I needed an easy way to change the clientIP of a request without having to set a custom break-point and add a header every time or use a proxy service - so I extended Fiddler with a custom rule and I thought I'd share that here for anyone else looking for something similar. I had a few locations that I specifically needed, so I created those as menu items in addition to adding a custom field.

Open your CustomRules.js for modification - 

Under class Handlers add:

// Set clientIP
// Modify the country names and IP address as appropriate, or simply use Custom and set the array value to 0

RulesString("&Set clientIP", true)
RulesStringValue(0,"Country Name 1", "0.0.0.0")
RulesStringValue(1,"Country Name 2", "127.0.0.1")
RulesStringValue(2,"Country Name 3", "​192.168.1.1")
RulesStringValue(3,"&Custom...", "%CUSTOM%")
public static var sClientIP: String = null;

 /* -- end class handlers --*/

 

Under  OnBeforeRequest(oSession: Session) add:

// Set clientIP
if (null != sClientIP) {

    oSession.oRequest["clientIP"] = sClientIP; 
}​

Save the file and the new option will be added to your Rules menu - you can switch IP addresses with a click, and simply refresh the browser to effectively request the page with the assigned IP address.

Hi Guys,

 We're researching fiddler core with a view to buying a license as an alternative to using browser addons for our upcoming product, for some reason I can't get the following to work reliably across IE and Chrome - Code as follows:

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using Fiddler;

namespace WindowsFormsApplication1
{
    public partial class Form1 : Form
    {
        static Proxy oSecureEndpoint;
        static string sSecureEndpointHostname = "localhost";
        static int iSecureEndpointPort = 7777;
        delegate void UpdateUI();
        public Form1()
        {
            InitializeComponent();
        }

        private void Form1_Load(object sender, EventArgs e)
        {
            
            if (!Fiddler.CertMaker.rootCertExists())
            {
                if (!Fiddler.CertMaker.createRootCert())
                {
                    throw new Exception("Unable to create cert for FiddlerCore.");
                }
            }

            if (!Fiddler.CertMaker.rootCertIsTrusted())
            {
                if (!Fiddler.CertMaker.trustRootCert())
                {
                    throw new Exception("Unable to install FiddlerCore's cert.");
                }
            }

            oSecureEndpoint = FiddlerApplication.CreateProxyEndpoint(iSecureEndpointPort, true, sSecureEndpointHostname);

            //Fiddler.FiddlerApplication.OnNotification += delegate (object snder, NotificationEventArgs oNEA) { MessageBox.Show("** NotifyUser: " + oNEA.NotifyString); };
            //Fiddler.FiddlerApplication.Log.OnLogString += delegate (object snder, LogEventArgs oLEA) { MessageBox.Show("** LogString: " + oLEA.LogString); };
            Fiddler.FiddlerApplication.AfterSessionComplete += FiddlerApplication_OnAfterSessionComplete;
            Fiddler.FiddlerApplication.Startup(0, FiddlerCoreStartupFlags.Default & FiddlerCoreStartupFlags.DecryptSSL);
 
        }


        void FiddlerApplication_OnAfterSessionComplete(Session oSession)
        {

            // HTTPS TEST
            if (oSession.fullUrl.Contains("linkedin.com"))
                richTextBox1.Invoke(new UpdateUI(() =>
                {
                    richTextBox1.AppendText(oSession.GetResponseBodyAsString());

                }));

            // NON HTTPS
            if (oSession.fullUrl.Contains("pheme.co.uk"))
                richTextBox1.Invoke(new UpdateUI(() =>
                {
                    richTextBox1.AppendText(oSession.GetResponseBodyAsString());

                }));


        }

        private void Form1_FormClosing(object sender, FormClosingEventArgs e)
        {
            Fiddler.FiddlerApplication.Shutdown();
        }
    }
}

Essentially the capture doesn't seem to work reliably at all, sometimes it works, sometimes not, I always have to delete old certificates despite removing the DLL's and only deploying makcert.exe in the deployment directory.

 I appreciate this is fairly basic but what am I missing?

 Thanks

 

Marc

 

I am using Microsoft Message Analyzer, and want to use SSL decryption, but I'm unsure how the licensing works? I am not developing an application that would be using the APIs, I am using an application that requires them.

 

Do I need a corporate license to use FiddlerCore with Microsoft Message Analzyer?

 

Thanks,

Devin

Hi,

 Is it possible to run fiddler from command line and a set of URLs so that it can traverse across all the URLs and give a HAR/XML file as an output?

