I noticed that fiddler is returning a certificate with the wrong CN
A quick test in Chrome shows that when browsing to https://oldURL.com, fiddler returns a certificate with a subject of CN=newURL.com

This causes the handshake to fail with my application, and the montly process to abort.

I can only assume that this issue crept in when I updated Fiddler last month to: v5.0.20181.14850 for .NET 4.6.1

I have now worked around this by also adding oSession["X-OverrideCertCN"] = "oldURL.com";

What is the correct way to redirect HTTPS request & Tunnel, whilst still providing a correctly named certificate to the client application?

https://docs.telerik.com/fiddler/KnowledgeBase/FiddlerScript/ModifyRequestOrResponse

Just wondering if it's possible to use Fiddler to get an idea of what is going on through a FiddlerCore program.

Ideally something like: Client -> Fiddler -> FiddlerCore -> Server

Hi,

After importing PCAP for file extraction and analysis, I've noticed that Fiddler saves the file matching the file size to the content-length from the response headers entity with NULL bytes .  When manually carving a file from PCAP and removing the headers, the file requested actually end up being an incomplete download. Is this something that Fiddler does by default?  Is there a way to turn this feature off?  Thank you.

Greetings Fellow Fiddlers

We've used Fiddler successfully for a while to intercept and decrypt https traffic from our iOS application (11.0.2) without any problems. However, it became necessary to move to a new Windows-10 VMWare installation. We also took the opportunity to install Fiddler 5.0.2018.1.14850.

We've gone through the various options to "Allow remote computers to connect" and "Decrypt HTTPS". We've also downloaded and run the FiddlerCertMaker. We can see that Fiddler reports that certificates are now generated by "BCCertificateMaker.BCCertificateMaker from CertMaker.dll" and we see the Fiddler "DO_NOT_TRUST_FiddlerRoot" certificate in the Windows-10 Certificate Manager under "Local Computer\Trusted Root Certifications Authorities"

Then from the iOS device we've configured the manual proxy and take our Safari browser to the Fiddler Echo Service page where we download the FiddlerRoot Certificate, installed it and finally confirmed that it is marked as "Verified"

However, when we run our application or browse to https sites from the iPad, Fiddler acknowledges the access and shows tunnel to various URLs, but there is no https decryption.

Furthermore, the Fiddler logs contains the following line repeated for each https access

• SecureClientPipeDirect failed: System.IO.IOException Authentication failed because the remote party has closed the transport stream. for pipe....

Having gone through the process a few times now, there's a fair amount of head scratching going on, What have we missed?

All help is very much appreciated.

Many Thanks

dp

Hi,

I've just started to work packet capturing and I'm confused about an issue.

When capturing the traffic from a website, I don't see the real target the requests are sent to. what's the reason? is it due to some kind of encoding or what?

Thanks

Let me know if further steps I can help troubleshoot on this. Thanks.

Hello, help me please:

how can I do this with a fiddler?

https://imgur.com/a/KI7ta45

profile for test: https://steamcommunity.com/id/_Snowy_/inventory/#730

Hello

I need help with inserting cookies through FiddlerScript. I have cookies like below which contains " inside cookie value, when I remove " from cookie value I stopped getting response from server. Now the real problem is FiddlerScript doesn't consider any cookie value outside " if I am correct. Pls help in finding some solution for me.

Hi there,

I know we don't have a GUI option to filter bodies.

I was thinking about using OnDone for hiding/filtering them.

I just need a way to get the body and a way to block this.

I'm getting too many packets. I would like Fiddler to exclude packets that have no information valuable for my analysis.