I work at a place whose software interacts with web services run by other companies. Sometimes the test environments of those external web services stop, so using autoresponses to simulate external dependencies is a big deal for us. I've recently been using AutoResponder/FiddlerScript to simulate external dependencies by responding with traffic saved to disk whenever the URL and/or headers match some condition, and it's worked very well.

However, AutoResponder has one drawback: the responses from disk are sent unmodified, and sometimes I would like to change things based on the content of the request.

As a minimal example, suppose I save to disk a request/response pair like this:

 

POST https://somewebsite.com/CreateThing HTTP/1.1

{"Name":"Honeoye Falls"}

 

HTTP/1.1 200 OK

{"Name":"Honeoye Falls", "Successfully POSTed": "True"}

 

I'd like AutoResponder or FiddlerScript to be able to respond to the following request:

 

POST https://somewebsite.com/CreateThing HTTP/1.1

{"Name":"Bancorp Tower"}

 

with the following response:

 

HTTP/1.1 200 OK

{"Name":"Bancorp Tower", "Successfully POSTed": "True"}

I have a naive fantasy of building an "AutoResponder Plus" tab into Fiddler where you can drag a session in and tag parts of the request body as "magic fields" to build an "enhanced rule". In this example, the "Name" field would be a "magic field", because it occurs identically in both request and response. AutoResponder would then respond to requests matching the rule by loading the original response from disk (say, the one with "Name": "Honeoye Falls"), but overwriting "magic" fields in the response with the ones from the request (giving "Name": "Bancorp Tower").

In this minimal example, I know how to manually write FiddlerScript that would perform the substitution, but for more complicated examples with dozens of magic fields, writing FiddlerScript code for each quickly becomes time-consuming and mind-numbing. Automating the identification of "magic fields" in request/response pairs when they get drag-and-dropped into AutoResponder would be awesome, as would the ability to "intelligently" respond to requests containing them.

Here's my actual question:

• How naive a fantasy is this? How difficult might it be for me to build such a Fiddler add-on? Is this even feasible, or worthwhile?

Other software with this capability currently exists, but is cumbersome; I'm exploring CA Service Virtualization, which is a heavyweight, complicated software suite that seems overkill, but will probably work. As a side hobby, I'm interested in making this possible in Fiddler. But again, I don't know whether this would be worthwhile or easy.

What's your opinion?

Hi 

I'm trying to process a 30KB WebSocket message, but both

e.oWSM.PayloadAsString(),
e.oWSM.PayloadAsBytes()

are trimmed.

Unfortunately, manipulations with Prefs don't help

FiddlerApplication.Prefs.SetInt32Pref("fiddler.network.sockets.ClientReadBufferSize", 1000000);
FiddlerApplication.Prefs.SetInt32Pref("fiddler.network.sockets.ServerReadBufferSize", 1000000);
FiddlerApplication.Prefs.SetInt32Pref("fiddler.network.sockets.Client_SO_RCVBUF", 1000000);
FiddlerApplication.Prefs.SetInt32Pref("fiddler.network.sockets.Client_SO_SNDBUF", 1000000);
FiddlerApplication.Prefs.SetInt32Pref("fiddler.network.sockets.Server_SO_RCVBUF", 1000000);         FiddlerApplication.Prefs.SetInt32Pref("fiddler.network.sockets.Server_SO_SNDBUF", 1000000);

Hi everyone,

    I have implemented the code seen (in C#) http://fiddler.wikidot.com/fiddlercore-demo.As library,

I used the FiddlerCore4.dll,provided by installing fiddlercoreapisetup.exe;

When I launch the application, I can see an error (NET::ERR_CERT_AUTHORITY_INVALID) on my browser (Chrome);

I have already tried to figure out by adding a certificate (http://fiddler.wikidot.com/fiddlercore-faq) but the error always occurs.

 

Thanks,

 

I installed Firefox 43 (32) on a Win 10 (64) system yesterday.

It said that Fiddler Hook (4.6.1.5?) was not verified for use with the browser.

Today the version of Firefox went to 43.0.1, same issue.

Altering xpinstall-sigantures-required allows to Fiddler to run but isn't comfortable.

Is there anything else that I can do to fix the signing issue?

 

We're trying to get the latest version of Fiddler to work with our Websense Proxies. The Proxies have an endpoint which forces a PAC file for all of the local browsers. Is there a way to configure Fiddler to work with the Websense proxies? 

Hey all,

I have server to server XML based methods which I use to engage the communication between 2 servers. 

I cannot use SoapUI since we are not using WSDL services, hence I would like to simulate server calls and responses by using Fiddler.

Is there a way of doing so? and if there is, could some one please aid me doing so?

Thanks

I upgraded Fiddler to the latest version (v2.6.1.5) and for some reason it is no longer capturing iOS traffic. I have not actually tried this for many months so admittedly the problem may be unrelated to the upgrade.

I have done this many times in the past where I set the HTTP Proxy on my device to the IP of the machine running Fiddler and it instantly captures all the traffic.
I verified all the settings and everything seems fine. In fact, when I visit http://myip:8888 from my device I successfully receive the Fiddler Echo Service. However no traffic is being captured.

My setup is a laptop and iphone both on the same non-corporate wifi network. 

Any ideas?

Thank you

To begin, let me say that this is an intermittent issue, and I'm not 100% sure it is caused by Fiddler.

I have an application that uses the IXMLHTTPRequest2 interface to make requests. I am trying to mock network requests using FiddlerCore.dll in my tests, but every so often I'm seeing the following behavior:

1. I issue several requests, which succeed.
2. I set up my IXMLHTTPRequest2 object and call Send(), which returns S_OK.
3. Nothing happens for 20 seconds.
4. Windows calls my OnError callback with E_FAIL.

I have added a BeforeRequest handler to FiddlerCore that logs every request seen (whether I end up mocking it out or not) and an OnLogString handler that simply passes through the logs to my test logger. The request doesn't show up anywhere. It seems to have disappeared without a trace somewhere between Windows and Fiddler.

I can't find any information about debugging issues with IXMLHTTPRequest2 on MSDN. Do you have any ideas about what may have happened, or where I can look to understand more?

Thanks,
Louis

Firefox 43 has now officially disabled the fiddler hook addon citing it's unsigned in FF addons.

Could not be verified and has been disabled.

If someone can have a look at that I'd be immensely appreciative. because I love fiddler and use it a lot with FF :)

I need it for security testing. My purpose is to check, how the application would behave, if the adversary presents a certificate with a wrong Common Name (CN) and/or SubjectAltName, but signed by a correct CA.

I believe that the application in test uses HostnameVerifier incorrectly and need to prove it.