Unplanned
Last Updated: 21 Oct 2020 07:05 by ADMIN
Sean
Created on: 26 Jun 2020 12:39
Type: Bug Report
2
Issue with Fiddler Everywhere + Corporate VPN

MacOs, Fiddler Everywhere 10, Cisco AnyConnect.

Here's the workflow...

In the morning, Cisco VPN isn't connected.  All traffic is blocked by design.  Attempt to start Fiddler Everywhere.  WON'T START because it can't login.  What is this new requirement to login?  If I don't start Fiddler before the VPN, no traffic ever logs.  If i don't start the VPN, Fiddler won't start.  A bit of a cartch-22, ya think?

Somehow I bypass the VPN (Don't tell corp security) and get logged-in.  Fiddler is up.  Start the VPN. Get some work done.  Shiny new UI!  Still can't drag-drop from inspector to composer?  Damn.

At some point the Fiddler login EXPIRES.  Why does it expire?  What do I even need a login for?  At this point ALL TRAFFIC fails, since Fiddler was the system proxy.  All work stops.  Now I need to stop Fiddler, Stop the VPN, attempt to start Fiddler again....oh wait, can't login because the VPN is down...  here we go again.

This is all a serious waste of time.  I can see registering Fiddler so you know who your users are.  What's with the REQUIREMENT to have a login, and why does it expire?  It kinda makes Fiddler useless.

Please remove the requirement to login to an account before being able to use Fiddler Everywhere.

 

Thanks,

Sean

14 comments
ADMIN
Nick Iliev
Posted on: 21 Oct 2020 07:05

Hey Sean,

 

At this very moment, Fiddler Everywhere requires having direct internet access (see the system requirements here). After your clarification that you don't have Internet access without the VPN, it is expected that the client is unable to complete the login process.

The team is currently discussing the possibilities to provide an anonymous login option (which won't require access to the Internet). Adopting a similar workflow will also allow more opportunities for cases like yours (where a VPN is needed for accessing the login endpoints).

 

Thank you once again for all the provided data - I will follow your suggestions to the team.

 

Regards,
Nick Iliev
Progress Telerik

Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.

Sean
Posted on: 20 Oct 2020 13:53

I really feel like you don't understand the issue.  My corporate VPN restricts ALL INTERNET connections to pass through the VPN.  If the VPN is not up, NO INTERNET access.  No split tunnel.

So I downloaded Fiddler Everywhere 1.1.1 and installed it.  

I disconnected from the VPN.

I started Fiddler Everywhere 1.1.1.  It hung at "Please Wait" forever, trying to contact the login server.  Since the VPN isn't UP, there's NO INTERNET and thus Fiddler Everywhere cannot login.  Since it can't login, it never starts.

Just for fun, I logged back into the VPN, started fiddler, and added the new config option, closed fiddler and the VPN, and tried to start Fiddler again.  Save results.  Fiddler never starts because it can't contact the login server because the VPN isn't up.

You may have solved one problem.  IF fiddler ever started, you are right, it shouldn't try to proxy the VPN server connection.  The problem is, Fiddler will never start.

If you MUST contact the login server, you'll need to do it AFTER the VPN is up.

Sean

 

ADMIN
Nick Iliev
Posted on: 20 Oct 2020 13:10

Hello Sean,

 

 

Thank you for pointing that out! Here is a working link to the KB article:

https://docs.telerik.com/fiddler-everywhere/knowledge-base/configure-vpn-with-fiddler

 

 

Regards,
Nick Iliev
Progress Telerik

Five days of Blazor, Angular, React, and Xamarin experts live-coding on twitch.tv/CodeItLive, special prizes, and more, for FREE?! Register now for DevReach 2.0(20).

Sean
Posted on: 20 Oct 2020 12:47

Your KB article link is broken.

 

Oh no!
It seems we've lost this page

ADMIN
Nick Iliev
Posted on: 20 Oct 2020 10:53

Hi everyone,

 

We've recently improved the VPN experience with Fiddler Everywhere. You can refer to this KB article about configuring Fiddler Everywhere alongside a tool like Cisco VPN.

 

Regards,
Nick Iliev
Progress Telerik

Five days of Blazor, Angular, React, and Xamarin experts live-coding on twitch.tv/CodeItLive, special prizes, and more, for FREE?! Register now for DevReach 2.0(20).

