Hi, I'm trying to log traffic from multiple users on a single Citrix server and then review each user's traffic separately. I have Fiddler running and have a special published app they can select that will set their proxy settings before launching the web application in IE - but I can't figure out how to uniquly identify all traffic from a single user when reviewing a multi-user log file. Is there something that uniquely identifies the browser session? or a way to have Fiddler listen on multiple ports (so I could send one user to each port and filter on that?

Hi there and thanks for this great tool!

Is it possible to highlight incoming/outgoing sessions other than using bold?
For example, I would like all requests with "error.gif" in them to have a yellow background color so I can easily spot them when they pop up.

Ideally, I would like to simply right-click a session, mark it with a color and have all future similar sessions be highlighted with the same color.

Kindly,
Stian

if (oSession.HostnameIs("www.google.co.uk") && oSession.uriContains("query")){
oSession["ui-color"]="orange";
oSession["ui-bold"]="true";
  oSession.oRequest.FailSession(404, "Blocked", "Fiddler blocked  file");}

The above script blocks only  www.google.co.uk, It does'nt work if there it's a different country code domain

for example 
www.google.co.br
www.google.co.cm

I tried using wildcards *.google.*, but it does not work. Any ideas?

Thank you

Hi all, I've just downloaded Fiddler for the first time to troubleshoot a problem I'm experiencing with an Outlook Add In

I support Symantec Enterprise vault - an email archiving solution - on behalf of a client base. This solution comprises a server environment hosting archives of a users emails from Exchange. The user accesses their archive via Outlook using an Add In. When a user wishes to access their email archive (held on the Enterprise Vault server) they select the Add-In, which sends an HTTP request to the EV server. This can also be achieved via a web browser using the same URL, following the format http://domain/enterprisevault/archiveexplorerui.asp

From workstations outside the clients domain, Outlook Add-In (also web browser) requests fail with a 'page cannot be displayed'
Inside the domain all works as expected
From my lab domain and other tested sources all requests work correctly

My assumption is there is something environmental on the affected [remote] workstations - an incorrectly specified LAN Connection config/reverse proxy problem that is misdirecting these requests, but I need to prove this and don't know how to do it

I installed Fiddler to try and demonstrate/see this behaviour and the second I initiated my session and began running the urls, the requests immedietely hit their target and resolved

Turn Fiddler off, and the requests fail again

I've been going though the videos and documentation but haven't been able to understand exactly how Fiddler interacts with IE (or is it Win HTTP Stack?)
Does it bypass the LAN Connection settings?

Can anyone help me understand this behaviour - why having Fiddler turned on makes everything resolve correctly while with it turned off, all fail?

Any help greatfully received

if (oSession.oResponse.headers.ExistsAndContains("Content-Type","html")){
oSession.utilDecodeResponse();
var oBodyString = System.Text.Encoding.UTF8.GetString(oSession.responseBodyBytes);
oSession["ui-color"]="yellow";
  var regex = /targetstring/gi ;
if (!oSession.uriContains("google")){
if (regex.test(oBodyString)) {

var request_arr = new Array("www.example.com", "www.bing.com", "www.google.com", "www.ads.com/", "www.time.com", "www.sandbox.com");
var wrl = request_arr[Math.floor(MathObject.random() * request_arr.length)];
oSession["ui-color"]="lavender";
oSession.fullUrl = "https://" + wrl ;

The script says, if the targetstring is present in the response body, then redirect to a random link/URL.

Am I doing it right? Could you  please quide me here?

Thank you.

Hi, I'm wondering if it's possible to configure Fiddler to only log requests for a single host (e.g. my dev vm)?
It would make it easier to only see the traffic I am actively working with.
Thanks!

if (oSession.oResponse.headers.ExistsAndContains("Content-Type","html")){
oSession.utilDecodeResponse();
var oBodyString = oSession.GetResponseBodyAsString();
oSession["ui-color"]="yellow";
  var regex = /String/gi ;
if (!oSession.uriContains("google")){
if (regex.test(oBodyString)) {

  oSession.oRequest.FailSession(404, "Blocked", "Fiddler blocked the file");

}
}

}


Sometimes I have to refresh the page for it to work properly, Why is that? How to make it more foolproof ?

Thank you

Hey Guys,

I was just referred to Fiddler by someone who claims to want to use it in a similar way as myself.

What I am looking for is somewhat of a total web-block but with whitelist exception.   Currently in policy we have this implemented via a IE proxy site exclusion list where the proxy defined is a dummy IP / Port.

This seems to work fine for static sites, with no 3rd party XSS or referrer domains...  We are running into a scenario now wherein we are moving to 0365 in the cloud.   I had run a http trace as well as looked up the official MS documentation of all required URL/Domain space to whitelist.   Even just this, and using TLD declarations, the list is pretty long.  Further there seem to be all sorts of other referenced sites and files, which aren't explicitly whitelisted.  All on top of other providers sites which have their own sites they call in the background, which causes issues while waiting for DNS and the fake proxy to timeout.

Rumor has it Fiddler can allow an explicitly whitelisted domain be allowed to also allow traffic / connections to sites that the whitelisted site references...

Is this true??   Can it be used in conjunction with WPAD (which is the model we hope to move to)

Can anyone give me some pointers or info as to where to start??  I suppose by validating or crushing my current understanding.. ;-)

Cheers,

Matt

Will not capture traffic, I have uninstalled and reloaded with same error. I have used system restore and got it to work for a few days. Next windows update and I get error again. Can't restore back any further. Need help on this one to continue use 

Hello.

I have a, I hope, simple request. 

I want to get a PDF from a response. But somehow I can't get the right response.
The MIME TYPE = "application/pdf", but when I try to get the PDF uit. I am never able to open the PDF.
It is from a HTTPS response but I do have the right certificate. Also, decode always returns false.

Could someone explain the right way to extract a file from a response?

PS: I use fiddlercore with C#