Folks,

I've been doing a bunch of OAuth work recently where DPoP is enforced. This makes it difficult to craft requests in the composer, because they need to be signed with the proof of possession token.

It strikes me this could be a feature, allow me, in composer, to provide the access token, proof of possession token and current nonce and generate the right authentication and signature headers.

Barry

 

Currently, the only option to intercept and decrypt secure traffic is to install and trust the Fiddler root CA. However, some applications might use different variations of cert pinning, which can be "solved" by creating and using a self-signed certificate. This would also be a viable option for testers of secured applications (that have access to the actually pinned cert).

Suggestions: provide an option for passing a custom self-signed certificate that Fiddler can use instead of the Fiddler root CA.

Related to https://stackoverflow.com/questions/42236967/change-the-root-signing-certificate-used-by-fiddler

Requested through t.1676901

Is there a way to run a filter across multiple captures (i.e. multiple SAZ files loaded into My Snapshots), as opposed to per individual capture? I'm having difficulty scaling the filtering feature across 100+ captures loaded.

Additionally, is there a way to export the filtered results to CSV/XLS for ease of mass review/searching?

Thanks!

Applications use named pipes on Windows to do interprocess communications in addition to tcp connection on localhost.

Sometimes they run grpc , sometimes json.

It would be great if Fiddler would support listening, replay and editing of those named pipe communications.

Some Applications don't like wildcards.

Battle.net prefers "eu.version.battle.net" and turns down the offered "*.version.battle.net" made by the Telerik CA.

It would be nice if we could optionally change this behaviour to better adapt to the specific needs of an application.

I fire up Fiddler Everywhere on my Mac. Generally, it appears to do nothing.

In further detail, "Stream" and "Decode" can be toggled, but otherwise do nothing. The connections icon has a hover-over describing my host and states I have a network connection. The help icon goes to the very limited documentation via browser. The settings icon pops open the settings dialog, which does appear to save changes, but not impact the "nothing" being done by the application. The capture button and inspectors button appear to do nothing. The main viewing area states "No records available." The area to the right of the main area states "Please, select a single Web Session to inspect." And that is it.

Either I'm doing (or not doing) something dumb, or it just isn't working for me. Any help would be appreciated :)

Mac specs: High Sierra 10.13.6, 2.6GHz i7, 16 GB memory

Fiddler Everywhere is much more advanced than the classic version, but the price is not the only reason why users don't upgrade from the classic version.

 

User Interface

The user interface does not include native components like Classic Fiddler, which clearly degrades performance, reduces usability, complicates the user interface and certainly makes it difficult for new users to use this tool.

Apart from that the interface grouping is quite bad, for example I want to use Composer when monitoring live traffic, but this is not possible, Fiddler Classic has no such problem.

Also, considering user habits, while everyone is familiar with the operating system interface, the Everywhere user interface requires some getting used to.

Some features that are available in Native UI but not in the Fiddler Everywhere UI;

• Drag & Drop Features
• Ability to do other things while monitoring live traffic (Better multitasking)
• Keyboard integration is very bad (As you can see in the gif, the directional keys don't even change the selection, and therefore the delete key doesn't work as it should, and if you press the delete key while selected, it completely removes the selection instead of selecting the next one.)
• Fiddler Everywhere uses its own Context Menu, which is frankly terrible in terms of user habits and ease of use, it really annoys me to see the opening animation of the context menu every time.

I would expect the interface to be more practical in a programme that is constantly and actively used, and I would prefer the interface to be native rather than working with the browser engine.

(UI is the biggest reason why I didn't switch)

 

Missing Features

FiddlerScript and Add Ons support is not available. 

 

General Feedback

Fiddler Everywhere feels like a downgrade, not an upgrade, and I say this as a Fiddler Classic user of over 10 years.
If you were considering releasing a paid version of Fiddler Classic, I would probably subscribe, but not to Fiddler Everywhere.

Currently, the Export > Raw Files option does not work when the session is "Partial Content" (status 206).

