I fire up Fiddler Everywhere on my Mac. Generally, it appears to do nothing.
In further detail, "Stream" and "Decode" can be toggled, but otherwise do nothing. The connections icon has a hover-over describing my host and states I have a network connection. The help icon goes to the very limited documentation via browser. The settings icon pops open the settings dialog, which does appear to save changes, but not impact the "nothing" being done by the application. The capture button and inspectors button appear to do nothing. The main viewing area states "No records available." The area to the right of the main area states "Please, select a single Web Session to inspect." And that is it.
Either I'm doing (or not doing) something dumb, or it just isn't working for me. Any help would be appreciated :)
Mac specs: High Sierra 10.13.6, 2.6GHz i7, 16 GB memory
Colleagues, please add an essential feature of Fiddler Classic called Automatic breakpoints
I'm sure that a bunch of people will migrate to Fiddler Everywhere if you implement this
Currently, Fiddler Everywhere capture every https traffic. Sometime, decrypt all https traffic are inconvenience and totally make the network broken (eg: Android 7+ devices). Please add this feature of Fiddler Classic.
I am testing an api that uses basic auth. I am trying to use the composer to hit the API. The existing suggestion is to build the authorization header by hand, but I would suggest that the URL field should be able to handle any URL that a browser or CURL can handle, and so I think it should be able to handle basic auth syntax in the URL, for example:
Currently it takes the user and password and separators and sends the whole thing to DNS ("myUser:p@email@example.com"). Even if it ignores the username and password (and why would you) it should parse them out before sending the hostname to DNS. I would be OK with it building the authorization header and removing it from the URL, but I would rather it handle that behind the scenes and leave the URL the way I pasted it in.
When I try to trusst the fiddler root certifficate, I get the message "not successfull" and see a line like this in the logfile:
[2021-03-01 16:29:48:866] [Information] [Fiddler] Error when trying to check if certificate is trusted: '.', hexadecimal value 0x00, is an invalid character. Line 304, position 38.
I also tried to trust the certificate by hand via the keyring utility.
What can I try?
Fiddler for Windows allowed you to add custom columns to Web Sessions list.
Fiddler Everywhere needs this option so I can add in a column to show the IP address of the server being connected to.
Can these methods be added into Fiddler Everywhere:
I've successfully setup fiddler-everywhere 0.4.0 and am able to sniff traffic to various websites on my linux (Ubuntu 18.04) laptop. However some https sites are not working - fiddler-everywhere severs the connection at the SSL handshake phase. These same sites work in the windows version of Fiddler (v 5.0.20192.25091 - built 04 June 2019) however.
What is the status of the SSL support in fiddler-everywhere vs windows Fiddler?
Example site that fails over https:
Example site that works over https:
Fiddler captures for absa.co.za
CONNECT www.absa.co.za:443 HTTP/1.1 Host: www.absa.co.za:443 Connection: keep-alive User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) Random: 1F 0E B0 54 5D 66 42 82 C9 A8 A6 D5 8F C2 F0 C6 A8 16 0C 8E 14 45 F2 B4 B5 95 92 66 B6 53 D6 F4 "Time": 2015/01/09 19:21:35 SessionID: empty Extensions: 0x5a5a empty server_name www.absa.co.za extended_master_secret empty renegotiation_info 00 elliptic_curves unknown [0xBABA), unknown [0x1D), secp256r1 [0x17], secp384r1 [0x18] ec_point_formats uncompressed [0x0] SessionTicket empty ALPN h2, http/1.1 status_request OCSP - Implicit Responder signature_algs sha256_ecdsa, Unknown[0x8]_Unknown[0x4], sha256_rsa, sha384_ecdsa, Unknown[0x8]_Unknown[0x5], sha384_rsa, Unknown[0x8]_Unknown[0x6], sha512_rsa, sha1_rsa SignedCertTimestamp (RFC6962) empty 0x001b 02 00 02 0xeaea 00 Ciphers: [5A5A] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/ [C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [CCA9] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 [CCA8] TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 [C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA [C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [009C] TLS_RSA_WITH_AES_128_GCM_SHA256 [009D] TLS_RSA_WITH_AES_256_GCM_SHA384 [002F] TLS_RSA_AES_128_SHA  TLS_RSA_AES_256_SHA [000A] SSL_RSA_WITH_3DES_EDE_SHA Compression:  NO_COMPRESSION
HTTP/1.1 200 Connection Established FiddlerGateway: Direct StartTime: 10:28:40.706 Connection: close fiddler.network.https> HTTPS handshake to www.absa.co.za (for #329) failed. System.IO.IOException Unable to read data from the transport connection: Connection reset by peer. < Connection reset by peer
I'm not 100% sure if this is a bug or it's a feature (of lack thereof) but it goes like this:
On regular fiddler, a great thing to do is to simply copy a raw request to the raw composer, change a param and re-issue it... Fiddler everywhere does not allow that! I have to write headers on a tab and the body on another and yet, there's a "Raw" tab.
The Raw tab unfortunately is not editable (read-only)... I believe that it should be editable
Describe the bug
When the location of the Windows Desktop is changed (e.g. like described here), the functionality for exporting the root certificate is not working.
Steps to reproduce the behavior:
Could not find a part of the path 'C:\Users<username>\Desktop\FiddlerRootCertificate.crt'.
The certificate is exported.
Desktop (please complete the following information):
Fiddler can't connect to domains with 3 consecutive hyphens.
This error occurs:
fiddler.network.https> HTTPS handshake to r1---sn-ab5szn7e.googlevideo.com (for #793) failed. System.ArgumentException Decoded string is not a valid IDN name.
Parameter name: unicode
Start Fiddler Everywhere (at least on Mac), make sure HTTPS decryption is enabled.
Go to www.youtube.com and try to watch a video.
The aforementioned error will occur in Fiddler.
I search use Socks5 and received answers:
Hi, Fiddler supports SOCKS4a version. If you are trying to use another SOCKS version, this might be the reason why it is not working. Could you please, elaborate on the error you receive. Regards, Simeon Progress Telerik
He advised me to create a new request!
Will what I want to be done?