or
0 answers
231 views
I have this problem that a session is too long to respond. So I want it to be automatically aborted.
Im reissuing multiple request/sessions sequentially. The problem is, when I leave it unattended, if the request freezes (where the server doesn't respond), it stays as it is, it doesnt proceed to next sequence.
So how can we abort session for a certain of time if it doesnt receive a response? So the reissue sequentially function for multiple request will proceed if the server doesnt respond?
Thank you.
peter
Top achievements
Rank 1
Rank 1
asked
on
28 Nov 2017
2 answers
845 views
Where is the FiddlerScript object model documentation?
The Class Explorer only shows the top level's objects' properties, and that's it ...
So, where is the full Fiddler documentation or `.d.ts` file?
Can we edit FiddlerScript in advanced editors with IntelliSense, like Microsoft Visual Studio Code?
Your help is appreciated.
A
Top achievements
Rank 1
Rank 1
answered
on
27 Nov 2017
0 answers
57 views
on mac 10.13.1 , it only can work with --arch=32
the BKM is helpful and workful
0 answers
113 views
Hi , I'd like to Log the traffic every 5 minutes for example
Is this possible in fiddler ??
Thanks :)
Amr
Top achievements
Rank 1
Rank 1
asked
on
22 Nov 2017
0 answers
631 views
I was able to run the FiddlerCore demo (that comes with the package) without issue. I see both http and https traffic being logged on my PC.
My goal now is to do the same for my iOS traffic but I can't figure out what I am missing. I can see my https traffic fine when I use the desktop Fiddler app, by following the instructions at ConfigureForiOS.
I run the console FiddlerCore demo, hit 't' to trust the root certificate and then try to follow the same steps on my iPhone as I did for the Fidder app, namely setting my proxy to the Fiddler instance (my machine's IP and port 7777 as that is what it looks like the demo is using) and trusting the Fiddler cert that I had already installed on my phone when setting it up to work with the desktop Fiddler app. Then when I try to start an app on my phone that goes over https (for example a game) it just hangs. I don't see any errors being logged in the console app. It works ok when just running the desktop Fiddler app.
My SSL/cert/Fiddler knowledge is weak so I am hoping I am just missing a simple step or two. Do I have to somehow copy the root certificate that the demo creates over to my phone? I thought the one already installed when using the Fiddler desktop app would suffice.
Questions:
How can I capture iOS HTTPS traffic using the FiddlerCore demo app?
Do I need to trust the root certificate each time I start the demo app (hitting 't')?
Thanks.
P.S. I added the demo app here, which can be found in the FiddlerCore package, for reference.
using Fiddler;using System;using System.Collections.Generic;using System.Threading;namespace FiddlerCoreDemo{ class Program { static Proxy oSecureEndpoint; static string sSecureEndpointHostname = "localhost"; static int iSecureEndpointPort = 7777; public static void WriteCommandResponse(string s) { ConsoleColor oldColor = Console.ForegroundColor; Console.ForegroundColor = ConsoleColor.Yellow; Console.WriteLine(s); Console.ForegroundColor = oldColor; } public static void DoQuit() { WriteCommandResponse("Shutting down..."); if (null != oSecureEndpoint) oSecureEndpoint.Dispose(); Fiddler.FiddlerApplication.Shutdown(); Thread.Sleep(500); } private static string Ellipsize(string s, int iLen) { if (s.Length <= iLen) return s; return s.Substring(0, iLen - 3) + "..."; }#if SAZ_SUPPORT private static void ReadSessions(List<Fiddler.Session> oAllSessions) { Session[] oLoaded = Utilities.ReadSessionArchive(Environment.GetFolderPath(Environment.SpecialFolder.Desktop) + Path.DirectorySeparatorChar + "ToLoad.saz", false); if ((oLoaded != null) && (oLoaded.Length > 0)) { oAllSessions.AddRange(oLoaded); WriteCommandResponse("Loaded: " + oLoaded.Length + " sessions."); } } private static void