I am told that we could send transactions to fiddler in TLS 1.x and fiddler then would forward transactions in TLS 2.0 to payflowpro.paypal.com.  payflowpro.paypal.com would then return TLS transactions to fiddler and fiddler then would return the transaction to our Ecommerce platform.

Where do I start with this?

Thanks,

Mike

Hi, Eric：

I have two questions. The first is as title. 

The second is: Will OnBeforeResponse be fired if the session has hidden?

Thx a lot!

I have Fiddler v4.6 20171.14978 and ever since upgrading from an older build I cannot capture secure traffic anymore.

I have the option set to Capture HTTPS CONNECTs > Decrypt HTTPS traffic and installed the requested certifications but still no luck.

 

Any ideas? 

 

Thank you!

I am developing IPhone app, I want to use Fiddler to monitor the traffic to identity some request being sent from my app. 

I am using latest FiddlerCore with the following flag set:

var flags = FiddlerCoreStartupFlags.DecryptSSL
                | FiddlerCoreStartupFlags.MonitorAllConnections
                | FiddlerCoreStartupFlags.AllowRemoteClients
                | FiddlerCoreStartupFlags.ChainToUpstreamGateway
                | FiddlerCoreStartupFlags.CaptureLocalhostTraffic;

And i am only collecting the session when AfterSessionComplete raise.

Now what i found is, it seems when i have fiddler core running, it adds some delay into all the traffic during when fiddler is monitoring the traffic. Specially when i am simulating 3G network condition on IPhone developer. 

I used side by side comparison with same network condition on 2 IPhone, one with fiddlercore and one without. I can clear see the one with fiddlercore has slow traffic (results takes longer to load).

I am not sure what is going on. I am trying to see if i missed something when i startup the fiddlercore ?

 

Thanks

Hi everyone, I normally wouldn't post something like this but I couldn't find it anywhere in the docs.

What I'm trying to do right now is block a specific outgoing request to a URL. Basically the site I'm testing sends a request to a URL to complete something, and to test it properly I need to block that request from ever getting sent.

Is there anyway to do this in Fiddler? The guy who's code it is assures me that I can but he forgot how. :p

I can't find any documentation on how to extend the text wizard with new decode options, is it possible?

I would like to add decode of JWT access tokens into more readable form (with dates converted and such). The built in base64 decode is useable but dates are epoch based.

Any pointers? I did find an example of a customized inspector which I got working but wanted to include in text wizard as well

Posting this here as a last resort. I've been using Fiddler for years, but sometime in the past few months, it stopped decrypting all HTTPS traffic using the system proxy. I see the same issue on both my office computer running Win7 and my home machine running Win10. This is with Fiddler4. I suspect it was the result of a recent Fiddler update?

Chrome gives the error page: "Your connection is not private" NET::ERR_CERT_AUTHORITY_INVALID

 I've spent many hours trying every solution I could find online:

- Resetting all certificates with the reset button
- Unchecking 'decrypt HTTP traffic', removing certs, restart Fiddler, check 'decrypt' again
- Generating certs with different generators (CertEnroll, MakeCert)
- Exporting root cert and manually importing into certmgr
- Manually importing into Chrome cert settings

 I see the certificate in the Trusted Root Certificates folder in certmgr. I feel like I've tried everything. Have I missed something?

 

What is the best way to do this?

If it is by simply prompting in BeforeTestList(), then how would you prompt for, say, which host out of 4 choices to use on a particular run?

 

Also, is there any way to directly edit the API tests themselves, other than just view them readonly with the Inspect Baseline option?

I was able to capture the traffic from IOS and andriod 2 weeks back but from 2 days back getting the below error.

 

11:51:43:8688 !SecureClientPipeDirect failed: System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < The certificate chain was issued by an authority that is not trusted for pipe (CN=xxx-xxx.com, O=DO_NOT_TRUST_BC, OU=Created by http://www.fiddler2.com).
11:51:44:0193 !SecureClientPipeDirect failed: System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < The certificate chain was issued by an authority that is not trusted for pipe (CN=xxxx.apple.com, O=DO_NOT_TRUST_BC, OU=Created by http://www.fiddler2.com).

Hi!

This is really puzzling to me. It seems like the forum search function is not working. I just tried to search for "mozroots" in the search bar, and it returned 0 results, even though there is a thread containing the word mozroots on the front page.

I'm attaching a screenshot.