Hi,

I’m developing a .NetFramework extension for Fiddler and am finding an issue with clearing bold, italic, strikethrough on the session text in the session list when using “this.session.RefreshUI()”. I’d like to be able to see these changes occur upon a context menu item click, immediately within Fiddler, without having the reload the sessions or the application. I can see the session flags are removed from the session as expected, but the bold, italic, or strikethrough is not unset.

I’m aware there is an option to Mark, Unmark sessions, but this doesn’t fit integrate closely enough with the extension I am developing or do exactly what I would like.

I seem to have no issues with changing the UI-Backcolor or UI-Color and refreshing for the updates to be immediately seen.

I can set UI-Bold, UI-Italic, UI-Strikethrough, but I cannot unset these with RefreshUI().

Is this a bug? Is the RefreshUI() call not doing something for UI-Bold, UI-Italic & UI-Strikethrough which it does do for UI-BackColor and UI-Color?

Thanks,

Jeremy.

Dear Fiddler developers,

I was recently inspecting the Punch In and Clock Out system of our company. After I captured the POST to send the punch in packages, I try to replayed it.

The replay functions returened a valid request. It is still valid even if I export the session into curl of a bat fil. But I got a issue after I copy the code into a bigger automatic code. The server I sent report me a 543 error "Please check the shifts." And the map API returned a UTF-8 wrong decode.

First I thought that this is because the limitation of both Unix and Windows system, I tried to pipe all the satings into the limitation they desire, 520 as I measured in UNIX. But it did not work.

Later on I watch the debug with the bash -x for about an hour, then I realise that you, the Fiddler program actually somehow turn one % into double %%.

After I replace all the %% with single %, everything works fine.

My first doubt is the ChatGPT. But as I was looking through the chat history, the ansewer is no, The problem is somewhere before I ever peate the code to ChatGPT to run. So I regenerated the whole cURL code from Fiddle, and yes this fault is your issue.

Please keep me updated if you fix that problems. Also, maybe I am ingnorant on this common problem. I am just a noob in the holy I.T. stuffs.

Yours,

Neil.

Fiddler's update check will always fail by default because you've disabled TLS/1.0 support on your server and Fiddler's now-very-outdated TLS config only enables TLS/1.0 by default. The user must manually go into Tools > Fiddler Options > HTTPS and change the Supported protocols string to <client>;tls1.2 to fix this problem (and to also fix problems with the Composer and any other Fiddler features that do not pass through traffic through a client that supports later TLS.

This is tracked by oAcceptedServerHTTPSProtocols in Config.cs.

This would be useful to compare a completed working trace versus a non-working trace, side by side and see what the difference in the traces are.

I am trying to use settings Tools -> Win8 Loopback Exemptions -> Exempt All -> Save Changes. But it is giving me some error and saving those changes. Following is the error.

Failed to set IsolationExempt AppContainers; call returned 0x57

I am blocked due to this error and cannot perform tests on my application. Pls help.

Thanks

The .NET Framework has added support for TLS/1.3.

We should do the work to enable TLS/1.3 in Fiddler (it's very little additional work to add "Tls1.3" to the options dialog and the underlying code). 

Related issue: https://github.com/aws/aws-sdk-net/issues/2567

When sending multiple requests to the same domain, sometimes Fiddler alters the headers (in this case by duplicating the user-agent one), and in this case it causes a fail because a precomputed signature of the request does not match.

For legacy reasons, Fiddler logs the message "HTTPSLint> Warning: ClientHello record was {0} bytes long. Some servers have problems with ClientHello's greater than 255 bytes"

This message should be removed because at this point, effectively ALL clienthellos are over 500 bytes and basically all servers are okay with it.

(This message was only relevant around 2014 or so when longer clienthellos started becoming common)

Fiddler classic uninstall after epic app & valorant online game not working some error as to come valorant error code : val 29

Epic error code : 404

Fiddler would NOT allow me to save the file.  We tried this multiple times to various file locations. 

I do not have Visual Studio installed on my PC -- so I selected the latest verison in this form because it is a REQUIRED field. 

Fiddler provided the text below. 

---------------------------

Awww, Fiddlesticks!

---------------------------

Fiddler has encountered an unexpected problem. If you believe this is a bug in Fiddler, please copy this message by hitting CTRL+C, and submit a bug report at http://www.telerik.com/forums/fiddler.

Could not find file 'C:\Users\629243897\Documents\IBMSPend on v85 debug - 2 refreshes after logon.saz'.

