There's a 3rd party ios app that i want to capture traffic from, and i'm not having any luck in doing so.  It is specifically the Twinkly app.  My web requests from the browser seem to be getting decoded and i did not expect the apple apps to be decoded, due to certificate pinning, but I really would like to get this working for a 3rd party app.  I installed a bouncy castle certificate and tried that, and I also set up a trial of Fiddler Everywhere and started over, with no luck.  Any ideas?  I am willing to jump through any kind of hoop necessary to get this to work, including jailbreaking the phone.

I know that Fiddler uses local DNS resolver as it didn't work on some test sites that only worked through DoH geobypassing proxy. Are there any trick/method to make Fiddler respect browsers DoH setting? If not, would you guys please consider adding it since DoH/DoT seems to be very useful/popular these days.

Here's some use case scenarios

• You want to hide your DNS queries from your ISP while doing Fiddler session on a browser.
  
• Your ISP filters your DNS (transparent DNS proxy, etc) and you want to debug sites that are blocked by your ISP with Fiddler.
• You want to debug geo-blocked sites which can be bypassed by geo-bypassing DoH resolver.
• and so on.

You can also add following to any of the scenarios above if we think alternative solutions like using Windows 10/11, configuring DoH on the router, using VPN, etc.

• "you use an operating system that doesn't support configuring DoH/DoT"
• "your ISP/Organization blocks VPN/proxies"
• "your router doesn't support DoH/DoT"

BTW, I know Microsoft natively added DoH in Windows 10 more than a year ago, DoT to Windows 11 insider build a few months ago. I don't know if Fiddler works on them (works as in properly using DoH/DoT) as i don't use those OSes. I am curious to know about it though.

Anyways,

Here's quick guide to confirm that Fiddler/Firefox bypasses DNS-over-HTTPS just in case anyone wants to test.

Open Firefox (Use this guide for other browsers)

1. Click the menu button and select Settings.
2. In the General panel, scroll down to Network Settings and click the Settings… button
3. Check "Use system proxy settings"
   
4. Scroll down to Enable DNS over HTTPS.
5. • On: Select the Enable DNS over HTTPS checkbox.

     Check Custom and paste this server (this is DoH DNS resolver that blocks social media sites we are using for the test)
     

   • https://freedns.controld.com/p3
     

   • Press OK

6. Open www.facebook.com and it should be blocked.

7. Now open Fiddler and try to open www.facebook.com again on the browser. Facebook will work.
   

i used these settings:

public static void StartupFiddlerCore()
        {
            // Build startup settings:
            var settings = new FiddlerCoreStartupSettingsBuilder()
                                //.CaptureLocalhostTraffic()
                                .MonitorAllConnections()
                                .CaptureFTP()
                                .DecryptSSL()
                                .RegisterAsSystemProxy()
                                .OptimizeThreadPool()
                                .Build();
            FiddlerApplication.Startup(settings);
            //FiddlerApplication.oProxy.Attach();

        }

when i use WinSCP and use the fiddlerCore's ftp proxy to connect ftp server, the fiddlerCore's ftp proxy did net capture the ftp traffic.

the picture is winscp's proxy setting.

I am using fiddlerCore to capture ftp traffic, and i used the "CaptureFTP()" setting and "RegisterAsSystemProxy()" setting.

But when i use Winscp application with fiddlerCore's proxy to connect ftp server,it did not work,and connect failed. 

how dose fiddlerCore's ftp proxy work? how to use it?

Hi,

I tried

static function OnBeforeRequest(oSession: Session) {
var arr: Byte[] = oSession.requestBodyBytes;
var istr: String = '';
istr =  Convert.ToBase64String(arr);

// ... do something with request body ...

oSession.RequestHeaders['Fiddler-Encoding'] = 'base64';
oSession.utilSetRequestBody(istr);
}

base on this article. Unfortunately this does not work. Any help appreciated.

I'm using Fiddler Classic and android Emulator - MEmu. I have installed some android application there.

Of course I have installed fiddler certificates on my host and on android also i moved them to the system folder, I set up fiddler proxy in the Wi-Fi settings and everything works fine, I can receive all https traffic but somehow in this application when I'm trying to log-in the application logs in but in the fiddler I don't have any activity, it is just empty at this moment. Same thing when I enter wrong password the application says me "Wrong password" which means it sends request to the server somehow but fiddler doesn't have any requests when I press the button "Log in".

How is this possible? Can application bypass proxy that set up in the wi-fi connection settings in the android somehow? Or how is it possible even it theory?

I also tried android firewall with block all connections option on, when I Log in in the application with this firewall that blocks everything - I have error in the application and in the blocked list I can see requests like IP address and some urls, so why I can't see this requests in the fiddler?

Hi,

I use Fiddler Classic as a proxy between client and server. I tried to replace the entire response body for a request.

static function OnBeforeResponse(oSession: Session) {
...
var body = '<?xml version="1.0" encoding="UTF-8"?><Test/>';
oSession.ResponseBody = System.Text.Encoding.UTF8.GetBytes(body);
oSession.oResponse['Content-Length'] = body.Length;
oSession.utilSetResponseBody(body);
...
}

Within a .net application when the CheckCertificateRevocationList is set SSL connections can no longer be made while fiddler is running.

An example:

ServicePointManager.CheckCertificateRevocationList = true;

WebRequest request = WebRequest.Create("https://www.google.com");

var response = await request.GetResponseAsync();

This fails with

The remote certificate is invalid according to the validation procedure.

If I register a validation callback (ServicePointManager.ServerCertificateValidationCallback) too  see what is going on I see

SSLPolicyErrors = RemoteCertificateChainErrors

When looking at the X509Chain I see "The revocation function was unable to check revocation for the certificate.\r\n"

Some other threads on stack overflow indicated this may be due to no revocation list being attached to the fiddler root certificates.

So I was wondering if anyone was able to get fiddler to work with the CheckCertificateRevocationList= true.  I know I can disable it but that would not be good for security. I also could in the handler allow fiddler certificates, but I was hoping there was a way to generate the fiddler certificates in a way that worked with that setting.