Hi,
we tried using “compose” tab in Fiddler for testing OPTIONS method.
But by using that we are getting same status for OPTION and GET method requests that is (200 OK), even though we have restricted OPTIONS methods from web.config.(Attached screenshot as Fiddler_response.png)

Just to confirm we used HttpRequester tool ,an AddOn in Firefox, we test and found difference between the GET and OPTIONS methods requests status. As we have restricted OPTIONS method, it was giving 404 for OPTION request and for GET it is giving 200 as response.(Attached screenshot as httprequester_response.png)
Please suggest how to test HTTP methods with fiddler, so that we can differentiate between the status for restricted and non-restricted HTTP methods.
Config changes and fiddler version are attached with this ticket

---------------------------
Awww, Fiddlesticks!
---------------------------
Fiddler has encountered an unexpected problem. If you believe this is a bug in Fiddler, please copy this message by hitting CTRL+C, and submit a bug report at http://www.telerik.com/forums/fiddler.
The wait completed due to an abandoned mutex.
Type: System.Threading.AbandonedMutexException
Source: mscorlib
   at System.Threading.WaitHandle.InternalWaitOne(SafeHandle waitableSafeHandle, Int64 millisecondsTimeout, Boolean hasThreadAffinity, Boolean exitContext)
   at System.Threading.WaitHandle.WaitOne(Int32 millisecondsTimeout, Boolean exitContext)
   at Fiddler.frmViewer.‹•(String[] ˆ•) in c:\JenkinsHome\jobs\FiddlerReleaseBuild\workspace\Fiddler2\Viewer.cs:line 2809
   at Fiddler.frmViewer.‡•(String[] ˆ•) in c:\JenkinsHome\jobs\FiddlerReleaseBuild\workspace\Fiddler2\Viewer.cs:line 2717

Fiddler v4.6.3.50306 (x64 AMD64) [.NET 4.0.30319.42000 on Microsoft Windows NT 10.0.14393.0]
---------------------------
OK  
---------------------------

 

What's odd is I don't have a c:\JenkinsHome directory.

 

-Eric

Hi:

I downloaded a few .pcap files from http://malware-traffic-analysis.net.

I noticed that Fiddler would complain about CRC mismatch when decoding some gzip streams, and hence it won't display the decoded stream.

I am not quite sure whether the CRC is really wrong, however, looks like IE would decode regardless (since I have no trouble to replay it).

I attached one here. Session 1, session 3 are complained by Fiddler. (I am using the latest version 4.6.3.50306)

Password "infected"

 

 

 

When I turn fiddler on every http call is a 502 access denied issue.  Everything I've googled indicates it's a proxy/firewall issue.  As the attached image shows, the only proxy I'm using is the default fiddler proxy.  I have windows firewall turned off but Kaspersky Endpoint protection is turned on but I don't think this is the problem because I checked with a coworker and he has no access problems and we're under the same policy in Kaspersky.  I've struggled with this all day and have not been able to isolate the issue even though I've gone through all the different settings.  Does anyone have any idea or can point me in the right direction here?

Hello,

To start, let me say I love Fiddler, and have been using it for many years, as I most of the time develop web sites, and so on.

My concern is that at my new work, they are using a f*** proxy with windows authentication, which make very hard to access internet for applications like maven, nodejs, and so on. I just start Fiddler, use localhost:8888 as proxy, and it automatically authenticate on the proxy, which is marvelous :)

All worked fine using Fiddler with "Automatically Authenticate" for several months, until they change the proxy a month ago, and it no more works, but I can't figure why it does not work anymore.

When I start FIddler, I always get the same error for each requests, maybe someone can help:

10:51:14:0770 Automatic authentication of Session #3 was unsuccessful. System.Exception AuthenticationManager.Authenticate returned null.
   à Fiddler.Session.ž() dans c:\JenkinsHome\jobs\FiddlerReleaseBuild\workspace\Fiddler2\Common\Core\Session.cs:ligne 4263

I haven't seen anything special in the request or response, except a line in the response: "Proxy-Support: Session-Based-Authentication" and the lack of Negotiate, but I'm not sure this is related. And even if Basic seems supported, it does not work, as if it has been disabled on proxy side.

This is really anoying, I'll be happy to help if tests are needed on my side.

Just to have more information, this is the dialog:

> Request 1

GET ...

