im playing a bit with HTTP requests with fiddler. Basically the site is my router interface which asks for a password. The password is then encrypted (with a function i have, branded MD5 of some kind) and passed to the server with a POST request.
With fiddler i sniffed the browser request and i am able to reproduce it at 100% in terms of header and body. By using the "Composer" tab i sent the raw request header+body which is 1:1 to the one that the browser would send. The problem is that the server still answer me with the login interface instead of moving on to the option page.
Is there some kind of protection or am i missing something?

 

Moreover

10/10 POST request were perfectly identical. Code is in clear, you can't mistake. Could it be due to CF or LF ? I mean, when i use the RAW tab of fiddler is it showing the exact data or is it encoding things like Linefeed and carrier return?? I manually encode symbols like +,/,= in the body but perhaps new lines are not automatically? 

Regards,

I'm developing a UWP app using Ionic2/Angular2 framework. Been trying to get fiddler working so I can debug the traffic. Here's what I've tried.

I've followed the instructions here, and I've also tried the following

• prefs set fiddler.network.proxy.registrationhostname 192.168.1.65
• prefs set fiddler.network.proxy.registrationhostname localhost
• prefs set fiddler.network.proxy.registrationhostname my-computer-name

Nothing seems to work. I can, however, open up Microsoft Edge (on the host) and browse the fiddler echo page (192.168.1.65|localhost|my-computer-name:8888). So it seems like the configuration is somewhat working, just not for the emulator.

Interestingly enough, this only seems to affect the Windows 10 mobile build 10.0.14393 (August Anniversary update). I can get the Windows 10 mobile build 10.0.10586 (Threshold 2 Nov 2015) to work with fiddler, the problem with this is that I'd need to modify my app to work on this build.

Hello,

I use Fiddler quite frequently for decoding HTTPS traffic, but it stopped working after I got the Anniversary upgrade installed and I'm not able to figure out what's wrong. It looks like the problem occurs on SSL "Version: 3.3 (TLS/1.2)" - the Fiddler HTTPS options dialog doesn't offer TLS 1.2 in supported protocols: "Select the HTTPS protocol versions allowable for server connections. Valid tokens are: <client>; ssl2; ssl3; tls1.0" and our application servers support just latest TLS 1.2 version. The connection from my C# application to the server works until I enable Fiddler capture with HTTPS decryption. I can see the handshake in Fiddler, but not the real request - I just get "Could not establish secure channel for SSL/TLS with authority" in my C# application instead.

Any idea what could I try to get TLS 1.2 capture + decryption working in Fiddler again?

I want to capture https from one app,and I config the fiddler,but what troubles me is that,I can get the https from other app,like banks,but the app I want to capture https still not works

My pc's system is win7,the fiddler version is 4.6.2.0 ,

the error Fiddler Event Log is

=============================

23:28:56:2549 !SecureClientPipeDirect failed: System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < 处理证书时，出现了一个未知错误。 for pipe (CN=*.yirendai.com, O=DO_NOT_TRUST_BC, OU=Created by http://www.fiddler2.com).
23:28:56:7697 !SecureClientPipeDirect failed: System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < 处理证书时，出现了一个未知错误。 for pipe (CN=*.yirendai.com, O=DO_NOT_TRUST_BC, OU=Created by http://www.fiddler2.com).
23:28:58:7841 !SecureClientPipeDirect failed: System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < 处理证书时，出现了一个未知错误。 for pipe (CN=*.yirendai.com, O=DO_NOT_TRUST_BC, OU=Created by http://www.fiddler2.com).
=============================

I hava also config :

    static function OnBeforeResponse(oSession: Session) {
        if (m_Hide304s && oSession.responseCode == 304) {
            oSession["ui-hide"] = "true";
        }
        if (oSession.oRequest["User-Agent"].indexOf("Android") > -1 && oSession.HTTPMethodIs("CONNECT")) {
            oSession.oResponse.headers["Connection"] = "Keep-Alive";
        }

but when I start another app(bank app) from the Same phone,it can captures https,and I can see the https response

# Result Protocol Host URL Body Caching Content-Type Process Comments Custom
19 200 HTTPS ai.cmbchina.com /mbf4main/getcommendadv.aspx?AppID=00260100000201605312223160200000000000000000000000000000SSRiBC4=&RecommendID=M0001&CustomerID=O51lBxW47%2f%2f4s5jO44u3VQ%3d%3d&IsLogin=N&City=%E5%8C%97%E4%BA%AC%E5%B8%82&time=1472139025180 1,954 private text/xml; charset=utf-8

 

why my app doesnot word

 

Hello everybody.

I need some extension to move post request to composer automatically if script name getdata.php (for example).

I searched  a lot of exctensions but could not find any wich works with composer.

Is it hard to create it using c#? 

I'm testing a .net service (asp mvc iis) that makes Rest API calls in https.
I would like to
1. decrypt each request and response and copy both onto disk for later searching.
2. I don't want to disrupt traffic. I want this to be transparent to the .net service and rest api service provider

Is there an extension that does this? If not, can I get pointers on what I can do to get started.

I've just completed configuring the machine.config file so that fiddler can capture all outgoing rest api requests.

Is it possible to create autoresponder rules with multiple operators? For example:

REGEX:.*example FLAG:x-ProcessInfo=firefox

When I run fiddler on a website in development I get way to much capture, see the screen shot.

That just keeps going and going and going and never stops.  Is there a reason?

 

 

 

Hello,

I'm using Fiddler to diagnose an ASP.NET/Telerik AJAX Controls site. I'm not seeing any of the requests for WebResource.axd scripts (or any HTTP Handler requests). There must be some filtering going on, but I'm not sure what I need to do to change this. Please advise.

 

Thanks!

 

Mike Oliver

When I try to catch (capture) requests WellsFargo application on iOS and Android (with enabled https decrypt) application says that there is no internet connection. With disabled https decrypt it is all right. How to solve a problem?