Unplanned
Last Updated: 17 Sep 2021 05:34 by ADMIN

Hi,

1-st of all, thanks for the Fiddler!

I'm using the custom font size set under the Fiddler options (Windows OS), but its not respected during the params editing.

see attached screenshot.

 

Unplanned
Last Updated: 04 Sep 2021 19:51 by Eric

I use the request LogRequests history to save requests, so that I can replay them when needed.  Every month or so when my machine is restarted for an update and if Fiddler is opened, the history is corrupted.  

I need a way to either save off certain requests like I can in Postman, etc, or I need Fiddler to have reliable restore points for the history so that the entire history is not corrupted so often.

Please fix or add a feature to address this -

Thanks

Unplanned
Last Updated: 13 Aug 2021 22:02 by Eric

HOSTS in fiddler shouldn't change SNI info when Decrypt HTTPS traffic is enabled

 

When Decrypt HTTPS traffic is enabled and use HOSTS in fiddler, SNI should be keep the same as request, instead of use the one from HOSTS(removed when use IP, or rewrite when use another HOSTS) 

Unplanned
Last Updated: 23 Jul 2021 14:09 by Andrew
Created by: Stephan
Comments: 6
Type: Feature Request
127
HTTP/2 has been a standard since mid-2015.   All major browsers support it,  but adoption is slow because there no good debugging tools.    I want to take advantage of pipelining, server push, etc that comes with HTTP/2 which makes it easier to adopt packages like gRPC.    Having a good debugging story (both capture as well as insertion / modification) would make this more possible
Unplanned
Last Updated: 30 Jun 2021 07:50 by ADMIN

Inside the Header inspector, you can add a header to a breakpointed response. The header editor offers templates. The "Set-Cookie" template for persistent cookies has an expiration date that seemed impossibly far in the future: June 2021.

 

Well, I may not have a flying car, but we're now living in a future beyond that imagined by the header inspector. We need to update to a later expiration date.

Need More Info
Last Updated: 04 Jun 2021 07:02 by ADMIN
I ran Fiddler Classic on a remote PC via Windows Remote Desktop (RDP) on my laptop, which used an external large monitor for display. Both my laptop and the remote PC run Windows 10 OS. If somehow the remote desktop connection was temporarily lost (due to laptop going sleep or network glitch) and reconnected later, the Fiddler on the remote PC stopped responding to the mouse operation.
Unplanned
Last Updated: 02 Jun 2021 09:48 by ADMIN
Created by: Imported User
Comments: 2
Type: Feature Request
2
Allow to search / reuse requests from history in a more efficient way

1. Add column [Date] or [Date and Time] to history, so one can look for a request that was used at a given date / time

3. Allow to sort by request Url, date / time

4. Allow to group by request urls: If there are several requests with the same url, provide the option to group / ungroup them

5. Add column [Result] with the result code for each request, so that one can now which request to use (for example, one needs a request that gave a 404, or only 202s)

6. Filter history by request type (GET, PUT, ...), url content (example: search for "/admin/ ... etc"), date / time
Unplanned
Last Updated: 23 May 2021 00:10 by Eric

When my machine restarts before Fiddler is closed gracefully, Fiddler opens back up with an error saying that my capture saz is corrupt and cannot be opened.  
This is a pain as I have to then manually rebuild any requests that I need.

Fiddler should have savepoints or some way to prevent it from losing all my LogResuest history whenever Fiddler is forcefully shut down

Declined
Last Updated: 12 May 2021 14:20 by ADMIN
Declined
Last Updated: 09 Apr 2021 10:11 by ADMIN
I am running into an issue where different business units of the company have finer grained security rules which prevent people from accepting / importing / trusting the OOTB Fiddler Root Certificate. Would it be possible for Fiddler to create a new CSR and import the new signed return certificate. This way I can sign the CSR with our internal CA which all hosts within the company have been configured to trust and accept.
Need More Info
Last Updated: 08 Apr 2021 13:29 by ADMIN
Created by: Anton
Comments: 4
Type: Bug Report
0

Fiddler version: v5.0.20204.45441

If Fiddler is left for some time to work unattended then its memory usage is constantly growing.

