or
1 answer
200 views
I want to redirect traffic from my Chromebook using fiddler everywhere. Unfortunately I do not have access to the fiddler jam extension, so I need to use an external device which is my mac. I followed this in the docs (https://docs.telerik.com/fiddler-everywhere/knowledge-base/how-to-track-different-devices). I connected my Chromebook on the same internet and with the proxy with the correct computer name and port, and saved the settings. I tested the internet on https://www.google.com but no internet. What am I doing wrong?
Nick Iliev
Telerik team
answered
on
29 Dec 2022
1 answer
97 views
I noticed the Comment column is displaying 'bytes'
Nick Iliev
Telerik team
answered
on
29 Dec 2022
1 answer
471 views
Ok no prize but this has been bothering me for a while and after endless googling and searching I can't figure it out so asking here for some help. Using Fiddler Classic and have this connection that won't work and can't figure out why.. while another almost identical and to same server works! .. so listing both, good one and bad one here and hoping someone can help and let me know what I'm missing.
The name of the party involved has been changed to protect its identity! :-P
Thank you all in advance!
The one that works:
CONNECT xx-xxxx.xxxx.com:443 HTTP/1.1
Host: cn-geo1.uber.com
User-Agent: Xxxxxx/x.xxx.xxxxx CFNetwork/1240.0.4 Darwin/20.6.0
Connection: keep-alive
Connection: keep-alive
A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.
Version: 3.3 (TLS/1.2)
Random: D6 98 B2 86 F9 D5 6C 89 44 34 E5 CE 3D 7E DE B8 5E 17 80 09 C8 1B 4A 89 32 E9 76 33 02 B8 13 1D
"Time": 8/11/2041 12:31:18 PM
SessionID: D7 1A 00 00 28 58 81 5E 09 42 2C 7D FF 52 69 45 04 1F 6A 9A F1 AC 7F 1C 8A 4F BB 05 B6 90 1D 07
Extensions:
grease (0xcaca) empty
server_name xx-xxxx.xxxx.com
extended_master_secret empty
renegotiation_info 00
supported_groups grease [0xdada], x25519 [0x1d], secp256r1 [0x17], secp384r1 [0x18], secp521r1 [0x19]
ec_point_formats uncompressed [0x0]
ALPN http/1.1
status_request OCSP - Implicit Responder
signature_algs ecdsa_secp256r1_sha256, rsa_pss_rsae_sha256, rsa_pkcs1_sha256, ecdsa_secp384r1_sha384, ecdsa_sha1, rsa_pss_rsae_sha384, rsa_pss_rsae_sha384, rsa_pkcs1_sha384, rsa_pss_rsae_sha512, rsa_pkcs1_sha512, rsa_pkcs1_sha1
SignedCertTimestamp (RFC6962) empty
key_share 00 29 DA DA 00 01 00 00 1D 00 20 FB 83 F0 42 95 E5 7A A0 20 36 5D 34 31 B9 CF D2 F1 1C 6C D7 E4 4A 32 0E 4B 33 96 4C 90 4C 91 12
psk_key_exchange_modes 01 01
supported_versions grease [0xa0a], Tls1.3, Tls1.2
grease (0x6a6a) 00
padding 210 null bytes
Ciphers:
[5A5A] Unrecognized cipher - See https://www.iana.org/assignments/tls-parameters/
[1301] TLS_AES_128_GCM_SHA256
[1302] TLS_AES_256_GCM_SHA384
[1303] TLS_CHACHA20_POLY1305_SHA256
[C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
[C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
[CCA9] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
[C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
[C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[CCA8] TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
[C024] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
[C023] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
[C00A] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
[C009] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
[C028] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
[C027] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
[C014] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
[C013] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Compression:
[00] NO_COMPRESSION
HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 17:35:47.943
Connection: close
Encrypted HTTPS traffic flows through this CONNECT tunnel. HTTPS Decryption is enabled in Fiddler, so decrypted sessions running in this tunnel will be shown in the Web Sessions list.
Secure Protocol: Tls12
Cipher: Aes128 128bits
Hash Algorithm: Sha256 ?bits
Key Exchange: ECDHE_RSA (0xae06) 255bits
== Server Certificate ==========
[Subject]
CN=*.xxxx.com, O="Xxxx Xxxxxxxxxxxx, Inc.", L=San Francisco, S=California, C=US
[Issuer]
CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
[Serial Number]
04B114FE39AFD58E244CD867F6289C33
[Not Before]
9/29/2022 8:00:00 PM
[Not After]
10/3/2023 7:59:59 PM
[Thumbprint]
A3973CE541FA00B8ABFAF00A7A656566D9C8B85E
[SubjectAltNames]
*.xxxx.com, xxxx.com
The one that does NOT work:
CONNECT xx-xxxx.xxxx.com:443 HTTP/1.1
Host: cn-geo1.uber.com
User-Agent: com.apple.WebKit.Networking/8611.4.1.0.3 CFNetwork/1240.0.4 Darwin/20.6.0
Connection: keep-alive
Connection: keep-alive
A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.
