My aim is to log all requests coming to IIS10 server on the Windows Server 2016 from any customer.

A request is called with the port 80. Fiddler should redirect all requests to IIS on the port 8888. 

I made all steps described by Eric Lawrence:

If you want Fiddler to capture traffic coming *in* to your IIS server and going *out* from your IIS server, then you need to run Fiddler in both reverse proxy mode and normal proxy mode. First, get Fiddler capturing the traffic coming out from your IIS server (by editing machine.config & setting the proxy settings for WinHTTP to 127.0.0.1:8888, etc). Then, move your IIS instance to a different port (8080) and configure Fiddler to listen on port 80 as well (e.g. type !listen 80 in QuickExec to set up a second listening endpoint). In FiddlerScript, you then need to forward requests received on port 80 to your IIS instance (8080).

source https://www.telerik.com/forums/capture-all-iis-traffic-on-the-web-server

I see endless loop of requests sent from Fiddler to IIS. Only one request is sent from a client machine( tested also with Fiddler). Also after I disable "Capture Traffic" the outgoing requests to IIS are logged in Fiddler. 

Configuration

IIS domain binding set to the port 8888

Machine.config

<system.net>
    <defaultProxy>
        <proxy autoDetect="false" bypassonlocal="false" proxyaddress="http://127.0.0.1:8888" usesystemdefault="false" />
    </defaultProxy>
</system.net>

Custom rules in Fiddler:

if (oSession.host == "xxx.com:80") 
{
oSession.host = "xxx.com:8888";
}

Allow remote computers to connect set to true in Fiddler.

What can be wrong in the configuration?

 

 

 

 

 

Hi there!

 

How to configure fiddler in non-proxy mode?? So it listens to ALL http(s) connections from EVERY application that uses that protocol? Like wireshark...

Is that possible, i think not, right?

Thx for feedback.

 

Regards,

Jan

Hello. I am changing the post request body through a script:

 

If I do not change the request body, the server accepts it (301). If I use a script, the server throws an error (401). The data in replace.txt is completely identical to the data from the original request that the server accepts. What could be the problem?

When trying to start Fiddler Everywhere on my Mac I get this:


18:21:10.268 › [Product information] Progress Telerik Fiddler 0.5.0
18:21:10.288 › [System information] Darwin MacBook-Air.local 18.7.0 Darwin Kernel Version 18.7.0: Tue Aug 20 16:57:14 PDT 2019; root:xnu-4903.271.2~2/RELEASE_X86_64 x86_64
18:21:10.408 › Initializing splash screen.
2019-11-25 18:21:10.593 Progress Telerik Fiddler[25804:80887] *** WARNING: Textured window <AtomNSWindow: 0x7fd2504d1b10> is getting an implicitly transparent titlebar. This will break when linking against newer SDKs. Use NSWindow's -titlebarAppearsTransparent=YES instead.
18:21:10.647 › Attempting to run server - 5 attempts left.
18:21:10.648 › Generating random port.
18:21:10.648 › Trying to start server at port [35909].
18:21:13.489 › Fetching .NET Core server status.
18:21:13.510 › Error occurred while fetching .NET Core server [35909] status. Error message: getaddrinfo ENOTFOUND localhost
18:21:13.511 › Attempting to run server - 4 attempts left.
18:21:13.511 › Generating random port.
18:21:13.512 › Trying to start server at port [28828].
18:21:15.757 › Fetching .NET Core server status.
18:21:15.761 › Error occurred while fetching .NET Core server [28828] status. Error message: getaddrinfo ENOTFOUND localhost
18:21:15.761 › Attempting to run server - 3 attempts left.
18:21:15.762 › Generating random port.
18:21:15.763 › Trying to start server at port [57314].
18:21:20.045 › Fetching .NET Core server status.
18:21:20.051 › Error occurred while fetching .NET Core server [57314] status. Error message: getaddrinfo ENOTFOUND localhost
18:21:20.051 › Attempting to run server - 2 attempts left.
18:21:20.052 › Generating random port.
18:21:20.053 › Trying to start server at port [57415].
18:21:24.882 › Fetching .NET Core server status.
18:21:24.887 › Error occurred while fetching .NET Core server [57415] status. Error message: getaddrinfo ENOTFOUND localhost
18:21:24.887 › Attempting to run server - 1 attempts left.
18:21:24.888 › Generating random port.
18:21:24.888 › Trying to start server at port [10561].
18:21:31.871 › Fetching .NET Core server status.
18:21:31.876 › Error occurred while fetching .NET Core server [10561] status. Error message: getaddrinfo ENOTFOUND localhost
18:21:31.876 › Attempting to run server - 0 attempts left.
18:21:31.877 › Maximum number of attempts reached - quitting application.
18:21:31.900 › Generating random port.
18:21:31.900 › Trying to start server at port [55810].

My hosts file is the default one so I'm not sure what the error cause is.

I just installed the latest Fiddler4 on Windows 10 and enabled HTTPS decrypt, but no HTTPS traffic is captured.

Anything to do with firewall or cert? Thanks.

I want replace this hex  values with another. How make it?

