I am testing a website.  I had success in altering the HTTP request and headers etc - as a man in the middle.  Now I want to be able to alter the contents of an MS Word (.doc or .docx) or .txt file being downloaded by the browser.  I am unable to do it. Can any body tell me how this can be done.  Please help. 

Good morning. I am trying to install FiddlerRoot.cer on my Samsung Galaxy S5 Mini for wifi use but I am asked to "enter a password for credential storage" even if I had already selected a pin/password for the screen lock. No other user Trusted Credentials are installed on the phone. What could I do? thanks

Hi there,

 I'm using Fiddler allowing external clients to connect. Capturing is disabled and sessions are filtered with "Non-Browser".

While debugging some stuff, I've seen some strange requests (google.pl, cirillic search queries, strange urls) listed on my Fiddler sessions list. So I thought that there was a malware on my PC doing all that requests, but when I unchecked "Allow remote computers to connect", these requests stop immediately. So, in a certain way, an automatic bot has connected to my Fiddler (I don't know how it discovered my IP, however I've used the Fiddler default port, 8888, I will try to change it), and has done all that requests.

 Since I'm debugging a single URL, via FiddlerScript I've tried to block all the requests done by the bot, using scripts like the one below:

But...

• in the first case, I'm simply ignoring the listing of the session, but I'm anyway letting the bot do the requests
• in the second case, I'm blocking it, yes, but it shoots hundreds of requests per minute, so the RAM usage raise to 2GB+ within 12 hours

How can I simply ban/blacklist a client IP, and so refuse all its connections, without taking trace of that connections in my sessions list? (so... silently?)

 Thanks.

Hello Fiddler Team,

 I am facing an issue while checking logs on fiddler when connecting to XBOX ONE. I want to check the URLs the XBOX is going to when connecting through fiddler proxy on tcp port 8888. Please assist me.

if i open chrome with citrix reciever and try to trace the network traffic on it then i don't get anything on fiddler. please assist

I am using Chromium to embed an web browser in a winforms app.  I insert custom JavaScript into the pages to automatically redirect the user to a login page if a certain HTML condition exists.  All this works as expected so I then added FiddlerCore with the hopes of modifying certain HTTP requests.  The problem is as long as FiddlerCore is running, page redirects initiated via JavaScript calls are canceled (see attached image).  I have very minimal code running, so I'm guessing I'm missing a configuration setting somewhere.  Any help would be greatly appreciated.  Below is the FiddlerCore code that I'm using:

 

Hi,

 

I try to get cookie values in request header with GetTokenValue(), but failing.

 

Script:

var result1 = oSession.RequestHeaders.GetTokenValue("Cookie",  "target");

var result2 = oSession.RequestHeaders.GetTokenValue("Cookie",  "TEST_target");

 

[Request Header A] Cookie: target=X; TEST_target=Y

--> resut1 = X, result2=Y

 

[Request Header B] Cookie: Test_target=Y; target=X

--> resut1 = Y, result2=Y

 

Is this in the specifications? Please give me some advice.

I've made a method which interacts with Fiddler in C#. The code looks like this:

After referencing the DLL in Fiddler > Options > Extensions, I add the following to the top of FiddlerScript:

And then I can call the function in FiddlerScript like this:

This works fine. However, I'd like to make SmartMock be an extension method of Fiddler.Session, so that I can use this nicer-looking syntax instead in FiddlerScript:

I'm not familiar with JScript.NET and how it handles references, so I've been having trouble adding this method to Fiddler.Session. I tried changing the code to an extension like this:

However, when compiling FiddlerScript, calling "oSession.SmartMock("C:\\SomeFile.txt")" gives the error "Objects of type 'Fiddler.Session' do not have such a member".

My question is:

• How do you create an extension method to a class (like Fiddler.Session) in JScript.NET?

 When I started decrypting Https connection, it simply doesn't work.

Always I see below message with Untrusted Connection message. I don't remember when this started happening, but it used to be working after I upgraded to windows 10.

I use latest Firefox and Windows 10. I hit the same issue even when I use IE 11, Microsoft Edge.

lc2txe3.sharepoint.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. (Error code: sec_error_unknown_issuer)

 

I export the certificate and import into the Firefox, so that I can see cert name DO_NOT_TRUST_Fiddler in Certificate Manager of Firefox. Also, trusted root authority contains DO_NOT_TRUST_Fiddler certificate.

Fiddler Options : Protocols : ssl3;tls1.0;tls1.1;tls1.2 / Certificates are generated by Fiddler.DefaultCertificateProvider

Fiddler 4.6.1.4

Firefox 43.0.2

What else am I missing ?

 

Hi,

I have a flash application that sends flex messages to the server using POST request with application/x-amf content-type.

following piece of code:

        private static void FiddlerApplication_BeforeRequest(Session oSession)
        {
            if (oSession.oRequest.headers.ExistsAndEquals("Content-Type", "application/x-amf"))
            {
                Encoding enc = oSession.GetRequestBodyEncoding(); //we can use Encoding.UTF8..... doesn't matter - same result
                string reqBody = enc.GetString(oSession.requestBodyBytes);
                oSession.requestBodyBytes = enc.GetBytes(reqBody);
            }
        }

WOW!!! In a response i see next:

Headers:

HTTP/1.1 200 OK
Date: Fri, 25 Dec 2015 00:00:26 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 275
Connection: close
Content-Type: application/x-amf;charset=utf-8

 and body:

..some content...//Unknown AMF type '-65'.

Buf���
/Client.Message.Encoding....

 

So the server doesn' t like my harmless operation. But i can't understand. I think i did nothing with request body actually.