Consider providing support for exporting sessions with status 206

Requested through t.1657416

Consider providing automated support for network-isolated applications like metro-style applications. The feature is available in Fiddler Classic through the WinConfig option

Details on how an application can be exempted from the Windows settings are posted here:

https://learn.microsoft.com/en-us/previous-versions/windows/apps/dn640582(v=win.10)?redirectedfrom=MSDN 

https://stackoverflow.com/a/33263253 

 

It would be great to have the same Host Remapping support that Fiddler2 has.

I am a follower of fiddler classic.  I want to know if Extend Fiddler everywhere  with .NET Code. Because the http response in my web project is encrypted, I need to decrypt it before I can see the plain text. This has been implemented in fiddler classic and it works fine. But I wonder if it can be done in fiddler everywhere as well?

Consider the support of variables and variable environments in Fiddler Everywhere. The base functionality should have:

- Option to create a static variable

- Option to create a dynamic variable (e.g., one populated dynamically from response).

- Options to use variables in Composer, Rules, and Inspectors (e.g. for dynamic population)

- Option to easily access and modify stored variables.

- Option to store variables in different environments (e.g. stage, production, etc.)

- Option to share variables/environments.

+2 Requested from 1640564 and 1640556

Is it possible to add a rule or configure exporting or saving the data as raw files to my computer automatically and periodically? I read a few questions on here but it seems to be a different version of Fiddler.

Fiddler Classic implements and documents this feature. Is this true for Fiddler Everywhere? Can you provide instructions?

I can tell you what does not work on Windows 11:

• Copying my client certificate to $env:USERPROFILE\Documents\FiddlerCore\ClientCertificate.cer

• Copying my client certificate to $env:USERPROFILE\Documents\Fiddler2\ClientCertificate.cer

• Copying my client certificate to $env:USERPROFILE\.fiddler\ClientCertificate.cer

• Copying my client certificate to $env:USERPROFILE\.fiddler\Certificates\ClientCertificate.cer

Please provide detailed instructions for setting this up. Thank you.

Is there any way how to store rules, filters. settings etc. online in Fiddler account (like in Postman etc.) and share between different machines?

If not, is this feature planned?

Hi,

I would like to make a rule that changes the Comments column to display a value from the Response body. Specifically, I would like the value of "pk" (if available) to show up in the Comments field.

My overall question: Is there a way to reference Response body data in the Rules Builder?

I looked through all the documentation I could find and I didn't see any examples of Actions using dynamic data. Any help would be greatly appreciated.

Thank you,

Matt Donner
Dave & Adam's Card World
m.donner@dacardworld.com

Hello,

I have an idea of workspaces concept (just like Postman's workspaces feature).

Include a workspace concept to enable us to:

1. Create multiple workspaces that have individual filters, rules, sessions, requests...

2. Synchronize all of that configuration (filters, rules, sessions, requests...) to continue working on another PC

I have 3 rules. Please check the images for detail how the rules define and their order of execution.

If I understand correctly, "Non-Final-After" rule must not be executed in this case due to "Final" rule contain a final action (Manual response).

But you can see, "non-final-after" header is added to response.

I am not sure if it's a bug or intended behavior.

Please take a look. Thanks.

Hello,

I have an idea for the rule's action.
It would be great if we could define an action template so we can re-use it for difference rules.

For example: We might create a template with a set of non-final actions like:
1. Mark session

2. Update request header: [My-Custom-Key:My-Custom-Value]
3. Comment: This session is modified by Rules

...
Then when create a new rule, we can add an action to execute from actions template list like an illustration image.

Hello,

I would like to know how the internal logic for rules with multiple conditions works.

For example, let's say we have 2 conditions and a rule will be matched if all conditions are met:

1. URL contains 'example.com'
2. Response Body contains 'string'

• Are the conditions checked in any particular order (i.e. URL is checked first)?
• What happens if the first condition fails, does it stop and not check for the second condition?

Thanks