Sean
Posted on: 04 Aug 2020 12:40

+1 for removing the login/collaboration/whatever from the free version.  Auth won't work unless your corp allows a "split tunnel".

 

I'm on a Mac. "Classic Fiddler" isn't an option.

 

Thanks,

 

Sean

ADMIN
Nick Iliev
Posted on: 04 Aug 2020 11:42

Hello Ton,

 

Thanks for the feedback on the EULA and for your suggestion about the Free version. We will have a planning meeting soon and will discuss the possibilities and the future of Fiddler Everywhere. So far the idea is that each user should authenticate (so that if a user decides to upgrade it will be done on-the-fly and without losing any of the already shared/saved content).

 

Regards,
Nick Iliev
Progress Telerik

Ton
Posted on: 04 Aug 2020 10:59
BTW, you could rip the authentication part out of the free version.
Ton
Posted on: 04 Aug 2020 10:57

Thanks for the fast response, Nick. I'll give it a shot and see how it compares to other solutions i am trying out.

 

Good and clear EULA, BTW. The only part i don't like is the selling of user data, but i guess that's inevitable nowadays.

ADMIN
Nick Iliev
Posted on: 04 Aug 2020 10:45

Hi Ton,

Fiddler Everywhere is providing a new set of functionalities related to sharing and collaboration. With FE, you can now share captured traffic, autoresponder rules, and composer requests. Fiddler Everywhere also comes in different flavors (Free, Trial, and Pro versions), which are also requiring authentication to distinguish different users and to provide account-based licensing. Fiddler is strictly following GDPR requirements, and no information is being reused outside Fiddler Everywhere client needs. You can refer to our detailed EULA page for more details on the user agreement.

I want to note that the classic Fiddler is still available and doesn't require authentication. However, it is available only for Windows.

Regards,
Nick Iliev
Progress Telerik

Ton
Posted on: 04 Aug 2020 09:50

@Sean, can you please comment on Nick's question on WHY we need to create an account and log in to Fiddler? I have downloaded Fiddler because i want to try it out, but i think the fact that you need to log in to a locally installed tool is quite fishy. This prevents me from installing it till now.

Please clarify the reason behind having to use a mandatory account for a MITM/Proxy tool.

 

Thanks,

 

Ton.

ADMIN
Nick Iliev
Posted on: 09 Jul 2020 10:43

Hi Sean,

 

It seems that after all your issue is entirely related to how your company is accessing the Internet which is after a VPN connection is established. Fiddler is trying to refresh the authentication token after a specific amount of time but the operation is not completing due to the VPN specifics in your case.

We are aware that using Fiddler with VPN software (like Cisco AnyConnect or similar) is a must and the team is researching the possibilities to enable this feature. I've escalated the feature priority and I will let you know as soon as we have more insight about a possible implementation in the near releases.

 

Regards,
Nick Iliev
Progress Telerik

Progress is here for your business, like always. Read more about the measures we are taking to ensure business continuity and help fight the COVID-19 pandemic.
Our thoughts here at Progress are with those affected by the outbreak.
Sean
Posted on: 07 Jul 2020 13:50

TBH, the login expiration is about once a day, but any interruption that requires me to hack my corporate VPN in order to use a tool is unacceptable, even if it is once per day.

My company is currently 100% work-from-home, Cisco VPN.  This login "feature" is making fiddler useless.

logs attached.

  
Attached Files:
ADMIN
Nick Iliev
Posted on: 29 Jun 2020 10:01

Hello Sean,

 

Thank you for your valued feedback!

I can confirm that at this moment, FE is not working alongside an active VPN connection (like one made with Cisco VPN). The team has already acknowledged the issue, and these tasks are one of our priorities for the upcoming feature releases.

As for the issue related to FE account expiration and the following non-working traffic, it looks like that on your side, the proxy is not reset once the FE credentials expired. It is also strange that you are experiencing a login expiration way too often. Can you please make sure that you are using the latest version of Fiddler Everywhere, and if the issue is still there, please send us the FE logs. On Mac OS these logs should be located in the following directory:

~/Library/Application Support/Fiddler Everywhere/Logs

 

Regards,
Nick Iliev
Progress Telerik

Progress is here for your business, like always. Read more about the measures we are taking to ensure business continuity and help fight the COVID-19 pandemic.
Our thoughts here at Progress are with those affected by the outbreak.