I try to study fiddler recently and there are some problems. I need you help!! Thank you!!

I download a SDK from github and compile and run it on my computer. One of its samples is used to dynmic register and has TLS/Https connection with the cloud. When I run this sample, I cannot find any related packets from Fiddler, but I can capture the data packet from Wireshark.

I have configured the proxy server and port as it required: 127.0.0.1:8888.

So how can I capture the data packet of the SDK sample from Fiddler??

I need your help!! Thank you!! QWQ

I have installed the "progress-telerik-fiddler.AppImage" tool on Fedora 31 (Gnome).

Installation of this AppImage worked fine (including setup of a system-proxy and inclusion of Fiddler-icon on the Gnome panel) - nevertheless, this tool is not what was intended.

What is the proper uninstall-procedure on Linux, please? Could not find anything for Linux in the documentation or forum.

 

My sanity is being tested...

We are trying to troubleshoot an issue with the Okta Single-Sign-On app on iOS (13.+).  It worked in August with Fiddler, and now does not.  iOS update?  Okta update?  Who knows.  Below are what I feel are relevant log entries from Fiddler.

Basically, when the Fiddler proxy is active you can't authenticate with the Okta iOS app ('Sign in failed!').  The Okta web portal works fine.  The App store also doesn't work, if that helps.

I keep seeing references to Certificate Pinning.  Not sure if that's what's happening or if there is any way around it.

15:00:15:1955 !SecureClientPipeDirect failed: System.IO.IOException Authentication failed because the remote party has closed the transport stream. for pipe (CN=*.crashlytics.com, O=DO_NOT_TRUST_BC, OU=Created by http://www.fiddler2.com)
15:00:17:0550 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
15:00:17:0930 !SecureClientPipeDirect failed: System.IO.IOException Authentication failed because the remote party has closed the transport stream. for pipe (CN=*.crashlytics.com, O=DO_NOT_TRUST_BC, OU=Created by http://www.fiddler2.com)
15:00:17:1220 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
15:00:17:1591 !SecureClientPipeDirect failed: System.IO.IOException Authentication failed because the remote party has closed the transport stream. for pipe (CN=*.crashlytics.com, O=DO_NOT_TRUST_BC, OU=Created by http://www.fiddler2.com)
15:00:18:6217 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
15:00:18:7449 !SecureClientPipeDirect failed: System.IO.IOException Authentication failed because the remote party has closed the transport stream. for pipe (CN=*.okta.com, O=DO_NOT_TRUST_BC, OU=Created by http://www.fiddler2.com)
15:00:18:7769 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
15:00:18:8480 !SecureClientPipeDirect failed: System.IO.IOException Authentication failed because the remote party has closed the transport stream. for pipe (CN=*.okta.com, O=DO_NOT_TRUST_BC, OU=Created by http://www.fiddler2.com)
15:00:19:3274 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
15:00:19:3605 !SecureClientPipeDirect failed: System.IO.IOException Authentication failed because the remote party has closed the transport stream. for pipe (CN=*.crashlytics.com, O=DO_NOT_TRUST_BC, OU=Created by http://www.fiddler2.com)
15:00:19:3885 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
15:00:19:4214 !SecureClientPipeDirect failed: System.IO.IOException Authentication failed because the remote party has closed the transport stream. for pipe (CN=*.crashlytics.com, O=DO_NOT_TRUST_BC, OU=Created by http://www.fiddler2.com)

15:00:21:8030 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance

15:00:21:8531 !SecureClientPipeDirect failed: System.IO.IOException Authentication failed because the remote party has closed the transport stream. for pipe (CN=*.crashlytics.com, O=DO_NOT_TRUST_BC, OU=Created by http://www.fiddler2.com)
15:00:23:4728 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
15:00:23:5238 !SecureClientPipeDirect failed: System.IO.IOException Authentication failed because the remote party has closed the transport stream. for pipe (CN=*.crashlytics.com, O=DO_NOT_TRUST_BC, OU=Created by http://www.fiddler2.com)
15:00:24:0954 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
15:00:24:1735 !SecureClientPipeDirect failed: System.IO.IOException Authentication failed because the remote party has closed the transport stream. for pipe (CN=*.crashlytics.com, O=DO_NOT_TRUST_BC, OU=Created by http://www.fiddler2.com)
15:00:31:5667 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance

Thank you!

Good day

I am developing Win Forms app.

There is no problem to capture traffic from buil-in Web browser control

using the following code:

 

            FiddlerApplication.AfterSessionComplete += FiddlerApplication_AfterSessionComplete;
            FiddlerApplication.BeforeRequest += new SessionStateHandler(FiddlerApplication_BeforeRequest);
            FiddlerApplication.Startup(0, FiddlerCoreStartupFlags.Default & ~FiddlerCoreStartupFlags.RegisterAsSystemProxy);
            Fiddler.URLMonInterop.SetProxyInProcess("127.0.0.1:" + FiddlerApplication.oProxy.ListenPort.ToString(), "<-loopback>");

 

but whatever i tried i failed to capture traffic from Internet explorer (sas well as from any other external web browser)

could you please suggest what i must change to capture request/responces from IE?

Thank you