SaveSessionsToDesktop(List<Fiddler.Session> oAllSessions) { bool bSuccess = false; string sFilename = Environment.GetFolderPath(Environment.SpecialFolder.DesktopDirectory) + Path.DirectorySeparatorChar + DateTime.Now.ToString("hh-mm-ss") + ".saz"; try { try { Monitor.Enter(oAllSessions); string sPassword = null; Console.WriteLine("Password Protect this Archive (Y/N)?"); ConsoleKeyInfo oCKI = Console.ReadKey(); if ((oCKI.KeyChar == 'y') || (oCKI.KeyChar == 'Y')) { Console.WriteLine("\nEnter the password:"); sPassword = Console.ReadLine(); Console.WriteLine(String.Format("\nEncrypting with Password: '{0}'", sPassword)); } Console.WriteLine(); bSuccess = Utilities.WriteSessionArchive(sFilename, oAllSessions.ToArray(), sPassword, false); } finally { Monitor.Exit(oAllSessions); } WriteCommandResponse( bSuccess ? ("Wrote: " + sFilename) : ("Failed to save: " + sFilename) ); } catch (Exception eX) { Console.WriteLine("Save failed: " + eX.Message); } }#endif private static void WriteSessionList(List<Fiddler.Session> oAllSessions) { ConsoleColor oldColor = Console.ForegroundColor; Console.ForegroundColor = ConsoleColor.White; Console.WriteLine("Session list contains..."); try { Monitor.Enter(oAllSessions); foreach (Session oS in oAllSessions) { Console.Write(String.Format("{0} {1} {2}\n{3} {4}\n\n", oS.id, oS.oRequest.headers.HTTPMethod, Ellipsize(oS.fullUrl, 60), oS.responseCode, oS.oResponse.MIMEType)); } } finally { Monitor.Exit(oAllSessions); } Console.WriteLine(); Console.ForegroundColor = oldColor; } static void Main(string[] args) { List<Fiddler.Session> oAllSessions = new List<Fiddler.Session>(); // <-- Personalize for your Application, 64 chars or fewer Fiddler.FiddlerApplication.SetAppDisplayName("FiddlerCoreDemoApp"); #region AttachEventListeners // // It is important to understand that FiddlerCore calls event handlers on session-handling // background threads. If you need to properly synchronize to the UI-thread (say, because // you're adding the sessions to a list view) you must call .Invoke on a delegate on the // window handle. // // If you are writing to a non-threadsafe data structure (e.g. List<t>) you must // use a Monitor or other mechanism to ensure safety. // // Simply echo notifications to the console. Because Fiddler.CONFIG.QuietMode=true // by default, we must handle notifying the user ourselves. Fiddler.FiddlerApplication.OnNotification += delegate (object sender, NotificationEventArgs oNEA) { Console.WriteLine("** NotifyUser: " + oNEA.NotifyString); }; Fiddler.FiddlerApplication.Log.OnLogString += delegate (object sender, LogEventArgs oLEA) { Console.WriteLine("** LogString: " + oLEA.LogString); }; Fiddler.FiddlerApplication.BeforeRequest += delegate (Fiddler.Session oS) { // Console.WriteLine("Before request for:\t" + oS.fullUrl); // In order to enable response tampering, buffering mode MUST // be enabled; this allows FiddlerCore to permit modification of // the response in the BeforeResponse handler rather than streaming // the response to the client as the response comes in. oS.bBufferResponse = false; Monitor.Enter(oAllSessions); oAllSessions.Add(oS); Monitor.Exit(oAllSessions); // Set this property if you want FiddlerCore to automatically authenticate by // answering Digest/Negotiate/NTLM/Kerberos challenges itself // oS["X-AutoAuth"] = "(default)"; /* If the request is going to our secure endpoint, we'll echo back the response. Note: This BeforeRequest is getting called for both our main proxy tunnel AND our secure endpoint, so we have to look at which Fiddler port the client connected to (pipeClient.LocalPort) to determine whether this request was sent to secure endpoint, or was merely sent to the main proxy tunnel (e.g. a CONNECT) in order to *reach* the secure endpoint. As a result of this, if you run the demo and visit https://localhost:7777 in your browser, you'll see Session list contains... 