Version: 3.3 (TLS/1.2)
Random: 14 C3 70 A0 97 D7 EE 8D 7E 4D 55 83 5B 7E 11 78 B4 0D 5A 05 A7 CA FF 72 E7 6F D3 FE 84 80 57 67
"Time": 4/19/2055 6:48:52 AM
SessionID: 94 40 2D 65 53 37 B5 35 DB 44 9C 7C 02 08 6E CF D3 D2 96 F1 5F 2F 8D F6 16 E3 00 69 28 89 F1 1A
Extensions:
grease (0xbaba) empty
server_name xx-xxxx.xxxx.com
extended_master_secret empty
renegotiation_info 00
supported_groups grease [0x2a2a], x25519 [0x1d], secp256r1 [0x17], secp384r1 [0x18], secp521r1 [0x19]
ec_point_formats uncompressed [0x0]
ALPN h2, http/1.1
status_request OCSP - Implicit Responder
signature_algs ecdsa_secp256r1_sha256, rsa_pss_rsae_sha256, rsa_pkcs1_sha256, ecdsa_secp384r1_sha384, ecdsa_sha1, rsa_pss_rsae_sha384, rsa_pss_rsae_sha384, rsa_pkcs1_sha384, rsa_pss_rsae_sha512, rsa_pkcs1_sha512, rsa_pkcs1_sha1
SignedCertTimestamp (RFC6962) empty
key_share 00 29 2A 2A 00 01 00 00 1D 00 20 D5 A3 35 60 CC 62 00 38 0B DD F3 4E FC 27 42 B6 5C 0B 4A CA 6B 98 5A 0D 4C 64 A9 8E 38 74 A9 0A
psk_key_exchange_modes 01 01
supported_versions grease [0x3a3a], Tls1.3, Tls1.2
grease (0x4a4a) 00
padding 207 null bytes
Ciphers:
[6A6A] Unrecognized cipher - See https://www.iana.org/assignments/tls-parameters/
[1301] TLS_AES_128_GCM_SHA256
[1302] TLS_AES_256_GCM_SHA384
[1303] TLS_CHACHA20_POLY1305_SHA256
[C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
[C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
[CCA9] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
[C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
[C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[CCA8] TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
[C024] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
[C023] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
[C00A] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
[C009] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
[C028] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
[C027] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
[C014] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
[C013] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Compression:
[00] NO_COMPRESSION
HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 17:36:31.802
Connection: close
Nick Iliev
Telerik team
answered
on
28 Dec 2022
1 answer
1.1K+ views
I'm using Fiddler Classic v5.0.20211.51073 for .NET 4.6.1 Built: Wednesday, 15 December 2021 on Windows 11.
The update check at start-up, or if manually performed, always fails (see attachment).
The captured traffic is shown below.
What's causing the issue and how do I rectify it?
Thanks.
GET https://www.fiddler2.com/UpdateCheck.aspx?isBeta=False HTTP/1.1
User-Agent: Fiddler/5.0.20211.51073 (.NET 4.8; WinNT 10.0.22621.0; en-AU; 8xAMD64; Auto Update; Full Instance; Extensions: APITesting, AutoSaveExt, EventLog, FiddlerOrchestraAddon, HostsFile, RulesTab2, SAZClipboardFactory, SimpleFilter, Timeline)
Pragma: no-cache
Host: www.fiddler2.com
Accept-Language: en-AU
Referer: http://fiddler2.com/client/5.0.20211.51073
Accept-Encoding: gzip, deflate
Connection: close
HTTP/1.1 502 Fiddler - Connection Failed
Date: Fri, 23 Dec 2022 01:22:54 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Cache-Control: no-cache, must-revalidate
Timestamp: 11:22:54.613
[Fiddler] The connection to 'www.fiddler2.com' failed. <br />System.Security.SecurityException Failed to negotiate HTTPS connection with server.fiddler.network.https> HTTPS handshake to www.fiddler2.com (for #1) failed. System.IO.IOException Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. < An existing connection was forcibly closed by the remote host
Nick Iliev
Telerik team
answered
on
23 Dec 2022
1 answer
90 views
Hello,
can Fiddler caputre between an Windows application and a destination IP?
Thank's!
Joe
Nick Iliev
Telerik team
answered
on
21 Dec 2022
1 answer
135 views
Not so much of a question, but more like presenting a straight-up issue I'm having while trying to install Telerik Fiddler Classic v5.0.20211.51073
Every time I try to start the setup, I get this error message (see attachment).
Needless to say I've no idea why my Internet Connection would be the issue, as I'm using it right now to write this. I've already tried running the installer as administrator, compatibility mode, disabling my antivirus and even the firewall to no use.
Any ideas?
Nick Iliev
Telerik team
answered
on
20 Dec 2022
1 answer
137 views
I get the error This endpoint does not support HTTP CONNECTs. Try GET or POST instead.
Nick Iliev
Telerik team
answered
on
19 Dec 2022
1 answer
127 views
Sucessful GET Requests have a Content-Type of text/html;charset=ISO-8859-1.
