Hi,

I'm using Fiddler to decrypt HTTPS traffic on a Windows Server 2012 R2 machine and the options are set and works as expected. This is a shared environment and have multiple users with roaming profiles working on it. I see that the settings get disabled each time the user logs off the system. Can you please confirm where exactly these settings are saved so that we can ensure that these settings are persistent(User Profile or Registry?). Fiddler Trust Certificate also needs to be installed each time. Is there a way, to ensure both these settings are persistent?

Thanks Eyme

Hi, we have a local webserver in our network that we can't reach with Fiddler connected and using dns names.

When I try to use Fiddler in Edge I only get error "Can’t connect to the proxy server", and nothing is visible in fiddler about the request. I have played around with the proxy settings with no effect.

When Trying around it looks like it is all the url's that we are getting from our local dns server isn't working, if we use the IP Adress it is working perfectly so it feels like it is something with a Intranet zone handling, any ideas?

We have a XenApp server that is unable to connect to duosecurity.com on port 443 over HTTP. I feel sure the problem has to do with a missing root or intermediate certificate on the server, and I'm using Fiddler to help troubleshoot. With Fiddler I've found that if I enable "Decrypt HTTPS traffic", IE11 connects to the site fine as expected. If I disable that feature, the IE11 will not make the connection and fails with "Certificate was blocked because it was not signed by a valid security certificate".

I'm attempting to compare the raw session information from a failed connection with that of a successful connection, but still having trouble getting to the source of the problem. Any help is greatly appreciated.

FAILURE:

=======

HTTP/1.0 200 Connection Established
FiddlerGateway: Direct
StartTime: 18:20:01.546
Connection: close
EndTime: 18:20:01.671
ClientToServerBytes: 344
ServerToClientBytes: 3489

This is a CONNECT tunnel, through which encrypted HTTPS traffic flows.
To view the encrypted sessions inside this tunnel, enable the Tools > Fiddler Options > HTTPS > Decrypt HTTPS traffic option.

A SSLv3-compatible ServerHello handshake was found. Fiddler extracted the parameters below.

Major Version:    3
Minor Version:    3
SessionID:    empty
Random:        A2 8C DF ED A9 F0 05 B0 74 EF EE AF 01 77 DA BA E2 7C 17 47 94 90 EF 85 9D 82 58 17 33 F4 41 54
Cipher:        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 [0xC027]
CompressionSuite:    NO_COMPRESSION [0x00]
Extensions:
        server_name    empty
        renegotiation_info    00
        ec_point_formats    03 00 01 02

SUCCESS:

========

HTTP/1.0 200 Connection Established
FiddlerGateway: Direct
StartTime: 11:27:37.650
Connection: close

Encrypted HTTPS traffic flows through this CONNECT tunnel. HTTPS Decryption is enabled in Fiddler, so decrypted sessions running in this tunnel will be shown in the Web Sessions list.

Secure Protocol: Tls
Cipher: Aes128 128bits
Hash Algorithm: Sha1 160bits
Key Exchange: 44550 256bits

== Server Certificate ==========
[Subject]
  CN=*.duosecurity.com, O="Duo Security, Inc.", L=Ann Arbor, S=Michigan, C=US

[Issuer]
  CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US

[Serial Number]
  03CBE781655532FAE641E04B268E6A52

[Not Before]
  10/22/2013 7:00:01 AM

[Not After]
  1/4/2017 6:00:00 AM

[Thumbprint]
  7D15717C4EBC7367A2E6D5A11CBEC85DAF33A9BB

Hello,

I'm trying to edit a response body that is encoded in deflated SAML.

Fiddler's TextWizard allows me to convert the body to readable content, but so far I am unable to properly code it in FiddlerScript (to adjust automatically, and for several edits at a time).

I'm sure I am missing a couple steps, and am hoping someone can help me fill in the blanks.

Here is a sample of what I have so far:

I have seen two different issues: (on Win10 and Win7)

a) Web browser throws a "site not trusted" error.

b) Fiddler does not decrypt, even though it is set to decrypt https

What is the path forward?

Thank you!

Hello everybody,

While using Fiddler on a specific website, I would like to edit the request sent by the website.

But the datas are sent through a .DAT file which I can't see the content.

In "value" input, Fiddler shows : "<file>" but I'm not able to open it (so edit it).

is there an add-on to do this or an option available in Fiddler to activate ?

thanks

So I am relatively new to http(s) debugging so be patient with me.  I am an .net app developer for my company.

The current situation is this; we have a website that we are wanting to use for training purposes.  We are primarily a Mac environment and this website does not seem to work on Safari.  It works on most browsers on the windows side.  I decided to do a trace using Fiddler, on my windows side, to see if I saw anything strange.

I am noticing a 404 error being thrown in the traffic.  The interesting thing is that all my browsers; IE and Chrome successfully bring up the website.

My question is how is this possible?  How do are these browsers getting around that error, that I am noticing in the Fiddler log, and successfully bringing up the website?

I am just wondering if this could be the issue as to why Safari cannot load the website.  Trying to understand why or how these other browsers are getting around that error.  The error is never thrown or displayed to the user.

Hello Forum,

I want to create REST requests.
Is it possible to connect to a web service that uses digest authentication?

Thanks

Kin

Hi:

Though this may not be necessarily a bug, yet I am still posting it here:

I am using the following 2 lines

sess.utilDecodeResponse();
sess.SaveResponseBody(@"a.bin")

I noticed that looks like the 2nd line would fail, at least, I can't find file "a.bin". Yet if change the parameter to @".\a.bin" then it would work.

Looks like this API doesn't accept a "bald" filename?

I am installing Fiddler 4.6.2.32002 with the /S switch, is there a switch to specify the destination folder?  Also, I am installing EnableLoopBack with the /S silent switch, but after the install is complete it opens EnableLoopBack app automatically.  Is there a way I can suppress the auto opening of the app when doing a silent install?

Windows 10 64bit version 1607 is the OS I am installing this on.

Thanks in advance,

Rich