Currently I have Fiddler's Host Remapping feature configured like so:

How can I use a wildcard for the Top Level Domain?

I tried to use the code below in the Fiddler Rules script's OnBeforeRequest() but am not having success. How can this be done?

 

I got fiddler recently and don't really understand all the features... I ended up catching all these inconsistent bugs with it one day and then I closed it not even realizing you had to save each session. Is there a way to set it to auto-save or auto-archive?

​

Hi Eric,

1) congrats on your incredible and marvelous Fiddler, its really awesome, and helps us A LOT !

2) i couldnt find the answer to my question in the forums and/or other sources - so if i was just too blind to find it, please just direct me there. And i know the thing ill describe is not the standard usage of Fiddler (i also often use it for more mainstream purposes, but i thought to try it for this, and it works like a charm!)

3) my situation: i have to test a server with certain requests, and put it under a certain average but not uniform load. for that i first captured and saved some specific request/response pairs (some of them json, some not) using fiddler (v4.5.1.2, on Win7sp1/Ultimate/x64/en-us)

then i slapped together a quick fiddlerscript which does the following: prompt user for a loopcount, and a minimum and maximum delay. then, 'loopcount times', a for-loop replays the selected sessions (using random agentstrings from a list of mine), then waits for a random delay (between min & max), rinse, repeat.. i even added code to allow for multiple selected sessions at the same time, which lets the user enter a probability distribution between the multiple session, which it then uses for the replay, stuff like that.

 4) my question: this works like a charm to create the required random/average load, depending on the parameters i give the script on start. BUT: i cant see a way to STOP the executing script in fiddler forcefully, before the loop ends naturally. Only way i see now is to close the fiddler application itself; then additionally i have to kill fiddler.exe (which still runs the script in the background and keeps throwing the requests from the loop). then i have to restart fiddler, reload all beloved settings (btw, is there a way for example to start with the Composer 'teared off' in separate window by default..?) and all required sessions.

This 'total kill' procedure is quite tedious every time i have to change some setting. normally i need request-loopcounts around 1000-5000x, because i need to have this load for some time to allow me the tests on my server..

Is there an intended method of stopping an executing fiddlerscript? i went so far as thinking about out-of-channel stuff/semaphores like adding code in the loop to query for existence of a specific file, and then break the loop when found (allowing me to stop script loop execution by renaming an external 'kill-file')... but this is very awkward - any other ideas or methods?

 

And again: really, thank you for Fiddler, its a godsend, an incredibly great software helping us developers out !!

Basically, in the code for 

Fiddler's HTTPS decryption feature also offers basic support for intercepting requests that require client certificates and responding with a client certificate from the machine running Fiddler.Selection of Client CertificateIf a .CER file has been specified for a given session as follows:

oSession["https-Client-Certificate"] = "C:\\test\\someCert.cer";

...then Fiddler will simply use that certificate for the current session.

 

What goes in place of https-Client-Certificate is it the host or the URL or is it something entirely different?

I'm trying to use a client cert to get around a cert pinning issue and I want to know I'm coding it right before I admit defeat.

 

Thanks in advance,

Duane

 

Hello,

I've managed to get my inspector extensions working. It's been handy for me, and it may be handy for other people.

Are there standards for posting an extension on the Fiddler website?

Dear FiddlerCore people:

I would like to capture the Http POST stream to the server to extract the FORM and Cookie data.

I would like to only have a proxy for the current proc. This code sets the proxy for all the browsers, and

breaks the internet on using browsers while I'm working on this. I'm only interested in one particular

windows browser call. I can capture the cookies from the forms browser  but not the FORM in the

header. So I have to capture the call data with Fiddler. Once I have the data from the client prepared for the server,

I want to CANCEL the call and abort the forms browser call and do using the cookies and FORMS data.

 

the web request and response?

 

I'm only interested in the request and I will edit the request and send web request with the environment

of the forms browser.

 

My problem is that the website code spawns a new browser outside the thread I control in the form web browser.

I want to intercept the call and either edit it so it does not spawn a new client or send the request in webRequest and webResponse.

I'm looking at the oS data structure and starting to see what it contains. 

 What is the best way to edit this and cancel the current request in the session?

 

 

 

          Fiddler.URLMonInterop . SetProxyInProcess ( "127.0.0.1:8888" , "<-loopback>" );
            Fiddler . FiddlerApplication . Startup ( 8888 , false , false );
            //Fiddler . FiddlerApplication . Startup ( 0 , FiddlerCoreStartupFlags . Default );

             Fiddler . FiddlerApplication . BeforeRequest += delegate ( Fiddler . Session oS )
                {
                Debug . WriteLine ( "Before request for:\t" + oS . fullUrl );
                Debug . WriteLine ( String . Format ( "{0}:{1} >>{2}<<" , oS . id , oS . PathAndQuery, oS.RequestHeaders, oS.RequestMethod ,oS.RequestBody.ToString() ) );
                string code;
                List<Fiddler.Session> oAllSessions = new List<Fiddler . Session> ( );
                oS . bBufferResponse = true;
                Monitor . Enter ( oAllSessions );
                oAllSessions . Add ( oS );
                Monitor . Exit ( oAllSessions );
                };

Hey guys,

Bit stumped on this one - Just today HTTPS decryption has stopped working properly.

 To Be precise, if it is enabled, no data appears to be proxied to/from Fiddler. In Chrome/IE/Firefox, the session just hangs waiting for a response which never comes.

If I disable HTTPS decryption, everything works as expected.

I have double checked the certificate and reinstalled it (though if it were a problem I would expect the browser to tell me anyway!), I have reinstalled Fiddler and tried using a different PC (across the network, still via my local copy of Fiddler).

Has anyone seen this? I'm not sure where I should go from here!

 Cheers,

Michael

English 不懂得
FiddlerCore4 证书无效 如何解决
       if (!Fiddler.CertMaker.rootCertExists())
       {
           if (!Fiddler.CertMaker.createRootCert())
           {
               throw new Exception("Unable to create cert for FiddlerCore.");
           }
       }
       if (!Fiddler.CertMaker.rootCertIsTrusted())
       {
           if (!Fiddler.CertMaker.trustRootCert())
           {
               throw new Exception("Unable to install FiddlerCore's cert.");
           }
       }

 

 Invalid certificate

 

Hi guys:

I am trying to capture the javascript files that used an aspx webpage. 

By default, I only get the images, css and html.

 What could I try to download the js files.

 If I save the complete rendered page using IE, the javascript files are downloaded.

 Thanks in advanced

 David

 Hello,

 I couldn't find a security contact at telerik so opening a new threat here. Sorry if it's already discussed or resolved.

As I bloged at http://blog.jpcert.or.jp/2015/05/fiddler-cores-insecure-default-flag-may-lead-to-open-proxy-issue.html

The the expected behaviour of FiddlerCoreStartupFlags.Default seems to be different from what it should be because AllowRemoteClients is false under the default configuration of the stand alone Fiddler application. Because setting the flag to 'Default' is recommended in the developer manual, many developer could use the flag without understanding the possibility of 'Open Proxy' issue.

It would be nice if FiddlerCoreStartupFlags.Default is changed so that AllowRemoteClients is toggled off by default.

Thanks,

Masaki