I usually use Fiddler with some Autoresponder rules enabled and "Unmatched requests passthrough" option switched on. If left in this state for several hours an amount memory it uses could grow up to 10GB and even more which is quite annoying...

Autosave option is enabled and sessions are dumped every 5 minutes. So this behaviour is not because of session list is becoming large, it is being cleaned every 5 minutes.


Unplanned
Last Updated: 05 Apr 2021 06:36 by ADMIN
Created by: Eric
Comments: 0
Type: Bug Report
0

If you try to launch two instances of Fiddler/FiddlerViewer at the same time, you hit a sharing violation.

This file needs to be read with the correct sharing flags set.

---------------------------
Loading custom MIME mappings failed
---------------------------
Fiddler has encountered an unexpected problem. If you believe this is a bug in Fiddler, please copy this message by hitting CTRL+C, and submit a bug report at http://www.telerik.com/forums/fiddler.

The process cannot access the file 'C:\Users\ericlaw\Documents\Fiddler2\CustomMimeMappings.xml' because it is being used by another process.

Type: System.IO.IOException
Source: mscorlib
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)

   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)

   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)

   at System.IO.FileStream..ctor(String path, FileMode mode)

   at Fiddler.XmlFileMimeMappings..ctor(String filePath) in C:\Jenkins\Fiddler_Windows\workspace\FiddlerCore\FiddlerCore.Shared\Common\Core\MimeMapping\XmlFileMimeMappings.cs:line 38

   at Fiddler.frmViewer.š(Object , EventArgs ) in C:\Jenkins\Fiddler_Windows\workspace\Fiddler2\Fiddler.Shared\Viewer.cs:line 9968


Fiddler v5.0.20202.18177 (x64 AMD64) [.NET 4.0.30319.42000 on Microsoft Windows NT 10.0.19043.0] 
---------------------------
OK   
---------------------------
Unplanned
Last Updated: 29 Mar 2021 14:57 by ADMIN
Since one of the last updates, Fiddler takes ages to start. Its in the range of Minutes on some machines. Can we please fix this?
Pending Review
Last Updated: 24 Mar 2021 00:33 by MenuMike
Created by: Jochen Wezel
Comments: 6
Type: Feature Request
7

Since more and more websites enforce you to use tls 1.2 (and don't support tls 1.0 any more), I suggest that the list of protocols is automatically extended with tls1.2 by a next fiddler update - or at least there should be a single-time question box with Yes-No-Cancel to extend it.

Also see reference at https://www.telerik.com/forums/some-https-sites-are-unaccessible-when-using-fiddler

Unplanned
Last Updated: 16 Mar 2021 07:06 by ADMIN

I recently am having an issue with MS Teams while running fiddler.  MS Teams keeps giving disconnect errors. That's when I noticed that fiddler it proxying it's traffic even though I have filters set to "Show only the following Hosts", and teams.microsoft.com are not included in the hosts.  I also notice other items in my sessions list that are not in my list of hosts so what is going on?

I don't really want to post my list of hosts publicly.  If you need them, please let me know and maybe I can email them to someone.

 

Unplanned
Last Updated: 23 Feb 2021 04:50 by Eric
Created by: S
Comments: 1
Type: Feature Request
1

It would be highly useful if there was a "URL splitter" tool added, perhaps as a drop-down entry in the TextWizard, which takes a long-form paramaterized URL and splits it into a line-separated list of individual parameters (and can go the opposite way direction as well).

The "WebForms" subpanel already does this, albeit there's no manual ability to choose what URLs this can be done to ...as far as I'm aware.

Need More Info
Last Updated: 17 Feb 2021 09:31 by ADMIN

I've been trying to install the root certificate to decript https traffic with no results.