1 CONNECT http://localhost:7777 200 <-- CONNECT tunnel sent to the main proxy tunnel, port 8877 2 GET https://localhost:7777/ 200 text/html <-- GET request decrypted on the main proxy tunnel, port 8877 3 GET https://localhost:7777/ 200 text/html <-- GET request received by the secure endpoint, port 7777 */ if ((oS.oRequest.pipeClient.LocalPort == iSecureEndpointPort) && (oS.hostname == sSecureEndpointHostname)) { oS.utilCreateResponseAndBypassServer(); oS.oResponse.headers.SetStatus(200, "Ok"); oS.oResponse["Content-Type"] = "text/html; charset=UTF-8"; oS.oResponse["Cache-Control"] = "private, max-age=0"; oS.utilSetResponseBody("<html><body>Request for httpS://" + sSecureEndpointHostname + ":" + iSecureEndpointPort.ToString() + " received. Your request was:<br /><plaintext>" + oS.oRequest.headers.ToString()); } }; /* // The following event allows you to examine every response buffer read by Fiddler. Note that this isn't useful for the vast majority of // applications because the raw buffer is nearly useless; it's not decompressed, it includes both headers and body bytes, etc. // // This event is only useful for a handful of applications which need access to a raw, unprocessed byte-stream Fiddler.FiddlerApplication.OnReadResponseBuffer += new EventHandler<RawReadEventArgs>(FiddlerApplication_OnReadResponseBuffer); */ /* Fiddler.FiddlerApplication.BeforeResponse += delegate(Fiddler.Session oS) { // Console.WriteLine("{0}:HTTP {1} for {2}", oS.id, oS.responseCode, oS.fullUrl); // Uncomment the following two statements to decompress/unchunk the // HTTP response and subsequently modify any HTTP responses to replace // instances of the word "Microsoft" with "Bayden". You MUST also // set bBufferResponse = true inside the beforeREQUEST method above. // //oS.utilDecodeResponse(); oS.utilReplaceInResponse("Microsoft", "Bayden"); };*/ Fiddler.FiddlerApplication.AfterSessionComplete += delegate (Fiddler.Session oS) { //Console.WriteLine("Finished session:\t" + oS.fullUrl); Console.Title = ("Session list contains: " + oAllSessions.Count.ToString() + " sessions"); }; // Tell the system console to handle CTRL+C by calling our method that // gracefully shuts down the FiddlerCore. // // Note, this doesn't handle the case where the user closes the window with the close button. // See http://geekswithblogs.net/mrnat/archive/2004/09/23/11594.aspx for info on that... // Console.CancelKeyPress += new ConsoleCancelEventHandler(Console_CancelKeyPress); #endregion AttachEventListeners string sSAZInfo = "NoSAZ";#if SAZ_SUPPORT sSAZInfo = Assembly.GetAssembly(typeof(Ionic.Zip.ZipFile)).FullName; // You can load Transcoders from any different assembly if you'd like, using the ImportTranscoders(string AssemblyPath) // overload. // //if (!FiddlerApplication.oTranscoders.ImportTranscoders(Assembly.GetExecutingAssembly())) //{ // Console.WriteLine("This assembly was not compiled with a SAZ-exporter"); //} DNZSAZProvider.fnObtainPwd = () => { Console.WriteLine("Enter the password (or just hit Enter to cancel):"); string sResult = Console.ReadLine(); Console.WriteLine(); return sResult; }; FiddlerApplication.oSAZProvider = new DNZSAZProvider();#endif Console.WriteLine(String.Format("Starting {0} ({1})...", Fiddler.FiddlerApplication.GetVersionString(), sSAZInfo)); // For the purposes of this demo, we'll forbid connections to HTTPS // sites that use invalid certificates. Change this from the default only // if you know EXACTLY what that implies. Fiddler.CONFIG.IgnoreServerCertErrors = false; // ... but you can allow a specific (even invalid) certificate by implementing and assigning a callback... // FiddlerApplication.OnValidateServerCertificate += new System.EventHandler<ValidateServerCertificateEventArgs>(CheckCert); FiddlerApplication.Prefs.SetBoolPref("fiddler.network.streaming.abortifclientaborts", true); // For forward-compatibility with updated FiddlerCore libraries, it is strongly recommended that you // start with the DEFAULT options and manually disable specific unwanted options. FiddlerCoreStartupFlags oFCSF = FiddlerCoreStartupFlags.Default; // E.g. If you want to add a flag, start with the .Default and "OR" the new flag on: // oFCSF = (oFCSF | FiddlerCoreStartupFlags.CaptureFTP); // ... or if you don't want a flag in the defaults, "and not" it out: // Uncomment the next line if you don't want FiddlerCore to act as the system proxy // oFCSF = (oFCSF & ~FiddlerCoreStartupFlags.RegisterAsSystemProxy); // ******************************* // Important HTTPS Decryption Info // ******************************* // When FiddlerCoreStartupFlags.DecryptSSL is enabled, you must include either // // MakeCert.exe // // *or* // // CertMaker.dll // BCMakeCert.dll // // ... in the folder where your executable and FiddlerCore.dll live. These files // are needed to generate the self-signed certificates used to man-in-the-middle // secure traffic. MakeCert.exe uses Windows APIs to generate certificates which // are stored in the user's \Personal\ Certificates store. These certificates are // NOT compatible with iOS devices which require specific fields in the certificate // which are not set by MakeCert.exe. // // In contrast, CertMaker.dll uses the BouncyCastle C# library (BCMakeCert.dll) to // generate new certificates from scratch. These certificates are stored in memory // only, and are compatible with iOS devices. // Uncomment the next line if you don't want to decrypt SSL traffic. // oFCSF = (oFCSF & ~FiddlerCoreStartupFlags.DecryptSSL); // NOTE: In the next line, you can pass 0 for the port (instead of 8877) to have FiddlerCore auto-select an available port int iPort = 8877; Fiddler.FiddlerApplication.Startup(iPort, oFCSF); FiddlerApplication.Log.LogFormat("Created endpoint listening on port {0}", iPort); FiddlerApplication.Log.LogFormat("Starting with settings: [{0}]", oFCSF); FiddlerApplication.Log.LogFormat("Gateway: {0}", CONFIG.UpstreamGateway.ToString()); Console.WriteLine("Hit CTRL+C to end session."); // We'll also create a HTTPS listener, useful for when FiddlerCore is masquerading as a HTTPS server // instead of acting as a normal CERN-style proxy server. oSecureEndpoint = FiddlerApplication.CreateProxyEndpoint(iSecureEndpointPort, true, sSecureEndpointHostname); if (null != oSecureEndpoint) { FiddlerApplication.Log.LogFormat("Created secure endpoint listening on port {0}, using a HTTPS certificate for '{1}'", iSecureEndpointPort, sSecureEndpointHostname); } bool bDone = false; do { Console.WriteLine("\nEnter a command [C=Clear; L=List; G=Collect Garbage; W=write SAZ; R=read SAZ;\n\tS=Toggle Forgetful Streaming; T=Trust Root Certificate; Q=Quit]:"); Console.Write(">"); ConsoleKeyInfo cki = Console.ReadKey(); Console.WriteLine(); switch (Char.ToLower(cki.KeyChar)) { case 'c': Monitor.Enter(oAllSessions); oAllSessions.Clear(); Monitor.Exit(oAllSessions); WriteCommandResponse("Clear..."); FiddlerApplication.Log.LogString("Cleared session list."); break; case 'd': FiddlerApplication.Log.LogString("FiddlerApplication::Shutdown."); FiddlerApplication.Shutdown(); break; case 'l': WriteSessionList(oAllSessions); break; case 'g': Console.WriteLine("Working Set:\t" + Environment.WorkingSet.ToString("n0")); Console.WriteLine("Begin GC..."); GC.Collect(); Console.WriteLine("GC Done.\nWorking Set:\t" + Environment.WorkingSet.ToString("n0")); break; case 'q': bDone = true; DoQuit(); break; case 'r':#if SAZ_SUPPORT ReadSessions(oAllSessions);#else WriteCommandResponse("This demo was compiled without SAZ_SUPPORT defined");#endif break; case 'w':#if SAZ_SUPPORT if (oAllSessions.Count > 0) { SaveSessionsToDesktop(oAllSessions); } else { WriteCommandResponse("No sessions have been captured"); }#else WriteCommandResponse("This demo was compiled without SAZ_SUPPORT defined");#endif break; case 't': try { WriteCommandResponse("Result: " + Fiddler.CertMaker.trustRootCert().ToString()); } catch (Exception eX) { WriteCommandResponse("Failed: " + eX.ToString()); } break; // Forgetful streaming case 's': bool bForgetful = !FiddlerApplication.Prefs.GetBoolPref("fiddler.network.streaming.ForgetStreamedData", false); FiddlerApplication.Prefs.SetBoolPref("fiddler.network.streaming.ForgetStreamedData", bForgetful); Console.WriteLine(bForgetful ? "FiddlerCore will immediately dump streaming response data." : "FiddlerCore will keep a copy of streamed response data."); break; } } while (!bDone); } /* /// <summary> /// This callback allows your code to evaluate the certificate for a site and optionally override default validation behavior for that certificate. /// You should not implement this method unless you understand why it is a security risk. /// </summary> static void CheckCert(object sender, ValidateServerCertificateEventArgs e) { if (null != e.ServerCertificate) { Console.WriteLine("Certificate for " + e.ExpectedCN + " was for site " + e.ServerCertificate.Subject + " and errors were " + e.CertificatePolicyErrors.ToString()); if (e.ServerCertificate.Subject.Contains("fiddler2.com")) { Console.WriteLine("Got a certificate for fiddler2.com. We'll say this is also good for any other site, like https://fiddlertool.com."); e.ValidityState = CertificateValidity.ForceValid; } } } */ /* // This event handler is called on every socket read for the HTTP Response. You almost certainly don't want // to add a handler for this event, but the code below shows how you can use it to mess up your HTTP traffic. static void FiddlerApplication_OnReadResponseBuffer(object sender, RawReadEventArgs e) { // NOTE: arrDataBuffer is a fixed-size array. Only bytes 0 to iCountOfBytes should be read/manipulated. // // Just for kicks, lowercase every byte. Note that this will obviously break any binary content. for (int i = 0; i < e.iCountOfBytes; i++) { if ((e.arrDataBuffer[i] > 0x40) && (e.arrDataBuffer[i] < 0x5b)) { e.arrDataBuffer[i] = (byte)(e.arrDataBuffer[i] + (byte)0x20); } } Console.WriteLine(String.Format("Read {0} response bytes for session {1}", e.iCountOfBytes, e.sessionOwner.id)); } */ /// <summary> /// When the user hits CTRL+C, this event fires. We use this to shut down and unregister our FiddlerCore. /// </summary> /// <param name="sender"></param> /// <param name="e"></param> static void Console_CancelKeyPress(object sender, ConsoleCancelEventArgs e) { DoQuit(); } }}
Red
Top achievements
Rank 1
Rank 1
asked
on
19 Nov 2017
0 answers
98 views
Hi,
is possible in to generate/add fiddler root certificate from command line?
5 answers
1.4K+ views
I'm trying to capture traffic from iOS Facebook.app. Because it uses SSL pinning I have jailbroken iOS 7.1 with installed ssl-kill-swithch-2 https://github.com/nabla-c0d3/ssl-kill-switch2 v0.7 on my iPad 3. Everything works just fine with some other apps - I'm able to capture https traffic from itunes account login (which also has ssl pinning), ios system facebook account login (SSO) and event few initial requests from Facebook.app (login/config/SSO login). But later Fiddler stops decryption and I see such messages in fiddler and ios log console:
!SecureClientPipeDirect failed: System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < The certificate chain was issued by an authority that is not trusted for pipe (CN=graph.facebook.com, O=DO_NOT_TRUST_BC, OU=Created by http://www.fiddler2.com).
iPad Facebook[1050] <Notice>: MS:Notice: Injecting: com.facebook.Facebook [Facebook] (847.24)
iPad Facebook[1050] <Notice>: MS:Notice: Loading: /Library/MobileSubstrate/DynamicLibraries/SSLKillSwitch2.dylib
iPad Facebook[1050] <Warning>: === SSL Kill Switch 2: Preference set to 1.
iPad Facebook[1050] <Warning>: === SSL Kill Switch 2: Subtrate hook enabled.
iPad backboardd[676] <Error>: HID: The 'Passive' connection 'Facebook' access to protected services is denied.
My current configuration for sert generation is (I was trying to use some default engine but with no success at all) -
Certificate Engine: BCCertMaker.BCCertMaker
Engine Version: 1.5.1.1
ValidFrom: 7 days ago
ValidFor: 2 years
HashAlg: SHA256WITHRSA
KeyLen: 2048
RootKeyLen: 2048
ReuseServerKeys: True
That's successfull handshake when https decryption is off
A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.
