Hello,

I use Fiddler quite frequently for decoding HTTPS traffic, but it stopped working after I got the Anniversary upgrade installed and I'm not able to figure out what's wrong. It looks like the problem occurs on SSL "Version: 3.3 (TLS/1.2)" - the Fiddler HTTPS options dialog doesn't offer TLS 1.2 in supported protocols: "Select the HTTPS protocol versions allowable for server connections. Valid tokens are: <client>; ssl2; ssl3; tls1.0" and our application servers support just latest TLS 1.2 version. The connection from my C# application to the server works until I enable Fiddler capture with HTTPS decryption. I can see the handshake in Fiddler, but not the real request - I just get "Could not establish secure channel for SSL/TLS with authority" in my C# application instead.

Any idea what could I try to get TLS 1.2 capture + decryption working in Fiddler again?

I want to capture https from one app,and I config the fiddler,but what troubles me is that,I can get the https from other app,like banks,but the app I want to capture https still not works

My pc's system is win7,the fiddler version is 4.6.2.0 ,

the error Fiddler Event Log is

=============================

23:28:56:2549 !SecureClientPipeDirect failed: System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < 处理证书时，出现了一个未知错误。 for pipe (CN=*.yirendai.com, O=DO_NOT_TRUST_BC, OU=Created by http://www.fiddler2.com).
23:28:56:7697 !SecureClientPipeDirect failed: System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < 处理证书时，出现了一个未知错误。 for pipe (CN=*.yirendai.com, O=DO_NOT_TRUST_BC, OU=Created by http://www.fiddler2.com).
23:28:58:7841 !SecureClientPipeDirect failed: System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < 处理证书时，出现了一个未知错误。 for pipe (CN=*.yirendai.com, O=DO_NOT_TRUST_BC, OU=Created by http://www.fiddler2.com).
=============================

I hava also config :

    static function OnBeforeResponse(oSession: Session) {
        if (m_Hide304s && oSession.responseCode == 304) {
            oSession["ui-hide"] = "true";
        }
        if (oSession.oRequest["User-Agent"].indexOf("Android") > -1 && oSession.HTTPMethodIs("CONNECT")) {
            oSession.oResponse.headers["Connection"] = "Keep-Alive";
        }

but when I start another app(bank app) from the Same phone,it can captures https,and I can see the https response

# Result Protocol Host URL Body Caching Content-Type Process Comments Custom
19 200 HTTPS ai.cmbchina.com /mbf4main/getcommendadv.aspx?AppID=00260100000201605312223160200000000000000000000000000000SSRiBC4=&RecommendID=M0001&CustomerID=O51lBxW47%2f%2f4s5jO44u3VQ%3d%3d&IsLogin=N&City=%E5%8C%97%E4%BA%AC%E5%B8%82&time=1472139025180 1,954 private text/xml; charset=utf-8

 

why my app doesnot word

 

Hello everybody.

I need some extension to move post request to composer automatically if script name getdata.php (for example).

I searched  a lot of exctensions but could not find any wich works with composer.

Is it hard to create it using c#? 

I'm testing a .net service (asp mvc iis) that makes Rest API calls in https.
I would like to
1. decrypt each request and response and copy both onto disk for later searching.
2. I don't want to disrupt traffic. I want this to be transparent to the .net service and rest api service provider

Is there an extension that does this? If not, can I get pointers on what I can do to get started.

I've just completed configuring the machine.config file so that fiddler can capture all outgoing rest api requests.

Is it possible to create autoresponder rules with multiple operators? For example:

REGEX:.*example FLAG:x-ProcessInfo=firefox

When I run fiddler on a website in development I get way to much capture, see the screen shot.

That just keeps going and going and going and never stops.  Is there a reason?

 

 

 

Hello,

I'm using Fiddler to diagnose an ASP.NET/Telerik AJAX Controls site. I'm not seeing any of the requests for WebResource.axd scripts (or any HTTP Handler requests). There must be some filtering going on, but I'm not sure what I need to do to change this. Please advise.

 

Thanks!

 

Mike Oliver

When I try to catch (capture) requests WellsFargo application on iOS and Android (with enabled https decrypt) application says that there is no internet connection. With disabled https decrypt it is all right. How to solve a problem?

Greetings,

I'm banging my head against a wall here and would like to see if anyone here can provide any insight.

I've added this to my web.config:

I'm capturing non HTTPS traffic. Great.

All my HTTPS traffic comes through as "Tunnel To", yes, I have "Decrypt SSL" selected and the root certificate trusted.

I've put this into my protocols: <client>;ssl3;tls1.0;tls1.1;tls1.2

When I make a call, to get this error in the fiddler logs. "The client and server cannot communicate, because they do not possess a common algorithm for pipe".

This works outside of Fiddler, so Fiddler is having some sort of issue handshaking.

I ran a scan on the the first endpoint that errored out on in the logs (It can't handshake with any https endpoint):

 SSLv2      not offered (OK)
 SSLv3      not offered (OK)
 TLS 1      offered
 TLS 1.1    offered
 TLS 1.2    offered (OK)

I then did some research and added this to my script:

This had no impact.

So the $64,000 question is, why can't Fiddler handshake with any endpoints when the server can? Any advice or input would be great!

Thanks!

Hello guys,

I'm facing with decoding in Fiddler. As you can see on the picture, this request cannot be decoded and I don't know why. Anyone has an idea how to manage with that?