Currently Fiddler Classic supports WebView using old IE control that makes low compatibility for modern web. and I need to see some request using WebView, but it doesn't show me the 'correct' view, for modern HTML. I think using WebView2 for it is good idea for modern web.

(sorry for bad english)

Why would a https page work successfully when running a fiddler capture but then when i close fiddler, the page no longer works?
I have the decrypt https traffic options selected 

How would i get that to stop so i can capture why page does not work under normal circumstances? 

Hello all,

I have seen various threads about this topic but although I followed all the recommendations, nothing had a successful result. I have installed fiddler on my new Win10 laptop. Hotspot is created through NoWifi windows app since the driver does not directly support hotspot. Mobile is connecting normally to the hotspot and has access to internet without a problem (sharing my ethernet with the mobile hotspot). When I modify the wifi connection on the mobile to give the ip and port for the fiddler proxy, the mobile has no access to the internet any more.

Fiddler has:

• Enabled Capture HTTPS CONNECTs
• Enabled Decrypt HTTPs traffic
• Enabled Allow remote computers to connect

And has been restarted after the settings have configured.

When I connect to the wifi with the mobile, I try to reach the ipv4.fiddler:8888/ page but I get Site can't be reached...

I have also tried to change the certificate generator to BouncyCastle but this did not work either.

Any ideas would be greatly appreciated.

Thank you very much,

Haris

Hello,

Does Fiddler Everywhere support websockets?

If it does how can I enable it?

Thank you in advance.

Dear(s),

I wanna know whether Progress Telerik Fiddler Web Debugger and fiddler classic actually is a same software, only with different name or different version?

Regards

Hi everyone,

After hours of using the Progress Telerik Fiddler Classic, i'm blocked. I'm trying to intercept a web socket secure (WSS) over TLS, that's why I'm using the HTTPS MITM Proxy.

I have registred all the SSL Root certificates and everything is working. But when I show the Web socket inspector, I couldn't translate the binary to human readable text. After some researchs, it seems that I need to decode the payload ?

Does FiddlerClassic permit to translate the binary of a web socket frame to the text human readable ?

Here a screenshot:

Big thanks in advance for all your help. Have a nice end of day,

Respectfully

I like to grab the ClientBeginRequest and convert that to UNIX epoch time in the Fiddler scripts, however, I cant seem to get the known methods to work like Math.floor. 

var iat = oSession.Timers.ClientBeginRequest; -> this does not give me unix time in sec

The idea is to generate json data with iat, exp and convert it to base64 and add it to the header

        import Microsoft.JScript;

        var iat = Math.round((new Date()).getTime() / 1000);
        oSession.oRequest["iat"] = iat
        
        var exp = (iat + 1800);
        oSession.oRequest["exp"] = exp
                
        var data = {iat: 'iat', exp: 'exp'};

hi 

I work on scraping data from the android app. i could see HTTP and HTTPS traffic but in special data that I want extracting didn't show in fiddler sessions. I attach fiddler certification on the android device and even try certificate pinning bypass approach with the Exposed framework, but still, I couldn't see traffics, this data is about the history of users and when I load this data and scroll some pages, nothing shows in fiddler, like I didn't anything.

Now my questions are about this problem.

First which network traffic cant see with fiddler and how can understand the type of my traffic to assay that?

Second how I could monitor this traffics? have fiddler any extensions to cover this? or this work could do anyway like other apps or other approach or use another framework like Frida?

got stuck with issue for a long time. appreciate your help, please.

Regards - ah.Mohammadi

- I have Fiddler Anywhere Version : 3.1.1Built : Friday, April 1, 2022

- I'm getting the following error when trying to login to a site that uses Google Authentication

I have SSL enabled as well as HTTP 2 

I followed this following article to test via Curl: https://docs.telerik.com/fiddler-everywhere/knowledge-base/troubleshoot-traffic-capturing

And that seems to work fine

curl -v --url https://accounts.google.com/ -x 127.0.0.1:8866
*   Trying 127.0.0.1:8866...
* Connected to 127.0.0.1 (127.0.0.1) port 8866 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to accounts.google.com:443
> CONNECT accounts.google.com:443 HTTP/1.1
> Host: accounts.google.com:443
> User-Agent: curl/7.79.1
> Proxy-Connection: Keep-Alive
> 
< HTTP/1.1 200 Connection Established
< FiddlerGateway: Direct
< StartTime: 16:38:22.875
< Connection: close
< 
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305
* ALPN, server accepted to use h2
* Server certificate:
*  subject: OU=Created by http://www.fiddler2.com; O=DO_NOT_TRUST_BC; CN=*.google.com
*  start date: Apr 11 00:00:00 2022 GMT
*  expire date: Mar 18 00:00:00 2023 GMT
*  subjectAltName: host "accounts.google.com" matched cert's "*.google.com"
*  issuer: OU=Created by http://www.fiddler2.com; O=DO_NOT_TRUST_BC; CN=DO_NOT_TRUST_FiddlerRoot
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x141011400)
> GET / HTTP/2
> Host: accounts.google.com
> user-agent: curl/7.79.1
> accept: */*
> 
< HTTP/2 302 
< content-type: text/html; charset=UTF-8
< strict-transport-security: max-age=31536000; includeSubDomains
< x-frame-options: DENY
< content-security-policy: script-src 'nonce-VYoRQAxt6ue7JSa7k4ypgQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
< location: https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F
< content-length: 338
< date: Mon, 18 Apr 2022 22:38:23 GMT
< expires: Mon, 18 Apr 2022 22:38:23 GMT
< cache-control: private, max-age=0
< x-content-type-options: nosniff
< x-xss-protection: 1; mode=block
< server: GSE
< set-cookie: __Host-GAPS=1:d7lQPkd-mj-X5xjZLsdLHUWgaG92oA:9aBwNT8dN9_fk9ZE;Path=/;Expires=Wed, 17-Apr-2024 22:38:23 GMT;Secure;HttpOnly;Priority=HIGH
< alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
< 
<HTML>
<HEAD>
<TITLE>Moved Temporarily</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
<H1>Moved Temporarily</H1>
The document has moved <A HREF="https://accounts.google.com/ServiceLogin?passive=1209600&amp;continue=https%3A%2F%2Faccounts.google.com%2F&amp;followup=https%3A%2F%2Faccounts.google.com%2F">here</A>.
</BODY>
</HTML>
* Connection #0 to host 127.0.0.1 left intact

Not sure what else I can do here. What else can I do to debug an application that uses Google Auth? The login process itself is exactly what I'm trying to debug in my application. 

I'm using Chrome Version 100.0.4896.127 (Official Build) (x86_64 translated)