Version: 3.3 (TLS/1.2)
Random: 63 1C 6F F3 F4 30 30 C6 C4 9F 4E 89 E2 3C FF 72 DD F2 B0 8F 5E 63 B3 9C 17 44 A5 36 C3 D7 63 48
"Time": 6/3/2099 7:47:31 AM
SessionID: empty
Extensions:
server_name graph.facebook.com
ec_point_formats uncompressed [0x0], ansiX962_compressed_prime [0x1], ansiX962_compressed_char2 [0x2]
elliptic_curves secp256r1 [0x17], secp521r1 [0x19], unknown [0x1C), unknown [0x1B), secp384r1 [0x18], unknown [0x1A), secp256k1 [0x16], sect571r1 [0xE], sect571k1 [0xD], sect409k1 [0xB], sect409r1 [0xC], sect283k1 [0x9], sect283r1 [0xA]
SessionTicket empty
signature_algs sha512_rsa, sha512_dsa, sha512_ecdsa, sha384_rsa, sha384_dsa, sha384_ecdsa, sha256_rsa, sha256_dsa, sha256_ecdsa, sha224_rsa, sha224_dsa, sha224_ecdsa, sha1_rsa, sha1_dsa, sha1_ecdsa
NextProtocolNego empty
ALPN spdy/3.1-fb-0.5, spdy/3.1, spdy/3, http/1.1
Ciphers:
[C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
[C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
[C028] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
[C024] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
[C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
[C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
[00A5] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
[00A3] TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
[00A1] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
[009F] TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
[006B] TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
[006A] TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
[0069] TLS_DH_RSA_WITH_AES_256_CBC_SHA256
[0068] TLS_DH_DSS_WITH_AES_256_CBC_SHA256
[0039] TLS_DHE_RSA_WITH_AES_256_SHA
[0038] TLS_DHE_DSS_WITH_AES_256_SHA
[0037] TLS_DH_RSA_WITH_AES_256_SHA
[0036] TLS_DH_DSS_WITH_AES_256_SHA
[C032] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
[C02E] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
[C02A] TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
[C026] TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
[C00F] TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
[C005] TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
[009D] TLS_RSA_WITH_AES_256_GCM_SHA384
[003D] TLS_RSA_WITH_AES_256_CBC_SHA256
[0035] TLS_RSA_AES_256_SHA
[C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
[C027] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
[C023] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
[C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
[C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
[00A4] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
[00A2] TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
[00A0] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
[009E] TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
[0067] TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
[0040] TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
[003F] TLS_DH_RSA_WITH_AES_128_CBC_SHA256
[003E] TLS_DH_DSS_WITH_AES_128_CBC_SHA256
[0033] TLS_DHE_RSA_WITH_AES_128_SHA
[0032] TLS_DHE_DSS_WITH_AES_128_SHA
[0031] TLS_DH_RSA_WITH_AES_128_SHA
[0030] TLS_DH_DSS_WITH_AES_128_SHA
[C031] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
[C02D] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
[C029] TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
[C025] TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
[C00E] TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
[C004] TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
[009C] TLS_RSA_WITH_AES_128_GCM_SHA256
[003C] TLS_RSA_WITH_AES_128_CBC_SHA256
[002F] TLS_RSA_AES_128_SHA
[C011] TLS_ECDHE_RSA_WITH_RC4_128_SHA
[C007] TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
[C00C] TLS_ECDH_RSA_WITH_RC4_128_SHA
[C002] TLS_ECDH_ECDSA_WITH_RC4_128_SHA
[0005] SSL_RSA_WITH_RC4_128_SHA
[0004] SSL_RSA_WITH_RC4_128_MD5
[C012] TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
[C008] TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
[0016] SSL_DHE_RSA_WITH_3DES_EDE_SHA
[0013] SSL_DHE_DSS_WITH_3DES_EDE_SHA
[0010] SSL_DH_RSA_WITH_3DES_EDE_SHA
[000D] SSL_DH_DSS_WITH_3DES_EDE_SHA
[C00D] TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
[C003] TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
[000A] SSL_RSA_WITH_3DES_EDE_SHA
[0015] SSL_DHE_RSA_WITH_DES_SHA
[0012] SSL_DHE_DSS_WITH_DES_SHA
[000F] SSL_DH_RSA_WITH_DES_SHA
[000C] SSL_DH_DSS_WITH_DES_SHA
[0009] SSL_RSA_WITH_DES_SHA
[00FF] TLS_EMPTY_RENEGOTIATION_INFO_SCSV
Compression:
[00] NO_COMPRESSION
HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 09:06:07.630
Connection: close
This is a CONNECT tunnel, through which encrypted HTTPS traffic flows.
