I am using Fiddler4 to debug a login to the following website: pge.com

When I am using Firefox as my browser, then after entering a login, I get an error in the HTTPS tunnelling.  It shows a red exclamation mark icon, and it says:

The error occurs multiple times as the connection gets retried.  The combination of Firefox and Fiddler cannot seem to move past this error.

However, when using Firefox without Fiddler, the login to the site works fine.  Also, when using Internet Explorer (instead of Firefox) with Fiddler, the handshake actually passes: I see the tunneling error happen once, and then another tunneling session occurs that's successful, which says:

 

You can reproduce these handshake errors by trying any login, even a bogus login (e.g. username="a", password="a").

Why does this handshake only fail using Firefox with Fiddler?  Why does it pass when Firefox is used without Fiddler, and why is Internet Explorer with Fiddler able to move past the error and do a successful handshake whereas Firefox with Fiddler is not able to?

Thanks.

Hi folks! I've been using Fiddler for some time for work projects and haven't had any issues until this week. I'm attempting to verify traffic through an internal site using Fiddler, and I have downloaded and installed the Fiddler Root Certificate and configured the proxy server. Websites on my test device are loading normally, and I'm able to view the Fiddler Echo Service page, but no traffic from any site (HTTP or HTTPS) from the mobile device is being captured on my laptop's Fiddler. I'm using an iPad Air on iOS9.3.2 and Fiddler v4.6.2.0.

 

Any help is appreciated!

 

 

Hi, I am trying to do a simple GET request via the composer for URL like https://<xxx>.visualstudio.com/DefaultCollection/_apis/wit/workitems?ids=1&api-version=1.0

And it keeps going to https://<xxx>.visualstudio.com/_signin instead of returning the data.  I can paste the link in the browser and gets the results in a json file just fine.

I have automatically authenticate enabled under options, and I have tried including "Authorization: Basic <my personal access token>" in the header as well, but neither worked.

Does anyone know a way to work around this?  Thanks.

 

Hi,

I'm trying to set up fiddler as a transparent proxy for HTTP(S)

Traffic Flow:  WindowsHOST ---> Ubuntu (IPtables) ----> fiddler (listen on 8888 )  --> Internet

I have enabled HTTPS decryption + allow remote computer + prefs set fiddler.network.https.SetCNFromSNI true + added fiddler root cert to WindowsHOST

 HTTP working fine, however HTTPS not working...

All traffic routed correctly to fiddler using DNAT.

In addition I tested the same setup replaced fiddler with burp suite and all working fine, including HTTPS interception, I would love to use fiddler instead :)

I would really appreciate any help,

Thanks.

 

I'm wondering why Fiddler does not capture all HTTP request. When I record with Wireshark, it shows up 2 HTTP request from www.xyz.com, but on Fiddler only shows the first request. Thank you.

I need help figuring out how I can search for hexdecimal values in the body of a POST request, and then replace it using hex values.

My issue is that the POST data is using hex values that don't translate well to strings, like 0x01, 0xC9 etc

 

Here is what I have to replace strings that can be pasted in ASCII and it works well

 

if (oSession.HTTPMethodIs("POST") && (oSession.utilFindInRequest("Search This", true) > -1))
{
    oSession.utilReplaceInRequest("Search This", "Replace With");
}

 

I need to be able to search and replace raw hex values or somehow convert a set of hex values in string format, such as "0xC9 0xC8" or "C9 C8" etc to ASCII or similar and then search / replace.

 

Any Idea's?

Hi,

I am behind a squid http proxy (doesn't allow socks connections) in my work environment and can't access the internet from the command line, so I'm trying to use Fiddler as a proxy to e.g. install VS Code or Atom Packages. I am able to install npm packages using Fiddler as the proxy, but it doesn't work for either VS Code extensions or Atom packages.

When Fiddler creates the http tunnel, I get a "407 Proxy Authentication Required" with "Proxy-Authenticate: Negotiate" (and Basic realm) as expected, and then Fiddler tries to authenticate using NTLM (Proxy-Authorization header value starts with "Negotiate TlRMT..."). I have the "Automatically Authenticate" rule enabled. The proxy server responds with a 407 again and in the response body it says "Cache Access Denied. Sorry, you are not allowed to request <domain>:<port> from this cache until you have authenticated yourself."

These are the response headers of the second 407 response:

 

I investigated and am quite sure that I need Kerberos authentication instead of NTLM. I logged other requests with WireShark/Firefox developer tools and they all use Kerberos. So my question is: Can I force Fiddler to use Kerberos authentication? Or is there a specific reason that makes Fiddler use NTLM instead of Kerberos?

Also what I don't understand is why npm can install packages but apm (Atom package manager) can't. According to the apm readme the only relevant difference is that "Atom packages are installed from GitHub repositories instead of npmjs.com". When I install a npm package, I only see http tunnels to registry.npmjs.org:443 with response code 200, there isn't even one 407 response in Fiddler (no proxy auth required?). When trying to install an apm package, it says "tunneling socket could not be established, statusCode =407 (5 attempts)", and for each attempt I see two http tunnels to atom.io:443 as described above (second one rejects NTLM authentication).

 

Thank you for any help!

Windows 10 + all updates, Fiddler 4 + all updates

How do i create a request which uses https and a certificate for authentication?

When i visit the URL in a browser where i need to send this request, i cant access it. Installing a cert allows me access the site/services through a browser.

So i start up fiddler and two things are happening:

1. Visiting the https site throws a 403 error when fiddler is running. How could i avoid this from happening? It seems all https connections have similar issues i.e. i have dropbox installed. It syncs fine. As soon as i start running fiddler it states the connection is not secure and doesnt sync until i exit fiddler. 

2. I would like to generate a request. I know how to create a request but how do i configure this certificate to be accepted so it doesnt throw an error?

Hi,

Using Fiddler v4.6.2.30081 on Windows 10 x64 I am using the Composer's Raw tab to make a request:

---
GET https://www.example.com/ HTTP/1.1
Host: www.example.com
---

Am I also using Fiddler Host Remapping to use a different origin for www.example.com, eg:

---
an-alternative-origin.com  www.example.com
---

When Fiddler makes the request, the TLS handshake to my-alternative-origin.com sends the SNI server name value of "an-alternative-origin.com" and then sends the HTTP request with Host value "www.example.com".

Many web servers consider it a protocol violation if the HTTP Host request header value does not match the SNI server name used during the TLS handshake. In my scenario, the origin is running such a web server and the response is a HTTP 403 Forbidden with a HTML response body describing the mismatch between the HTTP Host and TLS SNI hostnames. Other web servers respond with a HTTP 400 Bad Request. I do not control this origin.

I need Fiddler to use the value from the Host request header, "www.example.com", as the SNI server name during the TLS handshake to the origin. How can I instruct Fiddler to override the SNI server name? That is, a Fiddler equivalent to the `-servername` argument that `openssl s_client` accepts.

Regards,

Jason

Hi,

I'm rather new to fiddlerscript and webrequests but I have the following case.

I'm reading a file with a batch of webrequest and want to execute them to see if the httpresult is 200 or not.  This works fine for webrequest where I don't need to login for the application.  But if I want to do this for an application where I have to login first I don't get it to work.  I make a request to login and the status is 302 and everything seems to be ok, but if I afterwards want to call a normal webrequest it doesn't give me a 200...  I think because that last request isn't using the result of the login request.  Is it possible to achieve this and how do I achieve this.  Maybe there is an example on the internet?

 

Any help is welcome, thanks

Kris