Alright so, In my application, i am currently using:

 oSession.utilReplaceInResponse(".canUseService=function(a,b,c){", ".canUseService=function(a,b,c){return true;");

However, after this is used; the original file can be seen using the default cached file, virtually being able to see all the changes I have done. This is a security issue for me. and since i'll be using the file after the replaces have been done, is there a way to essentially clear the cache of the file after using util replaceinreponse...

What I Need is is this:

1. Replacementsinresponse occurs

2. cache cleared, meaning that the changes you made are what is running and if you were to reload the browser, then the original is back

3. If cache is cleared, then the browser's cannot show the "Modified Responses"

EDIT: While running the changes in the browser, i cleared cached. The Modified changes were still running, yet when you open the url for the original document, it no longer shows the modified responses; which means that we can clear the cache while still running the page.

Thanks!

Right-clicking on an entry and selecting Copy->Response DataURI copies base64-encoded response string to the clipboard. Saving the same response to disk (right click, Save->Response->Response Body), however, does not do that. Same goes for files autosaved into saz archives.

Is there a way to save the base64-encoded response string to a file (ideally, during autosaves)? Thank you!

I'm running a webserver on my PC that serves a REST API. I'm trying to capture requests from a remote client having set up the registry ReverseProxyForPort = 50000 where my server is listening on 50000 and my remote client is connecting to https://webseerver:8888/api

I can connect from remote client directly to webserver:50000, but an attempt to connect to webserver:8888 results in a timeout with no sessions in the fiddler traffic window.

Hi,

I want to save specific packets to individual files. These packets are in JSON format. Is it possible to save the packets on the fly, or can they only be saved once capturing has stopped?

Any help to achieve this would be appreciated. Thanks

Is there a way to control which headers that are filtererd out during an export of sessions to a Visual Studio WebTest file?

Since Microsoft is dropping support for both IE11 and Visual Studio Loadtesting features, the Web Test Recorder is becoming more and more of a problem for recording webtest files. For that reason we have started to use Fiddler instead, but noticed several draw backs, the worst being that all requests have the Referer header removed during export (even with ALL options disabled during save).

Another draw back is that Fiddlers option to handle Redirects in such export does not seem to be working. Requests that are caused by the browser following a redirect har exported like any other normal request (in the webtest request the option is set to Follow Redirects on all of these as well). We can handle this problem manually and remove the requests in a redirect chain, but the Referer header removal is a bigger problem.

If this is not available as a config setting somewhere, is it possible to change this behaviour? If not, is it possible to get the code for the export plugin so we can modify the behaviour? If that is not possible, can we create/code our own plugins to the WebTest exporter?

Hi,

I am doing some testing with a scenario where I have an HTML page with some Javascript that uses XHR to do a cross-domain request for a resource that is in a different domain, and I am trying to use a CORS Proxy called "CORS Anywhere" to determine if that will work.

I have a basic test configuration for this scenario working, but some of the resources (URLs) that we need to access (using the Javascript/XHR are "protected" by Oracle "OAM" web access control product, and my test fails when that is the case.

The way that OAM works is that there is an agent (webgate) on the Apache that is hosting the target resource, and when the webgate sees a request incoming for the protected resource, the webgate will cause a 302/redirect response to occur, and I think that that is the start of the problem.

[In the Apache logs, I can the request for the resource, and a 302 redirecting to one of the OAM endpoints, so I am pretty sure that that first OAM redirect is occurring.]

I have been trying various things to try to "see" what is going on, including the web developer tools, etc., and live headers plugin for the browser (both Chrome and Firefox), but with those, I only see the initial request and the last request for the resource, and that last one is failing.

I have also tried sniffers, including Wireshark, but our dev environment is on AWS, and even with Wireshark and the capture in promiscuous mode, I don't see all the requests, especially the request form the Javascript/XHR and the redirects that I believe are being caused because of the webgate.

So, I am now trying to use Fiddler. 

However, even when I use Fiddler, I am only seeing the first request and the final request.  The requests from the Javascript/XHR to just prior to the last request are not appearing at all :(!!

So I was wondering:  Shouldn't Fiddler be able to capture those requests (and responses) that appear to be missing?  Is there something else that I need to configure in order for Fiddler to be able to "see" those requests?

