I'm unable to connect to "gateway.icloud.com" when Fiddler is open and decrypting HTTPS traffic.
This is Fiddler Everywhere 0.10.0 on macOS 10.15.5.
Open Fiddler and make sure it's decrypting HTTPS traffic.
Open any browser and go to https://gateway.icloud.com/
Expected result: Page loads (it's blank. This is normal.)
What actually happens: fiddler.network.https> HTTPS handshake to gateway.icloud.com (for #820) failed. System.Security.Authentication.AuthenticationException The remote certificate is invalid according to the validation procedure.
Same thing happens on https://configuration.apple.com/
Currently, Fiddler Everywhere just hard-fails on any invalid SSL certificate. More annoyingly, it doesn't explain why the certificate is invalid.
Fiddler Everywhere should:
1. Allow overriding a certificate error (possibly hide this behind an option)
2. Explain what caused a certificate error
MacOs, Fiddler Everywhere 10, Cisco AnyConnect.
Here's the workflow...
In the morning, Cisco VPN isn't connected. All traffic is blocked by design. Attempt to start Fiddler Everywhere. WON'T START because it can't login. What is this new requirement to login? If I don't start Fiddler before the VPN, no traffic ever logs. If i don't start the VPN, Fiddler won't start. A bit of a cartch-22, ya think?
Somehow I bypass the VPN (Don't tell corp security) and get logged-in. Fiddler is up. Start the VPN. Get some work done. Shiny new UI! Still can't drag-drop from inspector to composer? Damn.
At some point the Fiddler login EXPIRES. Why does it expire? What do I even need a login for? At this point ALL TRAFFIC fails, since Fiddler was the system proxy. All work stops. Now I need to stop Fiddler, Stop the VPN, attempt to start Fiddler again....oh wait, can't login because the VPN is down... here we go again.
This is all a serious waste of time. I can see registering Fiddler so you know who your users are. What's with the REQUIREMENT to have a login, and why does it expire? It kinda makes Fiddler useless.
Please remove the requirement to login to an account before being able to use Fiddler Everywhere.
I am trying to login to fiddler anywhere on Ubuntu. But since the system is behind proxy, while logging into proxy, i get network error.
I have configured the proxy in env variables as well as network settings >proxy, but it does not work.
Please provide a way to configure the corporate proxy for fiddler everywhere before login
Steps to reproduce:
Example data posted (snippet with middle section excerpted):
There is much more data that should occur after the property "immediatePatientSafety". There does appear to possibly be additional fields presented in the Web Form inspector although some of the values are truncated and have an ellipsis (...) following those lines, so I believe that the tool is capturing the data but will not make it visible or available in the Text or Raw Inspectors.
No option exists to configure the amount of request data that is captured or to cause the Inspector to "show more" data.
I need to be able to see the full text request to troubleshoot an issue with the back-end application.
I need the data available in the Text or Raw inspector so that I can cut and paste it out for external processing and discussion with the developers.
I noted that a separate bug report has been issued for a missing "show more data" option on large response records.
Fiddler for Windows allowed you to add custom columns to Web Sessions list.
Fiddler Everywhere needs this option so I can add in a column to show the IP address of the server being connected to.
Can these methods be added into Fiddler Everywhere:
Latest version of Fiddler (v0.10.0) and Android Emulator is not proxying the connections properly.
I have Fiddler Everywhere running and know it is working when I can send requests through Postman and see them show up in Fiddler properly.
However, if I set up the Android Emulator through Android Studio, and set the proxy to be Fiddler, connections do not fully reach the backend service I am sending requests to. All that shows up in Fiddler is
CONNECT 192.168.5.7:5000 HTTP/1.1
HTTP/1.1 200 Connection Established
The service is running on my local host machine (192.168.5.7) on port 5000.
If I close Fiddler and run charles-proxy, then set the Android Emulator to use that as the proxy, I see the full request, my service responds, and I see the response in Charles.
I've successfully setup fiddler-everywhere 0.4.0 and am able to sniff traffic to various websites on my linux (Ubuntu 18.04) laptop. However some https sites are not working - fiddler-everywhere severs the connection at the SSL handshake phase. These same sites work in the windows version of Fiddler (v 5.0.20192.25091 - built 04 June 2019) however.
What is the status of the SSL support in fiddler-everywhere vs windows Fiddler?