To view the encrypted sessions inside this tunnel, enable the Tools > Fiddler Options > HTTPS > Decrypt HTTPS traffic option.
A SSLv3-compatible ServerHello handshake was found. Fiddler extracted the parameters below.
Version: 3.3 (TLS/1.2)
SessionID: empty
Random: 02 36 8B 0A 1E C9 E6 9D E9 79 7A 9A AC 58 F4 07 B8 E8 0E 82 F1 30 99 07 E2 73 DE 65 8F 62 13 69
Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [0xC02B]
CompressionSuite: NO_COMPRESSION [0x00]
Extensions:
server_name empty
renegotiation_info 00
ec_point_formats uncompressed [0x0], ansiX962_compressed_prime [0x1], ansiX962_compressed_char2 [0x2]
SessionTicket empty
ALPN spdy/3.1-fb-0.5
That's handshake when https description is on and nothing is working
A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.
Version: 3.3 (TLS/1.2)
Random: 2F 1E F8 40 97 85 8E 3D B2 B4 AE D2 94 2A C0 F3 D7 83 74 27 73 C5 2A 81 2C 79 CE C9 30 9F E0 8E
"Time": 7/16/2004 9:27:59 PM
SessionID: F5 62 B7 87 EB 10 5E F8 CB 94 A0 0F 1E 20 65 C5 1E F7 E2 56 D0 DC 2F CE 75 F5 EE 95 18 78 66 30
Extensions:
server_name graph.facebook.com
ec_point_formats uncompressed [0x0], ansiX962_compressed_prime [0x1], ansiX962_compressed_char2 [0x2]
elliptic_curves secp256r1 [0x17], secp521r1 [0x19], unknown [0x1C), unknown [0x1B), secp384r1 [0x18], unknown [0x1A), secp256k1 [0x16], sect571r1 [0xE], sect571k1 [0xD], sect409k1 [0xB], sect409r1 [0xC], sect283k1 [0x9], sect283r1 [0xA]
SessionTicket 95 4E 45 70 72 EA 25 5C 5D DA A5 42 D4 66 52 F7 96 E8 65 71 CB A1 71 49 8E 02 CD 4F E1 95 FF 99 16 68 E5 3E 6D 0B 30 BB 79 A2 E9 54 C1 0C F0 41 04 5E 30 9F 98 58 69 7B 9D 26 77 32 0E E3 7F 90 7F 1E 99 9E 45 52 10 90 30 F1 8F 4D D3 C3 DD 72 F4 60 E3 CC 61 50 4E 5C A8 49 6D 0C 75 24 C2 2A 5F 1B BC 32 DD C1 BE 61 71 75 06 C5 E2 A7 17 BD 70 75 19 72 6F 15 2D C5 CD D3 B4 36 9B EF 9B DE AF 61 AE 3C 60 B7 28 F5 92 4D 53 DD DB E6 90 DB 35 43 10 86 17 B3 69 CB CC 57 CF 58 17 11 58 AF 80 30 D4 CC 81 16 5F 0F 0F 42 01 63 68 84 54 3A 4F 59 61 E7 F4 63 C3 C4 10 D5 67 8D 34 C1 3E 23
signature_algs sha512_rsa, sha512_dsa, sha512_ecdsa, sha384_rsa, sha384_dsa, sha384_ecdsa, sha256_rsa, sha256_dsa, sha256_ecdsa, sha224_rsa, sha224_dsa, sha224_ecdsa, sha1_rsa, sha1_dsa, sha1_ecdsa
NextProtocolNego empty
ALPN spdy/3.1-fb-0.5, spdy/3.1, spdy/3, http/1.1
Ciphers:
[C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
[C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
[C028] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
[C024] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
[C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
[C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
[00A5] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
[00A3] TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
[00A1] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
[009F] TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
[006B] TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
[006A] TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
[0069] TLS_DH_RSA_WITH_AES_256_CBC_SHA256
[0068] TLS_DH_DSS_WITH_AES_256_CBC_SHA256
[0039] TLS_DHE_RSA_WITH_AES_256_SHA
[0038] TLS_DHE_DSS_WITH_AES_256_SHA
[0037] TLS_DH_RSA_WITH_AES_256_SHA
[0036] TLS_DH_DSS_WITH_AES_256_SHA
[C032] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
[C02E] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
[C02A] TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
[C026] TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
[C00F] TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