Here's the HTML/Javascript/XHR page that is doing the request to the target URL:

<html>
<body>

<script>
// 1. Create a new XMLHttpRequest object
let xhr = new XMLHttpRequest();

// 2. Configure it: GET-request for the URL /article/.../load
xhr.open('GET', 'http://192.168.xxx.yy:8080/http://charlieeastweb.....com:7777/target-charlie/index.html');


// 3. Send the request over the network
xhr.send();

// 4. This will be called after the response is received
xhr.onload = function() {
  if (xhr.status != 200) { // analyze HTTP status of the response
    alert(`Error ${xhr.status}: ${xhr.statusText}`); // e.g. 404: Not Found
  } else { // show the result
    alert(`FROM javascript in xhr-fakewava-PROTECTEDPAGE.html, Done, got ${xhr.response.length} bytes`); // response is the server response
  }
};

xhr.onprogress = function(event) {
  if (event.lengthComputable) {
    alert(`FROM javascript in xhr-fakewava-PROTECTEDPAGE.html, event.type is: ${event.type}`);
    alert(`FROM javascript in xhr-fakewava-PROTECTEDPAGE.html, event.lengthComputable is true, Received ${event.loaded} of ${event.total} bytes`);
  } else {
    alert(`FROM javascript in xhr-fakewava-PROTECTEDPAGE.html, event.type is: ${event.type}`);
    alert(`FROM javascript in xhr-fakewava-PROTECTEDPAGE.html, event.lengthComputable is false, Received ${event.loaded} bytes`); // no Content-Length
  }

};

xhr.onerror = function() {
  alert("Request failed");
};

</script>

</body>
</html>

In the above, the:

'http://192.168.xxx.yy:8080/http://charlieeastweb.....com:7777/wavatarget-charlieeastweb05/index.html'

is a kind of "composite" URL:

the "http://192.168.xxx.yy:8080" is the URL of the CORS Anywhere CORS proxy server (actually on the same machine as the Apache that is serving the HTML page).

The

http://charlieeastweb.....com:7777/target-charlie/index.html

is the URL of the protected target resource.

So I think/GUESS that:

• Browser makes a request for the HTML page that contains the Javascript/XHR code, then  <== [This is the 1st request I see in Fiddler - response is 200/OK]
  
• The Javascript/XHR code make request, which goes to the http://192.168.xxx.yy:8080 (which is the CORS Anywhere server), then
• CORS Anywhere takes the request and forwards it to the http://charlieeastweb....com:7777/target-charlie/index.html (the resource, protected by OAM, then
• When the OAM webgate gets that request, it sends the first 302 response back. 
• etc.?

The 2nd (and only) other request/response I see in Fiddler is a request to the http://charlieeastweb....com:7777/target-charlie/index.html. The response to this 2nd request is a 200/OK. This request includes an "Origin:" HTTP request header, and the response includes an "access-control-allow-origin" HTTP response header, which I believe is being added by the CORS Anywhere CORS Proxy.

However, the contents of the page that is in that response is an error page that we see when the OAM processing has failed, so something is going wrong within the OAM part of the protocol, but I am not able to see anything :(!!

I am really new to using Fiddler, and to get it to start logging, I followed steps to set up Chrome with a proxy at localhost:8888.

Is it possible that maybe the reason Fiddler is not logging the requests/responses that appear to be missing is that once the Javascript/XHR makes the request to the protected URL, the ensuing redirects are not going through/not using the Chrome proxy settings???

If so, what additional configuration do I need?

Thanks!

Jim

1.Downloaded, installed google drive file stream desktop application.

2.Tried to launch application and click on sign in button.

3.Then login page got opened over browser there asked for login credentials to authenticate.

4.Provided required credentials. then asked for sign in clicked on signin button

5.Login got succeeded but Failed to launch google drive file stream app when fiddler is opened to capture the traffic. 

6. Downloaded logs drive_fs enabling verbose mode in app settings.

7.Found curl 60 error as shown in attachment

8.When we see all logs observed ssl verification is done with C:\Program Files\Google\Drive File Stream\51.0.9.0\config\roots.pem

Is there any process or procedure to update certificate in above provided location to access app through fiddler?

On Android 10 device after all steps from the tutorial - I'm able to see some traffic from my app I'm trying to debug, for example, some requests that are sent to AppCenter.ms in plain text decrypted from https, but not anything else what is very weird:)