Hello,

I use Fiddler and when checking the log file, I frequently notice errors such as this one...

fiddler.network.https> HTTPS handshake to www.google.com (for #94) failed. System.IO.IOException Authentication failed because the remote party has closed the transport stream.

Some websites do not load at all because of this type of error.

I spent quite some time to figure out the problem, but could not find it. Any idea, what could be the issue?

I run Fiddler on a second computer too, and it works fine. No error at all! On both computers I run MS Windows 7 with .NET 4.7, same setup for Fiddler as well.

My 'protocols' field looks like this:

<client>;ssl3;tls1.0;tls1.1;tls1.2

Below you can find the request and receive headers when encountering the error.

Thank you,

Alex

 

REQUEST HEADERS
=============================================================================================================
CONNECT www.google.com:443 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0
Connection: keep-alive
Connection: keep-alive
Host: www.google.com:443

A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

Version: 3.3 (TLS/1.2)
Random: 69 24 11 FA 3D EF F1 7E A9 5F 92 78 37 68 B5 47 1B 61 46 CC BF 2B 8A 0C 45 87 0B A1 E7 8E 28 BD
"Time": 12/13/2102 6:30:33 AM
SessionID: BA 39 00 00 F7 22 04 DA 06 DA B4 86 08 B1 1E 3E C5 D5 D3 FE A2 0F 05 D0 AB ED CE 00 62 24 64 32
Extensions:
    server_name    www.google.com
    extended_master_secret    empty
    renegotiation_info    00
    elliptic_curves    unknown [0x1D), secp256r1 [0x17], secp384r1 [0x18], secp521r1 [0x19], unknown [0x100), unknown [0x101)
    ec_point_formats    uncompressed [0x0]
    SessionTicket    empty
    ALPN        h2, http/1.1
    status_request    OCSP - Implicit Responder
    0x0033        00 69 00 1D 00 20 51 60 24 D5 6D 46 9A 3F 8B 13 FA 0E 77 FD 49 16 50 92 3A DB 4B FF 4A 5E 82 8D C8 6D 23 1C D1 10 00 17 00 41 04 49 EA 05 DA 6B 5D FB F2 84 96 01 A6 26 CA 84 DB C4 3B B4 87 92 F3 55 B0 43 CE 4C 3C 1D 73 9F 9F 3E 5C 5F 28 4A EA FE 86 EB 78 BE D4 28 AE F2 0E 7B 2F 68 4B 1F 4C E3 A4 61 B8 04 84 00 4A 5A FD
    0x002b        08 03 04 03 03 03 02 03 01
    signature_algs    sha256_ecdsa, sha384_ecdsa, sha512_ecdsa, Unknown[0x8]_Unknown[0x4], Unknown[0x8]_Unknown[0x5], Unknown[0x8]_Unknown[0x6], sha256_rsa, sha384_rsa, sha512_rsa, sha1_ecdsa, sha1_rsa
    0x002d        01 01
    0x001c        40 01
    padding    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Ciphers:
    [1301]    Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
    [1303]    Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
    [1302]    Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
    [C02B]    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    [C02F]    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    [CCA9]    TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
    [CCA8]    TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
    [C02C]    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    [C030]    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    [C00A]    TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    [C009]    TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
    [C013]    TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
    [C014]    TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
    [0033]    TLS_DHE_RSA_WITH_AES_128_SHA
    [0039]    TLS_DHE_RSA_WITH_AES_256_SHA
    [002F]    TLS_RSA_AES_128_SHA
    [0035]    TLS_RSA_AES_256_SHA
    [000A]    SSL_RSA_WITH_3DES_EDE_SHA

Compression:
    [00]    NO_COMPRESSION

RESPONSE HEADERS
=============================================================================================================
HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 14:14:15.397
Connection: close

fiddler.network.https> HTTPS handshake to www.google.com (for #94) failed. System.IO.IOException Authentication failed because the remote party has closed the transport stream

Using the latest version of FiddlerCore, I'm getting some compiler warnings using several proxy methods like FiddlerApplication.oProxy.Detach(), CONFIG.sHostsThatBypassFiddler, and FiddlerCoreStartupSettingsBuilder().RegisterAsSystemProxy().MonitorAllConnections() saying they are obselete and I should use Telerik.NetworkConnections.NetworkConnectionsManager. I've added the two assemblies as references, but the NetworkConnectionsManager class is sealed and has a private constructor and I can't figure out how I'm supposed to use that class to replace these methods. It is not used in the included SampleApp and there doesn't seem to be any documentation on your site that shows how to use it (at least not that I could find). 

Can you please direct me how I'm supposed to use that class to replace those methods above?

Thanks

Hi , I downloaded the demo app of fiddler core in order to learn how to capture http/https traffic (If it is will work I will have to buy the licensed one)

for some reason it not seems to be working and I get the error :

NotifyUser: Error - Failed to register Fiddler as the system proxy.

can someone guide me how to get manage the demo app to work ?

 

Regards

Yuval

 

Hi All,

I need to reverse engineer HTTPS web requests that a node-JS application is making.  Unfortunately the app hasn't been coded with Proxy support and it does not respect system proxy settings.

I'd like to redirect all requests for "BuggedDomain" through fiddler and pipe them to 192.168.0.10.

 

My understanding is that I need to do the following:

1.  Add this to my host file:

127.0.0.1 BuggedDomain

2. Run this command in Fiddler:

!listen 443 BuggedDomain

3.

Add something like this to my Fiddler Script:

if ((oSession.HostnameIs("buggeddomain")) && (oSession.oRequest.pipeClient.LocalPort == 443) ) 
        {
            oSession.bypassGateway = true;
            oSession["x-overrideHost"] = "192.168.0.10";
            
        }

 

But i'm not seeing any of the requests from the app show up.

Any thoughts?

Https connections does not decrypting, i got this message in a connection:

"The selected session is a HTTP CONNECT Tunnel. This tunnel enables a client to send raw traffic (e.g. HTTPS-encrypted streams or WebSocket messages) through a HTTP Proxy Server (like Fiddler)."

However i've set https decryption in options and instaled fiddler's sertificate. Also i've checked root sertificate list and there is DO_NOT_TRUST_FiddlerRoot inside.

  HI, I look at some of my URL parameters for local host shows a length parameter.instead of actual parameter

http://localhost:51713/MbsaExercise/MobileExerciseDescriptionMaint?Length=12 (should be ?mode=Create)

is there some place i can go to change this? thanks

HI, it seems like javascript URL's are not showing from time to time. i cant see any pattern. thanks

Hi

I am trying to use Fiddler to capture all traffic in Browse (Edge, Chrome, IE, Firefox) feature.

I hit our portal site and it always detects my personal corporate domain account and then login directly.  That's not what I want.

In fiddler, I would like to browse the new incognito window of Chrome or InPrivate window of Edge. Then login to the portal in the test account. I am not sure how to handle it in Fiddler.  Clear caches is still not working in this way.  

If I open a new incognito window of Chrome , login via my test account and I see so much traffic appears in fiddler. I export all sessions to Visual Studio Web test (.webtest), but opening this file does not see any meaningful information. 

 

Any ideas? 

 

Thanks,

Ray

I'm trying to modify a websocket's body/contents on the fly/set a breakpoint for them, like you can do with http/https. But It doesn't seem possible. Is there any way to do it? Thanks.

I wanted to know if I could use fiddler to repeat the same XML request every 500ms with 20 iterations?