[C005] TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
[009D] TLS_RSA_WITH_AES_256_GCM_SHA384
[003D] TLS_RSA_WITH_AES_256_CBC_SHA256
[0035] TLS_RSA_AES_256_SHA
[C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
[C027] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
[C023] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
[C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
[C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
[00A4] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
[00A2] TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
[00A0] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
[009E] TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
[0067] TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
[0040] TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
[003F] TLS_DH_RSA_WITH_AES_128_CBC_SHA256
[003E] TLS_DH_DSS_WITH_AES_128_CBC_SHA256
[0033] TLS_DHE_RSA_WITH_AES_128_SHA
[0032] TLS_DHE_DSS_WITH_AES_128_SHA
[0031] TLS_DH_RSA_WITH_AES_128_SHA
[0030] TLS_DH_DSS_WITH_AES_128_SHA
[C031] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
[C02D] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
[C029] TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
[C025] TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
[C00E] TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
[C004] TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
[009C] TLS_RSA_WITH_AES_128_GCM_SHA256
[003C] TLS_RSA_WITH_AES_128_CBC_SHA256
[002F] TLS_RSA_AES_128_SHA
[C011] TLS_ECDHE_RSA_WITH_RC4_128_SHA
[C007] TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
[C00C] TLS_ECDH_RSA_WITH_RC4_128_SHA
[C002] TLS_ECDH_ECDSA_WITH_RC4_128_SHA
[0005] SSL_RSA_WITH_RC4_128_SHA
[0004] SSL_RSA_WITH_RC4_128_MD5
[C012] TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
[C008] TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
[0016] SSL_DHE_RSA_WITH_3DES_EDE_SHA
[0013] SSL_DHE_DSS_WITH_3DES_EDE_SHA
[0010] SSL_DH_RSA_WITH_3DES_EDE_SHA
[000D] SSL_DH_DSS_WITH_3DES_EDE_SHA
[C00D] TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
[C003] TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
[000A] SSL_RSA_WITH_3DES_EDE_SHA
[0015] SSL_DHE_RSA_WITH_DES_SHA
[0012] SSL_DHE_DSS_WITH_DES_SHA
[000F] SSL_DH_RSA_WITH_DES_SHA
[000C] SSL_DH_DSS_WITH_DES_SHA
[0009] SSL_RSA_WITH_DES_SHA
[00FF] TLS_EMPTY_RENEGOTIATION_INFO_SCSV
Compression:
[00] NO_COMPRESSION
HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 09:12:01.913
Connection: close
I'm wonderying how to solve this issue and where this problem come from?
0 answers
76 views
All,
Is it possible to install Fiddler in SLES 12.3 (SESU linux ?)
thanks
-Siva
1 answer
323 views
Hi, attempting to debug sporadic issues with website. In a fiddler trace or in an imported IE F12 network trace I will see bad requests that only contain following header. There is no response and request header is even incomplete. What causes such a request as not even a GET or POST and the URL is even malformed? url is missing the domain and type is NONE and http is 0.0. ??
NONE https:///registration/1/registercli/reg HTTP/0.0
Thank you
Chase
Top achievements
Rank 1
Rank 1
answered
on
13 Nov 2017
0 answers
129 views
Hi,
I am using an app in C# to send POST web requests to another website and I want to capture the response but I have to specify the proxy first:
The following is used in my code
request.Proxy = new WebProxy("url", 8888);
I am not sure what I should write in the URL part for the proxy to work