Example site that fails over https:
Example site that works over https:
Fiddler captures for absa.co.za
CONNECT www.absa.co.za:443 HTTP/1.1 Host: www.absa.co.za:443 Connection: keep-alive User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) Random: 1F 0E B0 54 5D 66 42 82 C9 A8 A6 D5 8F C2 F0 C6 A8 16 0C 8E 14 45 F2 B4 B5 95 92 66 B6 53 D6 F4 "Time": 2015/01/09 19:21:35 SessionID: empty Extensions: 0x5a5a empty server_name www.absa.co.za extended_master_secret empty renegotiation_info 00 elliptic_curves unknown [0xBABA), unknown [0x1D), secp256r1 [0x17], secp384r1 [0x18] ec_point_formats uncompressed [0x0] SessionTicket empty ALPN h2, http/1.1 status_request OCSP - Implicit Responder signature_algs sha256_ecdsa, Unknown[0x8]_Unknown[0x4], sha256_rsa, sha384_ecdsa, Unknown[0x8]_Unknown[0x5], sha384_rsa, Unknown[0x8]_Unknown[0x6], sha512_rsa, sha1_rsa SignedCertTimestamp (RFC6962) empty 0x001b 02 00 02 0xeaea 00 Ciphers: [5A5A] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/ [C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [CCA9] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 [CCA8] TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 [C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA [C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [009C] TLS_RSA_WITH_AES_128_GCM_SHA256 [009D] TLS_RSA_WITH_AES_256_GCM_SHA384 [002F] TLS_RSA_AES_128_SHA  TLS_RSA_AES_256_SHA [000A] SSL_RSA_WITH_3DES_EDE_SHA Compression:  NO_COMPRESSION
HTTP/1.1 200 Connection Established FiddlerGateway: Direct StartTime: 10:28:40.706 Connection: close fiddler.network.https> HTTPS handshake to www.absa.co.za (for #329) failed. System.IO.IOException Unable to read data from the transport connection: Connection reset by peer. < Connection reset by peer
Colleagues, please add an essential feature of Fiddler Classic called Automatic breakpoints
I'm sure that a bunch of people will migrate to Fiddler Everywhere if you implement this
With Fiddler on Windows an imported HAR file would load into a new window.
Current Fiddler Everywhere appends the HAR file into the current window you have open.
For example, I see my HAR import and it gets appended into the "Live Traffic" session. It should import into a new window like the existing windows version does.
On Request Inspector, Web Forms Tab, the header row seems duplicate.
While inspecting requests where Content-Length > 3000, only 3000 characters of the request body gets displayed in both Raw and Text views. When I copy the whole contents of the selectable area (CMD + A, CMD + C) and paste it into a text editor, it seems like there is a 'View full request...' text somewhere which does not show up. I remember this button from previous versions.
OS : macOS Mojave Version 10.14.6
A sample HTML with dummy form to reproduce the bug and recorded session is attached.
I fire up Fiddler Everywhere on my Mac. Generally, it appears to do nothing.
In further detail, "Stream" and "Decode" can be toggled, but otherwise do nothing. The connections icon has a hover-over describing my host and states I have a network connection. The help icon goes to the very limited documentation via browser. The settings icon pops open the settings dialog, which does appear to save changes, but not impact the "nothing" being done by the application. The capture button and inspectors button appear to do nothing. The main viewing area states "No records available." The area to the right of the main area states "Please, select a single Web Session to inspect." And that is it.
Either I'm doing (or not doing) something dumb, or it just isn't working for me. Any help would be appreciated :)
Mac specs: High Sierra 10.13.6, 2.6GHz i7, 16 GB memory
Simple as that: fiddler everywhere does not capture traffic to localhost, 18.104.22.168 AND when you insert your local address, it captures your request only to return that "
[Fiddler] DNS Lookup for "www.192.168.0.18" failed. System.Net.Internals.SocketExceptionFactory+ExtendedSocketException Device not configured
MAC OSX, using safari.
Other address are captured as expected
I'm not 100% sure if this is a bug or it's a feature (of lack thereof) but it goes like this:
On regular fiddler, a great thing to do is to simply copy a raw request to the raw composer, change a param and re-issue it... Fiddler everywhere does not allow that! I have to write headers on a tab and the body on another and yet, there's a "Raw" tab.
The Raw tab unfortunately is not editable (read-only)... I believe that it should be editable
Operating System: macOs Catalina 10.15.4
Step by step instructions on how to reproduce the problem:
You can also do the following to reproduce the problem:
Use case: I work remotely and connect to a VPN. In comparison, Charles Proxy can capture traffic when VPN is on. The comparison was to point out traffic is possible to be captured on VPN to counter any arguments.