It's Fiddler.CONFIG.SetNoDecryptstring(string)

There's not much documentation on this feature but I assume it's supposed to let specific HTTPS traffic through without attempting to open it up. If that is in fact what is does then it's exactly what I need. However, it doesn't actually seem to be working as intended. I booted up the .NET4 sample project and made no modifications other than adding one domain to the "SetNoDecryptList" but when I go to the domain I still get a "questionable certificate" type error.

 Any thoughts?

Hello. I have a Honor 8 Pro (DUK-L09) running android 9 (9.1.0.212) with EMUI 9.1. I would like to know if DC Unlocker can find the bootloader code for my device. If possible, could you please provide me the price for the process? Thanks.



Hello. I've been messing around with fiddler for a while now and recently, I tried to monitor and isolate certain app's web traffic to track down the analytics api used. But unfortunately, not everything works. Most of the connections are ssl tunnels with 443 terminations. I did some searching and from what I found, I have tried the following.



1. Check if filters are turned on. Status:OFF

2. Installed Fiddler root certificates to both the phone and the PC.

3. Check if specific process is selected for monitoring. Status:OFF

4. Check if the device is connecting to the right port. Obviously.



Also, my device is running android v.9. I understand that android doesn't accept user installed certificates anymore when it comes to system wide access. So, I recompiled the app after modifying the manifest file and adding a Network security configuration file inside the res/xml folder. Still, no luck. But I should point out that I was able to capture everything once before without any problem. Also, my issue doesn't revolve around https decryption as it works well for twitter in web view. To better describe the issue, I have attached a couple of screenshots. Any assistance is appreciated. Thanks

When Fiddler does not start, window will automatically open the manual proxy service every other period of time

Hi,

Quick question regarding the ability to programmatically obtain the ui-comment set against a session item in C#.

Currently I can set a value:

oSession.oFlags["ui-comments"] = "Comment Added"; 

This is displayed in Fiddler comments column against the request.

But when I attempt to get the value back out, in AutoTamperRequestBefore or AutoTamperResponseBefore there isn't a 'ui-comments' flag available.

Any suggestions gratefully received. 

Many thanks, and keep up the good work.

 

How to fix "The certificate of the peer does not match the expected hostname"?

Ive installed Fiddler on my PC but whenever i enable capturing of web traffic i always am unable to load web pages.

This error appears...

This site can’t be reached
The webpage at https://www.google.com/ might be temporarily down or it may have moved permanently to a new web address.
ERR_TUNNEL_CONNECTION_FAILED

Im using Chrome browser is this important...

Why is this happening and how can i fix it? 

As far as I know, in fidlercore, you can use

oS["log-drop-request-body"] = "streamingThisRequest";

oS["log-drop-response-body"] = "streamingThisResponse";

to release the request body or response body.

So, in which event processing should I use these two flags?

And how long will the request body and response body be cached by default when these two flags are not used?

Hi, i have a question about https, if the browser make a https request to server with custom certificate that have key inside and i don't have private key for that certificate, will i be able to intercept that requests using fiddler and see response or it won't work without private key for certificate?

 

Thanks in advance.

Dear all,

I am working on a project that requires communicating and transferring files to a server that requires SSL communication. I'm currently developing in C# .NET 4.7.2 and have utilized RestSharp to communicate to this server via POST command. The issue I am running into now is I keep getting a certificate chain error, and I have captured this with fiddler. Fiddler gives me a popup as shown in the attachments. The curious thing is, if I don't have fiddler open, my code will not work and the file transfer fails, however, when fiddler is open and monitoring all processes, it will popup the certificate error, and if I click YES then the file will get transferred correctly.

Can any of the devs provide some insight on how I should implement my code to perform the same behavior that Fiddler does when ignoring unsafe errors? I have searched other resources online and have not been able to find a working solution.

I have found a few blog articles like this one: https://www.telerik.com/blogs/understanding-fiddler-certificate-generators

which have provided some insight but if anyone has more detail on how this implementation works I hope to build something similar like this in my application.

 

Really appreciate your help,

Thank you!

garyd

Cannot sniff python script from command-line anymore after new update.

the script is using python-requests to make a get or post requests.

Last seen working on v5.0.20182.28034