I have Fiddler v4.6 20171.14978 and ever since upgrading from an older build I cannot capture secure traffic anymore.

I have the option set to Capture HTTPS CONNECTs > Decrypt HTTPS traffic and installed the requested certifications but still no luck.

Any ideas? 

Thank you!

I am developing IPhone app, I want to use Fiddler to monitor the traffic to identity some request being sent from my app. 

I am using latest FiddlerCore with the following flag set:

var flags = FiddlerCoreStartupFlags.DecryptSSL
                | FiddlerCoreStartupFlags.MonitorAllConnections
                | FiddlerCoreStartupFlags.AllowRemoteClients
                | FiddlerCoreStartupFlags.ChainToUpstreamGateway
                | FiddlerCoreStartupFlags.CaptureLocalhostTraffic;

And i am only collecting the session when AfterSessionComplete raise.

Now what i found is, it seems when i have fiddler core running, it adds some delay into all the traffic during when fiddler is monitoring the traffic. Specially when i am simulating 3G network condition on IPhone developer. 

I used side by side comparison with same network condition on 2 IPhone, one with fiddlercore and one without. I can clear see the one with fiddlercore has slow traffic (results takes longer to load).

I am not sure what is going on. I am trying to see if i missed something when i startup the fiddlercore ?

Thanks

Hi everyone, I normally wouldn't post something like this but I couldn't find it anywhere in the docs.

What I'm trying to do right now is block a specific outgoing request to a URL. Basically the site I'm testing sends a request to a URL to complete something, and to test it properly I need to block that request from ever getting sent.

Is there anyway to do this in Fiddler? The guy who's code it is assures me that I can but he forgot how. :p

I can't find any documentation on how to extend the text wizard with new decode options, is it possible?

I would like to add decode of JWT access tokens into more readable form (with dates converted and such). The built in base64 decode is useable but dates are epoch based.

Any pointers? I did find an example of a customized inspector which I got working but wanted to include in text wizard as well

Posting this here as a last resort. I've been using Fiddler for years, but sometime in the past few months, it stopped decrypting all HTTPS traffic using the system proxy. I see the same issue on both my office computer running Win7 and my home machine running Win10. This is with Fiddler4. I suspect it was the result of a recent Fiddler update?

Chrome gives the error page: "Your connection is not private" NET::ERR_CERT_AUTHORITY_INVALID

 I've spent many hours trying every solution I could find online:

- Resetting all certificates with the reset button
- Unchecking 'decrypt HTTP traffic', removing certs, restart Fiddler, check 'decrypt' again
- Generating certs with different generators (CertEnroll, MakeCert)
- Exporting root cert and manually importing into certmgr
- Manually importing into Chrome cert settings

 I see the certificate in the Trusted Root Certificates folder in certmgr. I feel like I've tried everything. Have I missed something?

What is the best way to do this?

If it is by simply prompting in BeforeTestList(), then how would you prompt for, say, which host out of 4 choices to use on a particular run?

Also, is there any way to directly edit the API tests themselves, other than just view them readonly with the Inspect Baseline option?

I was able to capture the traffic from IOS and andriod 2 weeks back but from 2 days back getting the below error.

11:51:43:8688 !SecureClientPipeDirect failed: System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < The certificate chain was issued by an authority that is not trusted for pipe (CN=xxx-xxx.com, O=DO_NOT_TRUST_BC, OU=Created by http://www.fiddler2.com).
11:51:44:0193 !SecureClientPipeDirect failed: System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < The certificate chain was issued by an authority that is not trusted for pipe (CN=xxxx.apple.com, O=DO_NOT_TRUST_BC, OU=Created by http://www.fiddler2.com).

Hi!

This is really puzzling to me. It seems like the forum search function is not working. I just tried to search for "mozroots" in the search bar, and it returned 0 results, even though there is a thread containing the word mozroots on the front page.

I'm attaching a screenshot.

Hi, I'm trying to proxy and cache some responses that are being redownloaded over and over.

To do that I wrote this simple customization in FiddlerScript:

And presumably it should work - when captureRequests=true - fiddler captures requests from a particular domain into a folder, preserving path and file name

When replayRequests = true - it simply replays existing files.

The problem here that even if I just capturing the data (I suspect I may be replaying too late - fiddler would call http already by that time...) - fiddler throws a lot of errors with this text: 

I tried to investigate it by playing with code and identified that for some reason a typical file path like `c:\Projects\Fiddler\api.nuget.org\v3\registration1-gz\analytics\index.json` causes an error. Or that code is somehow not thread safe and competing requests simply break it (and visual studio starts them in parallel so there is a high chance of some kind of race).

Can anyone suggest what am I doing wrong here or maybe advice on better solution to the problem.

Hello,

I hope this is the correct forum for my question.

I am learning to use Fiddler (for debugging API's issues) hence I could be asking a question which is very basic or non-sensical, in this case I apologise upfront.

I would like Fiddler to show the streams going to Shopify using their API's:- in this example I have a simple GET Customers coded in Microsoft Dotnet. The API works 100% and it returns the expected XML list of current Shopify Customers.

However, when I look at the Fiddler data, it does NOT show the Authentication Headers:- I was expecting to see my Shopify API Key and Password. 

Would anyone be able to explain why Fiddler states there isno Authorization Header where I used it in the API call?

Thanks