In FiddlerScript I have built the exact same Request as a string variable. When I send it using FiddlerObject.utilIssueRequest it fails with an HTTP 500 error and no value in the Session Content-Type column.
How does one set the Content-Type of the entire GET Request?
Jerry
Nick Iliev
Telerik team
answered
on
19 Dec 2022
1 answer
406 views
Hello,
I want to automate the download of a file in a website that requires authentication.
I've used Fiddler to look at the authentication method and to find out the url and parameters to download the file I need.
I manage to call via Postman a first POST that gives me a token (using basic authentication), but then, when I try to call the GET url, it says I am not connected but I cannot find out the authentication method (I can see no WWW-Authenticate header in the previous calls made when sniffing with Fiddler).
How can I know the authentication method needed for the download, where can I find this info on Fiddler ? (I have tried to pass the token via Bearer Token method and setting the token retrieve from my first POST call but that doesn't work (401/Unauthorized). Can it be via cookies ? If so, How can I build the right cookie and pass it to my GET request ?
Thanks in advance,
Nick Iliev
Telerik team
answered
on
19 Dec 2022
1 answer
200 views
Here my output of curl :
curl --proxy 172.26.160.1:8888 https://google.com -v
root@ubuntuserver:/home# curl --proxy 172.26.160.1:8888 https://google.com -v
* Trying 172.26.160.1:8888...
* Connected to (nil) (172.26.160.1) port 8888 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to google.com:443
> CONNECT google.com:443 HTTP/1.1
> Host: google.com:443
> User-Agent: curl/7.81.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection Established
< FiddlerGateway: Direct
< StartTime: 15:42:31.930
< Connection: close
<
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering h2
* ALPN, offering http/1.1
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: OU=Created by http://www.fiddler2.com; O=DO_NOT_TRUST; CN=google.com
* start date: Aug 27 18:11:42 2022 GMT
* expire date: Aug 27 18:11:42 2023 GMT
* subjectAltName: host "google.com" matched cert's "google.com"
* issuer: OU=Created by http://www.fiddler2.com; O=DO_NOT_TRUST; CN=DO_NOT_TRUST_FiddlerRoot
* SSL certificate verify ok.
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET / HTTP/1.1
> Host: google.com
> User-Agent: curl/7.81.0
> Accept: */*
>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Location: https://www.google.com/
< Content-Type: text/html; charset=UTF-8
< Cross-Origin-Opener-Policy-Report-Only: same-origin-allow-popups; report-to="gws"
< Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
< Date: Fri, 09 Dec 2022 08:42:32 GMT
< Expires: Sun, 08 Jan 2023 08:42:32 GMT
< Cache-Control: public, max-age=2592000
< Server: gws
< Content-Length: 220
< X-XSS-Protection: 0
< X-Frame-Options: SAMEORIGIN
< Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
<
* TLSv1.2 (IN), TLS header, Supplemental data (23):
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="https://www.google.com/">here</A>.
</BODY></HTML>
* Connection #0 to host (nil) left intact
root@ubuntuserver:/home#See :
subject: OU=Created by http://www.fiddler2.com; O=DO_NOT_TRUST; CN=google.com
Success ....
But the problem is whe use without --proxy
root@ubuntuserver:/home# curl https://google.com -v * Trying 142.251.12.100:443... * Connected to google.com (142.251.12.100) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * CAfile: /etc/ssl/certs/ca-certificates.crt * CApath: /etc/ssl/certs * TLSv1.0 (OUT), TLS header, Certificate Status (22): * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS header, Certificate Status (22): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS header, Certificate Status (22): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS header, Finished (20): * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS header, Certificate Status (22): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS header, Finished (20): * TLSv1.2 (IN), TLS header, Certificate Status (22): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN, server did not agree to a protocol * Server certificate: * subject: OU=Created by http://www.fiddler2.com; O=DO_NOT_TRUST; CN=142.251.12.100 * start date: Aug 27 17:44:07 2022 GMT * expire date: Aug 27 17:44:07 2023 GMT * subjectAltName does not match google.com * SSL: no alternative certificate subject name matches target host name 'google.com' * Closing connection 0 * TLSv1.2 (OUT), TLS header, Unknown (21): * TLSv1.2 (OUT), TLS alert, close notify (256): curl: (60) SSL: no alternative certificate subject name matches target host name 'google.com' More details here: https://curl.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. root@ubuntuserver:/home#
See :
subject: OU=Created by http://www.fiddler2.com; O=DO_NOT_TRUST; CN=142.251.12.100
How to fix this
Im also try to edit fiddler rules
static function OnBeforeRequest(oSession: Session) {
if (oSession.HTTPMethodIs("CONNECT") &&
oSession.HostnameIs("142.251.12.102"))
{
oSession["X-OverrideCertCN"] = "google.com";
}
Still failed
What i do is in this tutorial : https://anasfanani.id/post/redirect-all-linux-traffict-to-httphttpssocks-proxy-fiddlerburp
Anas
Top achievements
Rank 1
Rank 1
updated question
on
09 Dec 2022
