Basically, the problem here is that if we're AutoAuthenticating when reissuing a request, we try to strip any default Auth header.
There's code that looks like
if (theFlags.ContainsKey("x-AutoAuth") && newSession.requestHeaders["Authorization"].OICContains("NTLM")
//... strip the header
The problem is that we should only be looking at the very first token of the Authorization header (e.g. before the first space). We should not search the whole header, because if the header is
Authorization: Bearer BlahblahblahNtLMblahblah
we think it's an NTLM header and strip it.
For now fiddler just have filter, and it not ignore traffic. Filter just hiding it.
Also Fiddler have option "Capture/Dont capture traffic" via menu File or F12. but it general for all. Also this option NOT work while the target app still use fiddler proxy.
My example problem :
I am using Nox to test MyDownloader app, while apk connect internet or requesting web data its ok to proxified by fiddler. But when I start downloading, the file is downloaded first to Fiddler cache until complete. after complete then fiddler continue request with that file response. That the problem. This also applied to all request in my PC. No problem if size just 20MB. But above 100M, 500MB, 1GB, sometime it make fiddler hang.
Also when i download file, then cancel it, fiddler still download file until complete. So to cancel that in fiddler, i need to disconnect it first.
For now, to bypass my problem i also using Proxi*fi*er filter to selecting mimetype.
Response headers named
Should be added to the "Security" section of the Response Headers inspector. These are important security headers added to the web platform, and looking for them will become increasingly common and important.
Hello dear fiddler support.
The bug i've found is: Fiddler doesn't support some encryption ciphers.
Recently I was trying to connect to https://inlat.am/ site with "Decrypt SSL traffic" option set in fiddler to my genuine surprise i couldn't even connect to site.
I am using chrome 87.0.4280.88 64bit and fiddler v5.0.20204.45441 for .NET 4.6.1
Without "Decrypt SSL traffic" option set in Fiddler - chrome works fine.
So i decided to investigate what actually happen.
I run to https://www.ssllabs.com/ site to check supported ciphers - here you can check it https://www.ssllabs.com/ssltest/analyze.html?d=inlat.am&s=188.8.131.52
and tried to reproduce the issue with wirshark on.
In wire shark i can see that there is no ciphers supported by https://inlat.am/ site
Cipher Suites (24 suites)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
Now i now what the issue is about.
My question is how to fix the problem with ciphers.
In my opinion you should somehow add it in Fiddler.
I am getting the following error in fiddler and without Capture HTTPS CONNECTs it works, also in the Protocols I have enabled: <client>;ssl2;ssl3;tls1.0;tls1.1;tls1.2
fiddler.network.https> HTTPS handshake to <domain> (for #6) failed. System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < The message received was unexpected or badly formatted
Win32 (SChannel) Native Error Code: 0x80090326
[Edited by Telerik Staff to remove personal information and convert to bug report]
In the Good Old Times™ "give feednback" just mean "give feedback".
Well, here is your feedback.
Why do i have to
Why are you wasting my time? I did not make it buggy, it was you!
When I go to File | Save | All Sessions it defaults to a directory (that is not where I want to store the debug information I collected).
I store all problems I am working on in a different directory structure. When I go to SAVE my debug session I would like to set the Default directory (structure) where I save all my other documentation for problems I am working on. Having to "re-find" my documentation folder multiple times in 20 minutes of saving multiple debug sessions is tedious and non-productive.
I suggest a user preference that has these options:
Set default directory to: .......... (It will always open to here when a SAVE is done)
Follow Last SAVE directory: (Check box) This will open whatever directory location you last did a SAVE to
User Fiddler's Default Location: (Check box) This is like a "Reset" to Fiddler's default location.
When loading the SAZ file, the requests are ordered incrementally based on the order they were saved in.
For example, a Fiddler session was sorted by URL and then saved to SAZ. When the file is loaded, the requests are still sorted by URL but the original index numbers are lost and the requests are numbered incrementally as per this sort. This means that it is not possible to sort the session back to the original linear order by clicking on the index column (#) as it was possible to do before the save/load.
I've seen that the original index is saved in the Comments column. This is only a partial solution because:
1. When sorting by this column, a lexical sort is performed meaning the sessions would be numbered: 1,10,100,101,11,12..19,2,20,21 etc...
2. If the request had a comment associated with it, this overrides this feature and the original index number is lost.
Also, I know it's possible to sort by ClientDoneRequest as a good approximation but it obviously doesn't recreate the original order.
It would be beneficial to keep the original index numbers (even including the gaps between them) as there is information there that shouldn't be lost when saving.
As always thank you for your work on this wonderful product.
This bug occurs in both Fiddler and Fiddler Everywhere so you may want to take a look.
The system I'm running on is Win7x64 with latest patches loaded.
Note that when Fiddler/Fiddler Everywhere is not loaded, I can access this website normally.====== Message from Fiddler v5.0.20204.45441 for .NET v4.6.1 Built: 2020-11-03 ======
1. 在代码里Fiddler有什么方法可以把发送的请求信息记录到Composer History列表？（重点）
I'm testing a website that has a self signed SSL cert. I can navigate to this URL via an extra warning step on chrome (see attached screen shot).
However via Fiddler, I just get an error that "this site cannot be reached" and I can see it's dropped on the Fiddler side: I can see the tunnel CONNECT request, but no subsequent request.
I've enabled the option "Ignore server certificate errors (unsafe)" and restarted Fiddler, but the problem still persists.
As always, thank you for your work on this.
I recently am having an issue with MS Teams while running fiddler. MS Teams keeps giving disconnect errors. That's when I noticed that fiddler it proxying it's traffic even though I have filters set to "Show only the following Hosts", and teams.microsoft.com are not included in the hosts. I also notice other items in my sessions list that are not in my list of hosts so what is going on?
I don't really want to post my list of hosts publicly. If you need them, please let me know and maybe I can email them to someone.
Fiddler’s “Auth” Inspector uses Encoding.Default() for decoding base64-encoded BASIC auth credentials. This was common practice at the time this was first written but is now obsolete. https://tools.ietf.org/html/rfc7617, written much later, demands UTF-8.
Chromium and Firefox encodes credentials using UTF-8.
Please consider refraining from (or at least making optional) the sorting of the JSON property keys when using the JSON tree viewer. For code which sends out complex payloads, having the properties reordered makes it hard to compare the tree to the actual payload sent. For example, we send startXXX and endXXX properties at the end of our payload, and when Fiddler moves "endXXX" to the top of the tree, debugging becomes a pain. Please allow the payload to be tree-visualized as constructed.
When using Fiddler, there seems to be some bugs around resizing the GUI/UI, namely the dividers between sections such as between packet list vs. inspectors panes. It seems that when Fiddler is maximized full-screen, the divider (while using "Wide" layout) is shifted all the way up high, just beneath the initial packet in the list (Fiddler's update check).
I've been able to adjust the UI by manually manipulating Fiddler's registry settings, but even then it still seems finicky -- sometimes they take, sometimes they don't.
v5.0.20202.18177 for .NET 4.6.1
Built: Tuesday, April 14, 2020
I find myself applying the same filters again and again on each launch of Fiddler (I mean the filters listed below the list of requests). I think it would be really great if you could allow the restoration of previously applied filters (e.g. by having a save/load filters option). Also, allowing to filter out by "Request Method" would be great too. Congratulations on this tool, by the way. It is really great. :)
A screenshot of the error is provided, I think there are extra characters in the form, these should not appear, it seems to be caused by a decoding error. Note that the transfer method "transfer-encoding: chunked".