I am working on developing an extension for fiddler and attempting to using FiddlerApplication.oProxy.SendRequest to dynamically build a request. I have noticed that using a HTTPRequestHeaders object and the add("Cookie",myCookie); method that Fiddler parses the semicolon as a cookie separator. With that being said, my conundrum is how do I set expiry, path, domain, and security of the cookie? 

i.e. mycookie1 = username=John Doe; expires=​Mon, 1​4 Sep 2015 12:00:00 UTC; path=/;domain=.mydomain.com;secure;httponly;
mycookie2 = email=John@mydomain.com; expires=​Mon, 1​4 Sep 2015 12:00:00 UTC; path=/;domain=.mydomain.com;secure;httponly;
myCookie = mycookie1+mycookie2;

HTTPRequestHeaders rHeaders;
rHeaders.add("Cookie",myCookie);

Parsed as 
Cookie
-username=John Doe
-expires=Mon, 1​4 Sep 2015 12:00:00 UTC
-path=/
-domain=mydomain.com
-secure
-httponly
-email=John@mydomain.com

So several times over the past two months I head over to Google.com to do my googling. All is going well until suddenly Google decides that I am a bot and throws a captcha screen in front of me instead of my search results. From then on it's no Google for me no matter how many captchas I enter and no matter which browser I use. I've pretty much just had to do my search via a different search engine, and wait it out until Master Google decides that I am worthy of its service again.

Yesterday it happened again and it occurred to me that I was running Fiddler. After turning Fiddler off and waiting a bit I was able to use Google again. 

Has anyone else experienced this?

I hope this is the right place, i haven't found a place to create a support ticket for fiddler...

I am having a problem with Fiddler following a 307 redirect to an URL that needs authentication. Specifically, I let Fiddler issue an OPTIONS request to https://myserver/foo. The server needs authentication, so a challenge and response is performed and Fiddler repeats the intial request with an Authorization header. So far so good. Now the server actually cares for Fiddler's request for the first time and responds with a 307 status code, redirecting to https://myserver/foo/ (note the trailing slash). Fiddler now repeats the last request for the new URL, but with the Authorization header not being stripped.

The problems with this are twofold:

1.  The Location header of the 307 response might point to an untrusted location. Now Fiddler sends trusted data inside the Authorization header to a potentially hostile location.
2. Some webservice implementations such as WCF (and according to https://github.com/request/request/issues/450 also Amazon S3) create a "400-Bad Request" error when presented with an unexpected Authorization header (i'm guessing this is the case when no challenge and response preceded).
   
   

Let me show you an example. The following 4 requests comprise:

• The initial anonymous request (response being 401 Unauthorized with WWW-Authenticate: NTLM)
• The initiation of the handshake (response being the challenge for the client)
• Answer to the server's challenge with Authorization header (reponse being the 307 redirect to the new URL)
• Request to the new URL, IMHO erroneously still with the Authorization header from the last request.

Initial anonymous request:
OPTIONS https://myserver/foo HTTP/1.1
User-Agent: Fiddler
Content-Length: 0

Response:
HTTP/1.1 401 Unauthorized
Content-Length: 0
WWW-Authenticate: NTLM



Initiation of the handshake:
OPTIONS https://myserver/foo HTTP/1.1
User-Agent: Fiddler
Content-Length: 0
Authorization: NTLM (...)

Response:
HTTP/1.1 401 Unauthorized
Content-Length: 0
WWW-Authenticate: NTLM (...)



Answer to the server's challenge:
OPTIONS https://myserver/foo HTTP/1.1
User-Agent: Fiddler
Content-Length: 0
Authorization: NTLM (...)

Response:
HTTP/1.1 307 Temporary Redirect
Content-Length: 0
Location: https://myserver/foo/



Request to the new URL:
​OPTIONS https://myserver/foo/ HTTP/1.1
User-Agent: Fiddler
Content-Length: 0
Authorization: NTLM (...)

Response:
HTTP/1.1 400 Bad Request
Content-Length: 0


When i repeat the last request without the Authorization header, everything works fine, i.e. challenge and response are repeated and ultimately, the desired 204 response with the Allow header is returned.

In my opinion, Fiddler should never retain an Authorization header following a redirect! Since to my knowledge there is no definite rule that flat out fordbids that behaviour, calling this a bug might be exaggerated. But in order to play nicely with various web services and also with security in consideration, i think this issue should be addressed.

Thank you.

For "AutoResponder" of "Match only once".

When multiple simultaneous access to the same URL, it seems to match more than once.

My client has access to the same URL in 12 threads, rarely, I have received the same response.

Is it a problem of setting?

are you able to capture traffic from your phone without having to be on the same wifi?

i have an ethernet cable with extremely fast internet but my wifi is very slow compared to it.

tell me ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION