Hi:

I downloaded a few .pcap files from http://malware-traffic-analysis.net.

I noticed that Fiddler would complain about CRC mismatch when decoding some gzip streams, and hence it won't display the decoded stream.

I am not quite sure whether the CRC is really wrong, however, looks like IE would decode regardless (since I have no trouble to replay it).

I attached one here. Session 1, session 3 are complained by Fiddler. (I am using the latest version 4.6.3.50306)

Password "infected"

 

 

 

When I turn fiddler on every http call is a 502 access denied issue.  Everything I've googled indicates it's a proxy/firewall issue.  As the attached image shows, the only proxy I'm using is the default fiddler proxy.  I have windows firewall turned off but Kaspersky Endpoint protection is turned on but I don't think this is the problem because I checked with a coworker and he has no access problems and we're under the same policy in Kaspersky.  I've struggled with this all day and have not been able to isolate the issue even though I've gone through all the different settings.  Does anyone have any idea or can point me in the right direction here?

Hello,

To start, let me say I love Fiddler, and have been using it for many years, as I most of the time develop web sites, and so on.

My concern is that at my new work, they are using a f*** proxy with windows authentication, which make very hard to access internet for applications like maven, nodejs, and so on. I just start Fiddler, use localhost:8888 as proxy, and it automatically authenticate on the proxy, which is marvelous :)

All worked fine using Fiddler with "Automatically Authenticate" for several months, until they change the proxy a month ago, and it no more works, but I can't figure why it does not work anymore.

When I start FIddler, I always get the same error for each requests, maybe someone can help:

10:51:14:0770 Automatic authentication of Session #3 was unsuccessful. System.Exception AuthenticationManager.Authenticate returned null.
   à Fiddler.Session.ž() dans c:\JenkinsHome\jobs\FiddlerReleaseBuild\workspace\Fiddler2\Common\Core\Session.cs:ligne 4263

I haven't seen anything special in the request or response, except a line in the response: "Proxy-Support: Session-Based-Authentication" and the lack of Negotiate, but I'm not sure this is related. And even if Basic seems supported, it does not work, as if it has been disabled on proxy side.

This is really anoying, I'll be happy to help if tests are needed on my side.

Just to have more information, this is the dialog:

> Request 1

GET ...

> Response 1

407
Proxy-Connection: Keep-Alive
Proxy-Authenticate: NTLM
Proxy-Authenticate: Basic realm="McAfee Web Gateway"
Proxy-Support: Session-Based-Authentication

> Request 2

GET
Proxy-Authorization: Negotiate TlRMTVNTUAABAAAAl4...AAAAAAAAAAAGAbEdAAAADw==

> Response 2

407
Proxy-Connection: Keep-Alive
Proxy-Authenticate: NTLM
Proxy-Authenticate: Basic realm="McAfee Web Gateway"
Proxy-Support: Session-Based-Authentication

> Request 3

GET
Proxy-Authorization: NTLM TlRMTVNTUAABAAAAB7IIogMAAwAzAAAACwALACgAAAAGAbEdAAAAD0ZSMDU1NzM2MzZMRVVS

> Response 3

407
Proxy-Authenticate: NTLM TlRMTVNTUAACAAAABgAGA...qXDSAQAAAAA=
Proxy-Support: Session-Based-Authentication

> Request 4

Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYA.longer_than_previous.AAAAAAAAAAAAAAAA==

> Response 4

403 AuthorizedOnly

it's over, error page with proxy error

 

In previsous successfull dialog with th server, I got :

> Response 1

407
HTTP/1.1 407 Proxy Authentication Required
Proxy-Authenticate: NEGOTIATE
Proxy-Authenticate: NTLM
Proxy-Authenticate: BASIC realm="realm_natto"

> Request 2

Proxy-Authorization: Negotiate TlRMTVNTUA...ADw==

> Response 2

HTTP/1.1 407 Proxy Authentication Required
Proxy-Authenticate: NEGOTIATE TlRMTVNTUAA...AcACABRPHpAqXDSAQAAAAA=

> Request 3

Proxy-Authorization: Negotiate TlRMTVNTUAADAAA...pKUzcq6X

> Response 3

it works, the reponse is good

Regards and thanks to have read all long...

 

Hello,

I'm trying to add a new option in the Tools menu using ToolsAction.  Is there a way to control where my new entry will be displayed -- e.g. can I put it at the bottom of the list or the top of the list?

Thanks,

Gary

P.S.  Fiddler is such an AWESOME tool!   Thank you, Eric Lawrence and the Fiddler Team!
        

Hello, after running "mono fiddler.exe" is Fildder suppose to start capturing web requests?

I only see the request to www.fiddler2.com/Update.aspx

Thanks Angela

Build number: v4.6.3.50306 

Repro steps:

1. Select one session;

2. Pressing shift button + Replay button;

Expected results:

1. A repeat count window should be popped up;

Actual results:

1. An error window pops up first with uncaught exception as attached screenshot;

 

Hello,

I tried to capture http traffic sent/received by Windows Application made with Unity.
The problem is "Fiddler blocks HTTPS POST request from Application built by Unity". The request failed while CONNECT and the application got an error.

HTTP GET, HTTPS GET, HTTP POST work and get captured. Only HTTPS POST fails.
Plus, other similar tools i.e. Charles or Burp Suite work for HTTPS POST. So I guess something wrong with Fiddler.

I uploaded source code, application, and capture file: https://dl.dropboxusercontent.com/u/4431150/FiddlerTest.zip

Please help me to capture HTTPS POST request.

thanks,
Daisuke

I am new to debugging traffic, I trusted the certificate to decrypt https traffic for all applications that use the trustlist from windows.

My target application however (or the server it connects to) doesn't work like that.

I have really no clue why, some intuitive suggestions:

 

CONNECT osu.ppy.sh:443 HTTP/1.1
Host: osu.ppy.sh
Connection: Keep-Alive

A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

Version: 3.1 (TLS/1.0)

=================================================

POST https://osu.ppy.sh/web/osu-error.php HTTP/1.1

System.Exception: SSL failures
   at #=q7Y5kAb8wqftaFWrZY$q45uBn24xJIQP7ilUItdv7z0k=.#=qZtdRGYuyQAcJBw_dS_2w9A==(Object #=qNqO46uPZb3uKWLsfrs9esQ==)
   at [..........................]

 

So, I do have the standard configuration in fiddler which is <client>;ssl3;tls1.0 and since the server seems to be tls1.0 it should work, right?

  

Thank you so much in advance!

 

I'm trying to debug an application that uses WCF web services, and so want to monitor localhost:50000 for traffic. It seems that by default, Fiddler ignores localhost (although it captures all of the vshub requests that Visual Studio makes for diagnostics, so I'm not sure why it ignores my WCF services).

I saw this page, which describes how to modify the client application to use a different URL, but that won't work for me. I can't modify the application, and am stuck with using localhost:50000.

How do I capture this traffic? Sorry if this is a dumb question, but I'm new to Fiddler, and somewhat overwhelmed so far!

I have Fiddler installed on my local computer. I'm trying to troubleshoot an error on a server. I ran Fiddler on the server, saved off the log, then moved the .saz file onto my local computer. When I try to open it, I get a pop-up error:

 

---------------------------

Awww, Fiddlesticks!

---------------------------
Fiddler has encountered an unexpected problem. If you believe this is a bug in Fiddler, please copy this message by hitting CTRL+C, and submit a bug report at http://www.telerik.com/forums/fiddler.

Value of 'null' is not valid for 'stream'.

Type: System.ArgumentException
Source: System.Drawing
   at System.Drawing.Image.FromStream(Stream stream, Boolean useEmbeddedColorManagement, Boolean validateImageData)

   at Fiddler.frmPrompt.GetUserString(IWin32Window wndOwner, String sTitle, String sPrompt, String sDefault, Boolean bReturnNullIfCancelled, PromptIcon piIcon) in c:\JenkinsHome\jobs\FiddlerReleaseBuild\workspace\Fiddler2\frmPrompt.cs:line 80


Fiddler v4.6.3.50306 (x64 AMD64) [.NET 4.0.30319.42000 on Microsoft Windows NT 10.0.10586.0] 
---------------------------
OK   
---------------------------