Hey Guys,

I was just referred to Fiddler by someone who claims to want to use it in a similar way as myself.

What I am looking for is somewhat of a total web-block but with whitelist exception.   Currently in policy we have this implemented via a IE proxy site exclusion list where the proxy defined is a dummy IP / Port.

This seems to work fine for static sites, with no 3rd party XSS or referrer domains...  We are running into a scenario now wherein we are moving to 0365 in the cloud.   I had run a http trace as well as looked up the official MS documentation of all required URL/Domain space to whitelist.   Even just this, and using TLD declarations, the list is pretty long.  Further there seem to be all sorts of other referenced sites and files, which aren't explicitly whitelisted.  All on top of other providers sites which have their own sites they call in the background, which causes issues while waiting for DNS and the fake proxy to timeout.

Rumor has it Fiddler can allow an explicitly whitelisted domain be allowed to also allow traffic / connections to sites that the whitelisted site references...

Is this true??   Can it be used in conjunction with WPAD (which is the model we hope to move to)

Can anyone give me some pointers or info as to where to start??  I suppose by validating or crushing my current understanding.. ;-)

Cheers,

Matt

Will not capture traffic, I have uninstalled and reloaded with same error. I have used system restore and got it to work for a few days. Next windows update and I get error again. Can't restore back any further. Need help on this one to continue use 

Hello.

I have a, I hope, simple request. 

I want to get a PDF from a response. But somehow I can't get the right response.
The MIME TYPE = "application/pdf", but when I try to get the PDF uit. I am never able to open the PDF.
It is from a HTTPS response but I do have the right certificate. Also, decode always returns false.

Could someone explain the right way to extract a file from a response?

PS: I use fiddlercore with C# 

I'm logging A HUGE amount of sessions as part of some troubleshooting and fiddler is becoming very slow to respond (in some cases unusable) as a result. My thinking of working around this was to get Fiddler to save the sessions to a file every x sessions then clear the list.

My FiddlerScript looks like this (this should save every 100 sessions to a file, though when it works I will increase this number):

//---------------------BEGIN FIDDLERSCRIPT EXCERPT---------------------
var numberOfLoggedSessions: int = 0;
var savedArchivesCount: int = 0;

class Handlers
{
...
    static function OnDone(oSession: Session) {
        if (numberOfLoggedSessions > 98) {
            FiddlerApplication.UI.actSelectAll();
            numberOfLoggedSessions = 0;
            var sessionsToSave: Session[] = FiddlerApplication.UI.GetSelectedSessions();
            savedArchivesCount ++;
            FiddlerApplication.UI.actSaveSessionsToZip("C:\\Users\\storage\\Desktop\\" + savedArchivesCount + ".saz");
            FiddlerApplication.UI.actRemoveSelectedSessions();
        } else {
            numberOfLoggedSessions ++;
        }
    }
...
}
//---------------------END FIDDLERSCRIPT EXCERPT---------------------

When I test it, it seems to work, so I leave it for a bit and eventually come back and see an error message that I don't understand:

There was a problem with your FiddlerScript.

Number of selected items does not match actual selected items.
  at
System.Windows.Forms.ListView.SelectedListViewItemCollection.get_SelectedItemArray()
  at
System.Windows.Forms.ListView.SelectedListViewItemCollection.CopyTo(Array dest, Int32 index)
  at Fiddler.frmViewer.WeakStoreWebSessionsBeforeDelete(Object oLVIC)
  at Fiddler.frmViewer.actRemoveSelectedSessions()
  at Fiddler.ScriptNamespace.Handlers.OnDone(Session oSession)
  at Fiddler.FiddlerScript.DoSessionCompleted(Session oSession)

Do you have any ideas what's going wrong?

Hi,

I have two websites, 1.com and 2.com, running as virtual hosts on the same IP address.  Both sites are SSL, so the SSL extension Server Name Indication (SNI) is used to indicate which host a connection is requesting.  The test instances for these sites are set up with the same names as production but on a different IP address.  To access the test sites without hacking my hosts file I use fiddler with a customized CustomRules.js to override the host the requests are sent to.

static function OnBeforeRequest(oSession: Session)
{
  if (oSession.HostnameIs("1.com") ) {
    oSession.bypassGateway = true;
    oSession["x-overrideHost"] = "10.0.0.1:" + oSession.port;

  }
  if (oSession.HostnameIs("2.com") && oSession.uriContains("/blah/"))  {
    oSession.bypassGateway = true;
    oSession["x-overrideHost"] = "10.0.0.1:" + oSession.port;
  }



This works perfectly when I enable one or the other redirection at a time.  However, there is a page on 1.com which contains iframes which loads content from both sites and when I enable both redirects I get continuous "400 Bad Response" errors in the iframes for content from 2.com and the web server logs the error "Hostname 1.com provided via SNI and hostname 2.com provided via HTTP are different"

If I remove the test << && oSession.uriContains("/blah/" >> from the fiddler script, content loads most of the time from 2.com, but there are still sporadic 400 bad response errors.

Can anybody help please?

thanx
Simon

Hello,

There is the very helpful Utilities.TrimBeforeLast() function in Fiddler script. However, I really need to perform a Utilities.TrimAFTERLast(StringVar, "}") to remove the extra characters after a JSON object i've captured. Is there any way I could produce this equivalent result with fiddlerscript?

Thanks
Kevin J

   var bodyString = oSession.GetResponseBodyAsString();
if (oSession.oResponse.MIMEType.Contains("html")) {
var regex = /jimmy/;
if (regex.test(bodyString)) {

oSession.oRequest.FailSession (404, "Blocked", "Fiddler blocked product service request");
}
}

Basically, How do I tell Regex to find the string jimmy present in body, if found, then block the page?

Thank you

I'm using WCF binary in a Silverlight app. Since latest updates Fiddler interferes with WCF binary traffic and corrupts it. Seems to happen only when "Decode" is enabled in Fiddler.
I'm on Windows 8.1.

Hello,

In FiddlerScript I am setting x-no-decrypt, and I want to kill the connection after a single request has been sent and its response received.  The app that I'm proxying traffic for will then reconnect to re-establish its connection, and, this time round, I don't want to set x-no-decrypt.

How do I do this?

The background is that I'm security auditing an app where the code looks like this:

// connect to HTTPS server
// GET /hello
// check the HTTPS certificate of the server and if it isn't this hard-coded one then throw an exception
// POST /login?username=foo&password=bar

I suspect, and want to demonstrably prove, that the networking library that the app is using will try to be helpful and reconnect the HTTPS connection if it is dropped after the response from the GET is successfully received and before the POST is made.  This essentially means that the server certificate check against a hard-coded one is useless, and I want to prove this using Fiddler.

Thanks!

David

I have been using Fiddler to tract redirects/404 and other HTTP
status codes by inputting URL to the composer.

It is very manual and repetitive task when checking multiple
URLs, so I wonder does anybody know how to perform bulk URL check? Is there a
way to import/export URL lists?

Thanks!
Regards,
Galina