I'm wondering why Fiddler does not capture all HTTP request. When I record with Wireshark, it shows up 2 HTTP request from www.xyz.com, but on Fiddler only shows the first request. Thank you.

I need help figuring out how I can search for hexdecimal values in the body of a POST request, and then replace it using hex values.

My issue is that the POST data is using hex values that don't translate well to strings, like 0x01, 0xC9 etc

 

Here is what I have to replace strings that can be pasted in ASCII and it works well

 

if (oSession.HTTPMethodIs("POST") && (oSession.utilFindInRequest("Search This", true) > -1))
{
    oSession.utilReplaceInRequest("Search This", "Replace With");
}

 

I need to be able to search and replace raw hex values or somehow convert a set of hex values in string format, such as "0xC9 0xC8" or "C9 C8" etc to ASCII or similar and then search / replace.

 

Any Idea's?

Hi,

I am behind a squid http proxy (doesn't allow socks connections) in my work environment and can't access the internet from the command line, so I'm trying to use Fiddler as a proxy to e.g. install VS Code or Atom Packages. I am able to install npm packages using Fiddler as the proxy, but it doesn't work for either VS Code extensions or Atom packages.

When Fiddler creates the http tunnel, I get a "407 Proxy Authentication Required" with "Proxy-Authenticate: Negotiate" (and Basic realm) as expected, and then Fiddler tries to authenticate using NTLM (Proxy-Authorization header value starts with "Negotiate TlRMT..."). I have the "Automatically Authenticate" rule enabled. The proxy server responds with a 407 again and in the response body it says "Cache Access Denied. Sorry, you are not allowed to request <domain>:<port> from this cache until you have authenticated yourself."

These are the response headers of the second 407 response:

 

I investigated and am quite sure that I need Kerberos authentication instead of NTLM. I logged other requests with WireShark/Firefox developer tools and they all use Kerberos. So my question is: Can I force Fiddler to use Kerberos authentication? Or is there a specific reason that makes Fiddler use NTLM instead of Kerberos?

Also what I don't understand is why npm can install packages but apm (Atom package manager) can't. According to the apm readme the only relevant difference is that "Atom packages are installed from GitHub repositories instead of npmjs.com". When I install a npm package, I only see http tunnels to registry.npmjs.org:443 with response code 200, there isn't even one 407 response in Fiddler (no proxy auth required?). When trying to install an apm package, it says "tunneling socket could not be established, statusCode =407 (5 attempts)", and for each attempt I see two http tunnels to atom.io:443 as described above (second one rejects NTLM authentication).

 

Thank you for any help!

Windows 10 + all updates, Fiddler 4 + all updates

How do i create a request which uses https and a certificate for authentication?

When i visit the URL in a browser where i need to send this request, i cant access it. Installing a cert allows me access the site/services through a browser.

So i start up fiddler and two things are happening:

1. Visiting the https site throws a 403 error when fiddler is running. How could i avoid this from happening? It seems all https connections have similar issues i.e. i have dropbox installed. It syncs fine. As soon as i start running fiddler it states the connection is not secure and doesnt sync until i exit fiddler. 

2. I would like to generate a request. I know how to create a request but how do i configure this certificate to be accepted so it doesnt throw an error?

Hi,

Using Fiddler v4.6.2.30081 on Windows 10 x64 I am using the Composer's Raw tab to make a request:

---
GET https://www.example.com/ HTTP/1.1
Host: www.example.com
---

Am I also using Fiddler Host Remapping to use a different origin for www.example.com, eg:

---
an-alternative-origin.com  www.example.com
---

When Fiddler makes the request, the TLS handshake to my-alternative-origin.com sends the SNI server name value of "an-alternative-origin.com" and then sends the HTTP request with Host value "www.example.com".

Many web servers consider it a protocol violation if the HTTP Host request header value does not match the SNI server name used during the TLS handshake. In my scenario, the origin is running such a web server and the response is a HTTP 403 Forbidden with a HTML response body describing the mismatch between the HTTP Host and TLS SNI hostnames. Other web servers respond with a HTTP 400 Bad Request. I do not control this origin.

I need Fiddler to use the value from the Host request header, "www.example.com", as the SNI server name during the TLS handshake to the origin. How can I instruct Fiddler to override the SNI server name? That is, a Fiddler equivalent to the `-servername` argument that `openssl s_client` accepts.

Regards,

Jason

Hi,

I'm rather new to fiddlerscript and webrequests but I have the following case.

I'm reading a file with a batch of webrequest and want to execute them to see if the httpresult is 200 or not.  This works fine for webrequest where I don't need to login for the application.  But if I want to do this for an application where I have to login first I don't get it to work.  I make a request to login and the status is 302 and everything seems to be ok, but if I afterwards want to call a normal webrequest it doesn't give me a 200...  I think because that last request isn't using the result of the login request.  Is it possible to achieve this and how do I achieve this.  Maybe there is an example on the internet?

 

Any help is welcome, thanks

Kris

 

Hello, so I have one pretty simple program I guess, and this program had one rule it must be installed on new drive (not C) so I made drive X blalabala, and so new I ran into error that Im having a wrong HWID so I googled that can I bypass it and it seems it´s possible but the error is that when I run the program in fiddle there´s no mark it using internet.. So... btw Fiddler captures other things, but not this one.

I am writing a small utility to capture the Fiddler traffic and export it to WebTest file, the utility automatically launch my application and fiddler, then it does certain actions on the application and fiddler keeps on recording everything. Now I want to export the traffic in a web Test file, but i couldn’t find any command line fiddler instruction to do that, I have to do it through Fiddler GUI, can anyone please help me in finding a line of code which can be implemented in my Utility code and export can be triggered automatically.

Hi Team,

We installed Fiddler to troubleshoot the web request generated from Windows Service(developed using .NET WCF).All fine for us from debugging point of view.

Moment we close Fiddler, the windows service stopped working by logging below error from .NET WCF service

Error Message: There was no endpoint listening at https://xyz.svc that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details., StackTrace - 
Server stack trace: 
   at System.ServiceModel.Channels.HttpOutput.WebRequestHttpOutput.GetOutputStream()
   at System.ServiceModel.Channels.HttpOutput.Send(TimeSpan timeout)
   at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.SendRequest(Message message, TimeSpan timeout)
   at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

 

We need to understand, why services works fine when fiddler is running in background and not if it closed?

Any settings we missing? This issue is on Windows Server 2012 R2 Server. 

 

Regards,

Guna. 

I have a Node app that I am trying to debug with Fiddler on my Win 10 machine. It makes calls to a couple of third-party APIs and this is the traffic that I want to capture. The calls aren't showing up in Fiddler though.

I've tried setting the proxy settings through adding the environment variables manually, through the shell, within the script and using the proxy option on the node request call and none of that seems to work. Fiddler is capturing other traffic without any issues but not from this app.

 

I've tried everything I've been able to find on the internet but the majority of articles make it sound like a matter of setting these variables and then it's all good to go.

 

I'm sure that I'm doing something wrong but I can't find what it is.