I have a device that broadcasts a "discovery" packet to port 5556 and would like to capture that.  How do i go about doing so?

I have tried to run code and output log messages from OnWebSocketMessage() and OnBeforeResponse() but its not being apparently executed and no messages are in Log tab at all... so it just seems like its not even executing script file

I have a general question towards setting a value of a response.

Imagine the following response body:

{
    "mobile-getjackpots-response": {
        "errorcodes": [
            "420"
        ],
        "jackpots": [
            {
                "gametype": "1",
                "jackpotamount": "1000000",
                "nextDrawDay": "thursday"
            }
        ]
    }
}

I want to create a rule to set ONLY the value of "jackpotamount" to a different value and I want it to do the change irrespectively of the value it currently has or the structure of the response body. I DO NOT want to constantly adjust the response via the manual response action. This creates too much overhead when the response body is larger.

This is want I want the response to look like.

{
    "mobile-getjackpots-response": {
        "errorcodes": [
            "420"
        ],
        "jackpots": [
            {
                "gametype": "1",
                "jackpotamount": "100",
                "nextDrawDay": "thursday"
            }
        ]
    }
}

I tried a find and replace rule shown in the attachment, but it resulted in this:

{
    "mobile-getjackpots-response": {
        "errorcodes": [
            "420"
        ],
        "jackpots": [
            {
                "gametype": "1",
                "jackpotamount": "100": "1000000",
                "nextDrawDay": "thursday"
            }
        ]
    }
}

I know that I should´ve used "jackpotamount": "1000000" for this to work, but this is exactly what I try to avoid, as I dont know beforehand, what the value will be that I want to change. 

I also tried it with the following regex, it should theoretically match the key-value-pair "jackpotamount": "SOME_AMOUNT"
https://regex101.com/r/u8r4IZ/1

(?:\"jackpotamount)(?:\"\s?:\s?\")(.*)(?:\")

This "cut off" the rest of the first jackpots object.

{
    "mobile-getjackpots-response": {
        "errorcodes": [
            "420"
        ],
        "jackpots": [
            {
                "gametype": "1",
                "jackpotamount": "100"
            }
        ]
    }
}

Hello.

On Windows it works perfectly fine for me. However on Linux fiddler everywhere seems to be unable to catch traffic from windows games running through proton. Is there any way to get that working?

Within Rules, Conditions: we can choose between 

• all these conditions
• any of these conditions
• none of these conditions

is it possible to choose more than 1 operand for several items?

Examples:

Condition1 AND Condition2 OR Condition3

Condition1 AND Condition2  NOT Condition3

I noticed the Comment column is displaying 'bytes'

Ok no prize but this has been bothering me for a while and after endless googling and searching I can't figure it out so asking here for some help. Using Fiddler Classic and have this connection that won't work and can't figure out why.. while another almost identical and to same server works! .. so listing both, good one and bad one here and hoping someone can help and let me know what I'm missing.

The name of the party involved has been changed to protect its identity! :-P

Thank you all in advance!

The one that works:

CONNECT xx-xxxx.xxxx.com:443 HTTP/1.1

Host: cn-geo1.uber.com

User-Agent: Xxxxxx/x.xxx.xxxxx CFNetwork/1240.0.4 Darwin/20.6.0

Connection: keep-alive

Connection: keep-alive

A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

Version: 3.3 (TLS/1.2)

Random: D6 98 B2 86 F9 D5 6C 89 44 34 E5 CE 3D 7E DE B8 5E 17 80 09 C8 1B 4A 89 32 E9 76 33 02 B8 13 1D

"Time": 8/11/2041 12:31:18 PM

SessionID: D7 1A 00 00 28 58 81 5E 09 42 2C 7D FF 52 69 45 04 1F 6A 9A F1 AC 7F 1C 8A 4F BB 05 B6 90 1D 07

Extensions: 

grease (0xcaca) empty

server_name xx-xxxx.xxxx.com

extended_master_secret empty

renegotiation_info 00

supported_groups grease [0xdada], x25519 [0x1d], secp256r1 [0x17], secp384r1 [0x18], secp521r1 [0x19]

ec_point_formats uncompressed [0x0]

ALPN http/1.1

status_request OCSP - Implicit Responder

signature_algs ecdsa_secp256r1_sha256, rsa_pss_rsae_sha256, rsa_pkcs1_sha256, ecdsa_secp384r1_sha384, ecdsa_sha1, rsa_pss_rsae_sha384, rsa_pss_rsae_sha384, rsa_pkcs1_sha384, rsa_pss_rsae_sha512, rsa_pkcs1_sha512, rsa_pkcs1_sha1

SignedCertTimestamp (RFC6962) empty

key_share 00 29 DA DA 00 01 00 00 1D 00 20 FB 83 F0 42 95 E5 7A A0 20 36 5D 34 31 B9 CF D2 F1 1C 6C D7 E4 4A 32 0E 4B 33 96 4C 90 4C 91 12

psk_key_exchange_modes 01 01

supported_versions grease [0xa0a], Tls1.3, Tls1.2

grease (0x6a6a) 00

padding 210 null bytes

Ciphers: 

[5A5A] Unrecognized cipher - See https://www.iana.org/assignments/tls-parameters/

[1301] TLS_AES_128_GCM_SHA256

[1302] TLS_AES_256_GCM_SHA384

[1303] TLS_CHACHA20_POLY1305_SHA256

[C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

[C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

[CCA9] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256

[C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

[C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

[CCA8] TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

[C024] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

[C023] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

[C00A] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

[C009] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

[C028] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

[C027] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

[C014] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

[C013] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

Compression: 

[00] NO_COMPRESSION

HTTP/1.1 200 Connection Established

FiddlerGateway: Direct

StartTime: 17:35:47.943

Connection: close

Encrypted HTTPS traffic flows through this CONNECT tunnel. HTTPS Decryption is enabled in Fiddler, so decrypted sessions running in this tunnel will be shown in the Web Sessions list.

Secure Protocol: Tls12

Cipher: Aes128 128bits

Hash Algorithm: Sha256 ?bits

Key Exchange: ECDHE_RSA (0xae06) 255bits

== Server Certificate ==========

[Subject]

  CN=*.xxxx.com, O="Xxxx Xxxxxxxxxxxx, Inc.", L=San Francisco, S=California, C=US

[Issuer]

  CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US

[Serial Number]

  04B114FE39AFD58E244CD867F6289C33

[Not Before]

  9/29/2022 8:00:00 PM

[Not After]

  10/3/2023 7:59:59 PM

[Thumbprint]

  A3973CE541FA00B8ABFAF00A7A656566D9C8B85E

[SubjectAltNames]

*.xxxx.com, xxxx.com

I'm using Fiddler Classic v5.0.20211.51073 for .NET 4.6.1 Built: Wednesday, 15 December 2021 on Windows 11.

The update check at start-up, or if manually performed, always fails (see attachment).

The captured traffic is shown below.

What's causing the issue and how do I rectify it?

Thanks.