Hi All,

I need to reverse engineer HTTPS web requests that a node-JS application is making.  Unfortunately the app hasn't been coded with Proxy support and it does not respect system proxy settings.

I'd like to redirect all requests for "BuggedDomain" through fiddler and pipe them to 192.168.0.10.

 

My understanding is that I need to do the following:

1.  Add this to my host file:

127.0.0.1 BuggedDomain

2. Run this command in Fiddler:

!listen 443 BuggedDomain

3.

Add something like this to my Fiddler Script:

if ((oSession.HostnameIs("buggeddomain")) && (oSession.oRequest.pipeClient.LocalPort == 443) ) 
        {
            oSession.bypassGateway = true;
            oSession["x-overrideHost"] = "192.168.0.10";
            
        }

 

But i'm not seeing any of the requests from the app show up.

Any thoughts?

Https connections does not decrypting, i got this message in a connection:

"The selected session is a HTTP CONNECT Tunnel. This tunnel enables a client to send raw traffic (e.g. HTTPS-encrypted streams or WebSocket messages) through a HTTP Proxy Server (like Fiddler)."

However i've set https decryption in options and instaled fiddler's sertificate. Also i've checked root sertificate list and there is DO_NOT_TRUST_FiddlerRoot inside.

  HI, I look at some of my URL parameters for local host shows a length parameter.instead of actual parameter

http://localhost:51713/MbsaExercise/MobileExerciseDescriptionMaint?Length=12 (should be ?mode=Create)

is there some place i can go to change this? thanks

HI, it seems like javascript URL's are not showing from time to time. i cant see any pattern. thanks

Hi

I am trying to use Fiddler to capture all traffic in Browse (Edge, Chrome, IE, Firefox) feature.

I hit our portal site and it always detects my personal corporate domain account and then login directly.  That's not what I want.

In fiddler, I would like to browse the new incognito window of Chrome or InPrivate window of Edge. Then login to the portal in the test account. I am not sure how to handle it in Fiddler.  Clear caches is still not working in this way.  

If I open a new incognito window of Chrome , login via my test account and I see so much traffic appears in fiddler. I export all sessions to Visual Studio Web test (.webtest), but opening this file does not see any meaningful information. 

 

Any ideas? 

 

Thanks,

Ray

I'm trying to modify a websocket's body/contents on the fly/set a breakpoint for them, like you can do with http/https. But It doesn't seem possible. Is there any way to do it? Thanks.

I wanted to know if I could use fiddler to repeat the same XML request every 500ms with 20 iterations?

When I used 300 threads, a lot of tunnel to appeared after a while, and then all the following failed.

Hello there,

One of my clients can access a specific ftp site successfully but she can only access there from her laptop. According to the company (which gives this ftp service), she can access it from anywhere. 

For that, even if I am very new to Fiddler, I wanted to see what's going on behind the scenes. I enabled ftp connections to be captured via Fiddler.

The problem is that when I open Fiddler and try to open the ftp site, it simply writes "This FTP server requires login credentials". When I close the fiddler and try to open the ftp site again, it pops up the credentials screen (which I am currently failing). 

How can I let the credentials page to be popped-up so at least I can see what's going on?

Thank you

Melih

hello, I'm testing an android application, however, when configuring fiddler I get many lines with port 443 and tunnel to <host> 443, is there a way to decipher them? attached example image