Found an issue when testing HTTPS connection with Composer on macOS.

I used the following steps,

1. Install .NET Core SDK.

2. Run "dotnet new mvc" to create an ASP.NET Core project.

3. Run "dotnet dev-certs https" to configure default development certificate.

4. Run "dotnet run" to launch this project at http://localhost:5000 and https://localhost:5001.

Note that https://localhost:5001 can now be opened in Safari without any problem, as step 3 allows Safari to trust the certificate.

Open Fiddler Composer and try to do the same. The error happens,

==================================

HTTP/1.1 502 Fiddler - Connection Failed
Date: Tue, 19 May 2020 04:19:37 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Cache-Control: no-cache, must-revalidate
Timestamp: 00:19:37.347

==================================

Raw tab shows an exception,

========================

[Fiddler] The connection to 'localhost' failed.  <br />System.Security.SecurityException Failed to negotiate HTTPS connection with server.fiddler.network.https&gt; HTTPS handshake to localhost (for #13) failed. System.IO.IOException Authentication failed because the remote party has closed the transport stream.

========================

This also triggers an exception recorded on ASP.NET Core side,

========================

dbug: HttpsConnectionAdapter[1]
      Failed to authenticate HTTPS connection.
System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Interop+AppleCrypto+SslException: Cipher Suite negotiation failure
   --- End of inner exception stack trace ---
   at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
   at System.Net.Security.SslState.ThrowIfExceptional()
   at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
   at System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult)
   at System.Net.Security.SslStream.<>c.<AuthenticateAsServerAsync>b__51_1(IAsyncResult iar)
   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
   at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionAdapter.InnerOnConnectionAsync(ConnectionAdapterContext context)

=======================

Not quite sure why HTTPS connection failed in this way, but hope it can be investigated and resolved.

We are troubleshooting an issue using Fiddler and wanted to know if Fiddler grabs credentials as part of it's network traffic capture that could be used by others.  Obviously, if it's an unencrypted password being sent then that would work, but with encryption and session management, is it possible for someone to utilize credentials seen in the traffic capture to compromise security?

---------------------------
Awww, Fiddlesticks!
---------------------------
Fiddler has encountered an unexpected problem. If you believe this is a bug in Fiddler, please copy this message by hitting CTRL+C, and submit a bug report at http://www.telerik.com/forums/fiddler.

The composition produced a single composition error. The root cause is provided below. Review the CompositionException.Errors property for more detailed information.



1) Unknown error (0x278)



Resulting in: An exception occurred while trying to create an instance of type 'Telerik.NetworkConnections.NetworkConnectionsManager'.



Resulting in: Cannot activate part 'Telerik.NetworkConnections.NetworkConnectionsManager'.

Element: Telerik.NetworkConnections.NetworkConnectionsManager -->  Telerik.NetworkConnections.NetworkConnectionsManager -->  AssemblyCatalog (Assembly="Telerik.NetworkConnections, Version=0.1.2.0, Culture=neutral, PublicKeyToken=67cb91587178ac5a")



Resulting in: Cannot get export 'Telerik.NetworkConnections.NetworkConnectionsManager (ContractName="Telerik.NetworkConnections.NetworkConnectionsManager")' from part 'Telerik.NetworkConnections.NetworkConnectionsManager'.

Element: Telerik.NetworkConnections.NetworkConnectionsManager (ContractName="Telerik.NetworkConnections.NetworkConnectionsManager") -->  Telerik.NetworkConnections.NetworkConnectionsManager -->  AssemblyCatalog (Assembly="Telerik.NetworkConnections, Version=0.1.2.0, Culture=neutral, PublicKeyToken=67cb91587178ac5a")



Type: System.ComponentModel.Composition.CompositionException
Source: System.ComponentModel.Composition
   at System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(ImportEngine engine, ComposablePart part, ExportDefinition definition)

   at System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(ComposablePart part, ExportDefinition export, Boolean isSharedPart)

   at System.ComponentModel.Composition.Hosting.CatalogExportProvider.CatalogExport.GetExportedValueCore()

   at System.ComponentModel.Composition.Primitives.Export.get_Value()

   at System.ComponentModel.Composition.ExportServices.GetExportedValueFromLazy[T](Export export)

   at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValueCore[T](String contractName, ImportCardinality cardinality)

   at Fiddler.Proxy.() in C:\Jenkins\Fiddler_Windows\workspace\FiddlerCore\FiddlerCore.Shared\Common\Core\Proxy.cs:line 283

   at Fiddler.Proxy..ctor(Boolean isPrimary, ProxySettings upstreamProxySettings) in C:\Jenkins\Fiddler_Windows\workspace\FiddlerCore\FiddlerCore.Shared\Common\Core\Proxy.cs:line 207

   at Fiddler.frmViewer.‹•(String[] ˆ•) in C:\Jenkins\Fiddler_Windows\workspace\Fiddler2\Fiddler.Shared\Viewer.cs:line 3339

   at Fiddler.frmViewer.‡•(String[] ˆ•) in C:\Jenkins\Fiddler_Windows\workspace\Fiddler2\Fiddler.Shared\Viewer.cs:line 3163