> Response 1

407
Proxy-Connection: Keep-Alive
Proxy-Authenticate: NTLM
Proxy-Authenticate: Basic realm="McAfee Web Gateway"
Proxy-Support: Session-Based-Authentication

> Request 2

GET
Proxy-Authorization: Negotiate TlRMTVNTUAABAAAAl4...AAAAAAAAAAAGAbEdAAAADw==

> Response 2

407
Proxy-Connection: Keep-Alive
Proxy-Authenticate: NTLM
Proxy-Authenticate: Basic realm="McAfee Web Gateway"
Proxy-Support: Session-Based-Authentication

> Request 3

GET
Proxy-Authorization: NTLM TlRMTVNTUAABAAAAB7IIogMAAwAzAAAACwALACgAAAAGAbEdAAAAD0ZSMDU1NzM2MzZMRVVS

> Response 3

407
Proxy-Authenticate: NTLM TlRMTVNTUAACAAAABgAGA...qXDSAQAAAAA=
Proxy-Support: Session-Based-Authentication

> Request 4

Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYA.longer_than_previous.AAAAAAAAAAAAAAAA==

> Response 4

403 AuthorizedOnly

it's over, error page with proxy error

 

In previsous successfull dialog with th server, I got :

> Response 1

407
HTTP/1.1 407 Proxy Authentication Required
Proxy-Authenticate: NEGOTIATE
Proxy-Authenticate: NTLM
Proxy-Authenticate: BASIC realm="realm_natto"

> Request 2

Proxy-Authorization: Negotiate TlRMTVNTUA...ADw==

> Response 2

HTTP/1.1 407 Proxy Authentication Required
Proxy-Authenticate: NEGOTIATE TlRMTVNTUAA...AcACABRPHpAqXDSAQAAAAA=

> Request 3

Proxy-Authorization: Negotiate TlRMTVNTUAADAAA...pKUzcq6X

> Response 3

it works, the reponse is good

Regards and thanks to have read all long...

 

Hello,

I'm trying to add a new option in the Tools menu using ToolsAction.  Is there a way to control where my new entry will be displayed -- e.g. can I put it at the bottom of the list or the top of the list?

Thanks,

Gary

P.S.  Fiddler is such an AWESOME tool!   Thank you, Eric Lawrence and the Fiddler Team!
        

Hello, after running "mono fiddler.exe" is Fildder suppose to start capturing web requests?

I only see the request to www.fiddler2.com/Update.aspx

Thanks Angela

Build number: v4.6.3.50306 

Repro steps:

1. Select one session;

2. Pressing shift button + Replay button;

Expected results:

1. A repeat count window should be popped up;

Actual results:

1. An error window pops up first with uncaught exception as attached screenshot;

 

Hello,

I tried to capture http traffic sent/received by Windows Application made with Unity.
The problem is "Fiddler blocks HTTPS POST request from Application built by Unity". The request failed while CONNECT and the application got an error.

HTTP GET, HTTPS GET, HTTP POST work and get captured. Only HTTPS POST fails.
Plus, other similar tools i.e. Charles or Burp Suite work for HTTPS POST. So I guess something wrong with Fiddler.

I uploaded source code, application, and capture file: https://dl.dropboxusercontent.com/u/4431150/FiddlerTest.zip

Please help me to capture HTTPS POST request.

thanks,
Daisuke

I am new to debugging traffic, I trusted the certificate to decrypt https traffic for all applications that use the trustlist from windows.

My target application however (or the server it connects to) doesn't work like that.

I have really no clue why, some intuitive suggestions:

 

CONNECT osu.ppy.sh:443 HTTP/1.1
Host: osu.ppy.sh
Connection: Keep-Alive

A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

Version: 3.1 (TLS/1.0)

=================================================

POST https://osu.ppy.sh/web/osu-error.php HTTP/1.1

System.Exception: SSL failures
   at #=q7Y5kAb8wqftaFWrZY$q45uBn24xJIQP7ilUItdv7z0k=.#=qZtdRGYuyQAcJBw_dS_2w9A==(Object #=qNqO46uPZb3uKWLsfrs9esQ==)
   at [..........................]

 

So, I do have the standard configuration in fiddler which is <client>;ssl3;tls1.0 and since the server seems to be tls1.0 it should work, right?

  

Thank you so much in advance!