I've encountered an interesting problem when trying to debug digest authentication in my company's application using Internet Explorer 11 (11.0.9600.19377 on Windows 7 64-bit) with Fiddler (v5.0.20192.25091). It seems that with Fiddler running and capturing traffic, the behaviour of IE11 is actually different, suggesting that Fiddler is modifying the outgoing traffic before it hits the server.

To give a bit of context, using Chrome and Firefox (with or without Fiddler running) I'm finding that the digest auth. process works entirely as expected:

1. Client sends a GET request without an authorisation header to a protected URL.
2. Server responds with 401, including a nonce and realm.
3. Client prompts user for username & password.
4. Client sends a secondary GET request to the same URL, including a full authorisation header (username, password, nonce & realm).
5. The server responds with 200.

When using IE11 without Fiddler, the process is incorrect – I've been able to analyse this by using Wireshark:

1. Client sends a GET request without an authorisation header to a protected URL.
2. Server responds with 401, including a nonce and realm.
3. Client prompts user for username & password.
4. Client repeats step (1), causing a loop. The client is therefore unable to authenticate.

However, when using IE11 with Fiddler running and capturing traffic, the browser behaves differently (following the same process as Chrome and Firefox) and actually works correctly. My understanding was that Fiddler is completely transparent (capturing all WinINET traffic without modification) so that leaves me with a few questions:

• What processing does Fiddler apply to requests before passing them to the server?
• Is there an option to bypass this processing so that I can analyse the 'raw' requests?
• Alternatively, does Fiddler do anything specifically to modify the browser behaviour while it is capturing traffic?

I've been using Fiddler for years, but the most recent version I've installed (v4.4.8.4) no longer captures any traffic.

- The Filters are turned off (and using the "Troubleshoot Filters" doesn't appear to change anything)
- Traffic does not appear in Fiddler when I visit http://ipv4.fiddler:8888
- However, traffic *does* appear when I visit http://localhost:8888

Does anyone have a suggestion?

Thanks.

I've added the following line to static `function Main()` :

 

    CertMaker.StoreCert("api.some.service.com", "C:\\Bla.pfx", "Secret");

But when I try to do a get I still get a cert with the following info:

 

Server certificate:
*  subject: OU=Created by http://www.fiddler2.com; O=DO_NOT_TRUST; CN=*.some.service.com
*  start date: Aug  8 14:29:55 2018 GMT
*  expire date: Nov  6 14:29:55 2021 GMT
*  subjectAltName: host "api.some.service.com" matched cert's "*.some.service.com"
*  issuer: OU=Created by http://www.fiddler2.com; O=DO_NOT_TRUST; CN=DO_NOT_TRUST_FiddlerRoot

The way I tested it was by performing the following call :

sudo curl -x "my.fqdn:9999" --http1.1 --cacert ./FiddlerRoot.pem  -v -sSi https://api.some.service.com/SomeFunc

Hi,

I've similar need as mentioned in another post: https://www.telerik.com/forums/automatic-saving-of-responses-into-autoresponder, but don't want to pile up the AutoResponder. The AutoResponder UI is a simple list view and when I pull SAZ sessions, I'm finding it difficult with other existing rules. I wonder if something can be done programmatically to locate the session in a SAZ file and serve the response accordingly bypassing the UI. I'm using below code snippet to locate a session in the SAZ, but not finding a way to serve the response body stored in SAZ file.

 

Can anyone help? The above sample code snippet may not be the best one, and appreciate for improved version.

Cheers,

Please forgive me if this has been addressed elsewhere but I cannot find anything to help....

I have been pointed in the direction of Fiddler after running into problems using the IIS SEO Toolkit, which does not work if a site does not have TLS 1.0 enabled. The original thread can be seen at https://forums.iis.net/t/1236833.aspx?IIS+SEO+Toolkit+Not+Crawling+Sites+w+TLS+1+0+Disabled+.

Fiddler is suggested as a cure for this problem but I am not having any luck getting it to allow the crawler to run. I have used the following code in the custom rules:

 

if (oSession.HTTPMethodIs("CONNECT") && oSession.HostnameIs("www.yourdomain.com")) { 
  oSession["x-OverrideSslProtocols"] = " ssl3;tls1.0;tls1.1;tls1.2";
}

 

The aim is to allow Fiddler to act as a proxy so that the IIS software can use TLS 1.0 to speak to Fiddler, which can then use TLS 1.1+ to access the website. 

Is there a Fiddler genius who can help make this work? I know that you will be doing a lot of people a huge service.

Many thanks,

Joe

Hello, I have faced some problem https decrypt. when I click to decode response body. this error to occur. Any idea ?

 

Thank you.

 

Hello,

I am trying to enable "Decrypt HTTPS Traffic" in Fiddler (Tools > HTTPS) and I keep getting an error in the log file.

 

I tried "Trust Root Certificate" but I get an error that it can't be found (Refer to attached log)

I tried to reset both the interception cert and all cert and I still get the error (refer to attached log)

I tried to reset Windows Network Settings, nothing.

I tried to run Fiddler as Admin, nothing. 

 

The only time this worked was earlier before when I reset my Windows PC to a fresh installation, then I actually get the popup saying Scary Text ahead. But sadly I faced more issues after that and reset all certificates in the actions menu and now I am back to square one.

 

 

I am on Windows 10 1809, but I've also tried to do this on Windows 10 1903 but I am getting the same error. Any help is definitely appreciated!

 

Thank you,

 

Matt.

Hello,

 

I have used the sample app provided, which works well. Now I wanted to avoid have so many dll's with the program and make it portable, so I used Fody Cosutra which embeds all resources into the single exe file. Now I seem to be getting an error, it appears the current proxy settings are not being written correctly, any advice on how to get around this?

The code:

 

 

the error: 

System.Collections.Generic.KeyNotFoundException: 'The given key was not present in the dictionary.'

occurs on this line:

ProxySettings upstreamProxy = networkConnectionsToUpstreamProxySettingsMap[new NetworkConnectionFullName("WinINet", "DefaultLAN")];

 

big thanks if anyone can help me solve this!

 

Hi,

My apologies to post it here, as the question isn't very much specific to Fiddler, rather for the programming languages in use for Fiddler, like JScript.NET and C# in general.

I've below snippet written in the FiddlerScript (using JScript.NET) to match the hostname against a set of RegEx patterns, and I'm trying to port into C#, but it doesn't seem to work. Any help is appreciated.

 

Cheers,

Hi,

I'm trying to figure out if there's a way to customize the AutoSave functionality. I'm expecting it to handle below scenarios:

1) All 4xx and 5xx errors should be send to one SAZ file, while the rest should be written to separate SAZ file as Fiddler currently works.
2) I wish to maintain single and unique Error.SAZ file in the FiddlerAutoSave folder:
     2.1) First time, the SAZ file need to be created, and once the file is in place, the subsequent file writing basically should perform an add/update operation, i.e. add the new sessions to the SAZ file, instead of creating new files with timestamp.
      2.2) Avoid duplicate URLs. While writing, it should check if there's already an erroneous URL present, then ignore, otherwise, continue adding session to the SAZ file.

I hope you see why the ask is. Basically, I'm trying to fix the many 4xx and 5xx errors in the application, and having to go through many duplicates among several SAZ files is time consuming, so thinking to throw some programming around it. I'm not familiar with the language Fiddler has been written, so looking for some guidance on where to start.

Thanks for looking into it.

Cheers,