Fiddler v5.0.20202.18177 (x86 x86) [.NET 4.0.30319.1 on Microsoft Windows NT 5.1.2600 Service Pack 3]
---------------------------
OK   
---------------------------

I've been using Fiddler for a long time (from v1 days) and have had many versions installed. Today, there was an update and during update it stopped saying that it couldn't uninstall the existing version from C:\Program Files (x86)\Fiddler2 and aborted. So, I tried to manually uninstall from Windows 10 Add/Remove as well as by going to the mentioned folder. Fiddler is not present in either (there's no Fiddler2 folder at in Program files folder).

So, I tried the following:

1. Downloaded and installed Fiddler to C:\Program files...

2. Installing to default App Data path

3. Deleting all references to Fiddler from registry and installing

Regardless of what I do, the error when running Fiddler is the same:
---------------------------
Machine-wide installation has been found. Progress Telerik Fiddler is closing now.
---------------------------
Machine-wide Progress Telerik Fiddler installation has been found at C:\Program Files (x86)\Fiddler2\ . Please, use that one or uninstall it before starting the per user Fiddler installation.

 

How do I get around this?

Hi, I'm using Cisco AnyConnect secure mobile client ver. 4.8.00175 on macOS Catalina 10.15.3 to access the Kibana service for Client project. without AnyConnect we cant access Kibana.
I've to capture some network requests from the kibana using Fiddler tools for debugging purposes. but when I start AnyConnect Secure Mobile client Fiddler doesn't work or capture any network traffic and if I stop AnyConnect both Fiddler starts capturing network requests.
Could you please guide me on how to solve this problem it's really urgent.

Thanks.

I'm using Fiddler for Mac on macOS Catalina 10.15.3. I want to capture logs from Kibana running in Google Chrome and to access Kibana i connect vpn using Cisco AnyConnect. but only if i disconnect from VPN fiddler capture network request and if i connect to VPN using Cisco AnyConnect Fiddler doesnt capture any network request from browser.

How do the header values automatically enter the TextView? The header value is random ...  like the example image below

https://i.ibb.co/HtMBPSk/Capture.png

Hi, Ive used Fiddler web debugger to extract information from a website. Ive done it multiple times with success.

(note the website is FLASH)

However today it (the website) just "stops".  Fiddler seems to be going, ive checked my firewall (zonealarm) and Fiddler has the green-light to proceed.

 

if i use the website WITHOUT Fiddler - it works OK, no problems..  But when i try turning fiddler ON, the website stops going. *NO* errors, or warnings or anything..  it just stops.. - it looks like a 'waiting' sign - waiting for the server to respond..   BUT - after 5, 10 minutes, its still waiting..  

If i stop fiddler & refresh the website - It loads up within 1-2 seconds... 

 

Progress Telerik Fiddler Web Debugger

v5.0.20202.18177 for .NET 4.6.1
Built: Tuesday, April 14, 2020

64-bit AMD64, VM: 117.0mb, WS: 161.0mb
.NET 4.8 WinNT 10.0.18362.0

You've run Progress Telerik Fiddler: 122 times.

Running on: new1ab:8888
Listening to: All Adapters
Gateway: No Gateway

Copyright ©2003-2020 Progress Software Corporation. All rights reserved.

 

 

Every time Fiddler encounters a certificate error it prompts me on whether to ignore the error and proceed or not.

I know I can go into Tools --> Options --> HTTPS --> and check Ignore Server Certificate errors (unsafe) - but that is the opposite of what I want to do.

 

I want to NOT proceed for all certificate errors without being prompted. Is there a way to accomplish this?

For various reasons in our environment I encounter a lot of certificate errors and I never want to proceed on them and clicking "No" through dozens of ignore certificate error? is tiresome.

         I developed a fiddler extensions to decrypt the response,but if i changed a response when in the process of debugging,clicked the  button of "run to Completion",the app client still received the unchanged response.

         In the code ,I implemented three Interceptors, Inspector2, IResponseInspector2 and  IBaseInspector2,but I found that when I click the "run to Completion",my program still on the breakpoint and the App has received the response.

         I also fund a problem，when  i return a fixed response in the code,and debug it in fiddler  ,if i didn't change the response ,the app received the fixed return.but if I changed the response ，the APP received the original response.

         So how to catch the response before the app received it after clicked the button of "run to Completion" and make it works.hope somebody can help me,thanks very much.