 

20:42:38:5197 Fiddler Running...
20:42:38:5202 Fiddler.Network.AutoProxy> AutoProxy Detection failed.
20:42:38:5202 AutoProxy failed. Disabling for this network.
20:42:38:5481 Windows 8+ AppContainer isolation feature detected.
20:42:44:4729 Assembly 'C:\Users\Mauro\AppData\Local\Programs\Fiddler\CertMaker.dll' was not found. Using default Certificate Generator.
20:42:44:4754 /Fiddler.CertMaker> Using .‰+˜ for certificate generation; UseWildcards=True.
20:42:46:0206 /Fiddler.CertMaker> Root Certificate located; private key in container '4f42d4e82d7f6c170e7a049cf6dfeeaa_8bf41fe8-e204-441e-8fc2-475cb85c8829'
20:42:48:8545 !Fiddler.CertMaker> Unable to auto-trust root: System.Security.Cryptography.CryptographicException: Access is denied.

   at System.Security.Cryptography.X509Certificates.X509Store.Add(X509Certificate2 certificate)
   at .‰.TrustRootCertificate() in C:\Jenkins\Fiddler_Windows\workspace\FiddlerCore\FiddlerCore.Shared\Common\Core\DefaultCertProvider.cs:line 965
Unplanned
Last Updated: 11 Feb 2021 17:24 by trimpica

Please consider installing a desktop shortcut or start menu shortcut to launch Fiddler viewer (instead of fiddler to listen and capture traffic). This will help folk that want to review fiddler traces from others without launching Fiddler and interfering with locally running apps that misbehave due to Fiddler intercepting traffic by default on launch.

 

i realize I can create my own shortcut using "fiddler.exe -viewer". But I want to write troubleshooting guides to engineers that are new to both the technology they are learning and Fiddler/HTTP traffic analysis in general. Having two shortcuts created will make it easier to write instructions where we can advise folk to just launch shortcut to viewer to import a session or previously made fiddler saz file from someone else.

 

Thanks!

Unplanned
Last Updated: 11 Feb 2021 16:52 by Eric
Created by: Faris
Comments: 1
Type: Feature Request
0

I am using Fiddler for 6 months and I found it really nice and simple to understand and get the required information, but one feature in which fiddler is lacking is the NIC information although with fiddler we get the Source and destination IP, port, MIME type, TLS/SSL versions etc but if we get this NIC information it will be complete solution for Web debugging.

Regards,

 

Faris

Unplanned
Last Updated: 11 Feb 2021 16:48 by Eric

The bug I'm reporting is sometimes the Session.HostnameIs() will return true even if the supplied hostname does not match Session.hostname and a port was passed by the client in the Host header.

HostnameIs function is documented as "This method compares the supplied hostname to the hostname of the request, returning true if a case-insensitive match is found."

What I think is happening is that rather than use Session.hostname for comparison Fiddler instead uses the Session.host (ie what was passed by the client in the Host header) and if a port is present maybe it incorrectly extracts out the hostname. Here is an example that shows the bug and why I think that.

In OnBeforeRequest add this code, which should only show an alert box if the hostname is test:

		if(oSession.HostnameIs("test")) {
			FiddlerObject.alert(oSession.hostname);
		}

Now in a browser try going to http://t:81/ and you will see it shows the alert box, in other words a match. Why? Well, I will guess based on my testing that your code in HostnameIs gets the index of the colon in the host t:81, which is 1, and then compares only that number of characters. So it's doing whatever is the javascript equivalent of !strnicmp("t", "test", 1).

This manifests itself through CONNECT as well, and probably more likely, since the standard ports are used in the Host header (IE might be an exception to this). For example, let's say you go to https://t/ in Firefox or Chrome and HTTPS decrypt is enabled. The Host passed by the client for the CONNECT is t:443 and so it's the same problem, !strnicmp("t", "test", 1).

This is not a theoretical issue for me, I was testing something earlier today where I had to treat a hostname that ended in .co different from the same hostname that ended in .com and it turned out the test I was doing applied to both of them because of this bug.

There may be very good reason to not use Session.hostname for the comparison, I don't know, but the likely extraction from Session.host is not done properly.
1 2 3 4 5 6