Type: System.IO.FileNotFoundException

Source: mscorlib

   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)

   at System.IO.FileInfo.get_Length()

   at Fiddler.frmViewer.actSaveSessionArchive(String , String
, Session[] ) in C:\Jenkins\Fiddler_Windows\workspace\Fiddler2\Fiddler.Shared\Viewer.cs:line 6808

Fiddler v5.0.20211.51073 (x64 AMD64) [.NET 4.0.30319.42000 on Microsoft Windows NT 10.0.22621.0]

---------------------------

OK   

---------------------------

When sending post data, -d option needs to ensure that the data does not start with an @

https://portswigger.net/research/the-curl-quirk-that-exposed-burp-suite-amp-google-chrome

BasicFormats.dll - cURLExport.cs

As noted in the Fiddler book,

Sessions rerouted from one hostname to another using the Host Remapping tool are rendered with a light blue background in the Web Sessions list. HTTPS Sessions that have been rerouted have the X-IgnoreCertCNMismatch and X-OverrideCertCN Session Flags set to avoid raising “Certificate Name Mismatch” errors.

However, there's a bug. In the HostsFile.cs code, there's are several places that look like:

            if (oS.isTunnel) {

                oS["x-overrideCertCN"] = oS.hostname;
                oS["X-IgnoreCertCNMismatch"] = "HOSTS-Ext";
            }

This usually works for browser traffic going through Fiddler (because the HTTPS handshake is typically conducted on the CONNECT tunnel). However, it doesn't work (and the user is spammed with cert error warnings) if the traffic is sent from Fiddler itself (e.g. via Composer or using the "Reissue requests" context menu item). 

The code should look like this:

            if (oS.isHTTPS || oS.isTunnel) {

                oS["x-overrideCertCN"] = oS.hostname;
                oS["X-IgnoreCertCNMismatch"] = "HOSTS-Ext";

           }

If you open use fiddler for a while (a Day or so), eventually it lock up the UI on the other monitors. It is almost as if there is an invisible dialog over the other screens. Once you kill Fiddler. its all restored again.

We have been Noticing this over the last few months.

Fiddler downloads content to show on its homescreen from HTTP URLs. This is not safe because the content is rendered to the user in a WebView control and thus an attacker on the wire could replace it with malicious code or instructions that could harm the user.

Fiddler should not be using HTTP URLs for anything in this day and age.

http://fiddler2.com/content/GetArticles?clientId=0651E115B3D6EFD84CC35BE
http://fiddler2.com/content/GetBanner?clientId=0651E115B3D6EFD84CC35BE

document-policy: force-load-at-top

https://chromestatus.com/feature/5744681033924608

When there's a HAR file with h3 entries, they are either misinterpreted or ignored.

I know how to fix it both in the importer/exporter DLL and in Fiddler.exe.

I can submit a correction.

For now fiddler just have filter, and it not ignore traffic. Filter just hiding it.

Also Fiddler have option "Capture/Dont capture traffic" via menu File or F12. but it general for all. Also this option NOT work while the target app still use fiddler proxy.

My example problem :

I am using Nox to test MyDownloader app, while apk connect internet or requesting web data its ok to proxified by fiddler. But when I start downloading, the file is downloaded first to Fiddler cache until complete. after complete then fiddler continue request with that file response. That the problem. This also applied to all request in my PC. No problem if size just 20MB. But above 100M, 500MB, 1GB, sometime it make fiddler hang.

Also when i download file, then cancel it, fiddler still download file until complete. So to cancel that in fiddler, i need to disconnect it first.

For now, to bypass my problem i also using Proxi*fi*er filter to selecting mimetype.

Hello! The problem is described on this link: stackoverflow

 Please add in Filter -  feature block named "Request Body" with options "Show only if request body contains", "Hide only if request body contains"

Hi there, what's the correct way to call:

JSON.stringify({});

JSON.parse("{}");

after calling these JSON methods, fiddler says:

Variable 'JSON' has not been declared

cheers,

David

I want to capture the traffic from Android Phone, and already install Root Certificate as 'System Trusted Credintials' in /system/etc/security/cacerts (renamed like '269953fb.0' by md5).

Accessing the https page, It seems to behave well in a normal application and other browser (like XBrowser, a tiny volume browser, only 1.01MB) ,and which proves that the certificate is installed correctly, but in Chrome it prompts 'NET:ERR_CERT_AUTHORITY_INVALID'. As shown, it seems that Chrome does not associate the web certificate returned by Fiddler with the root certificate already installed on the system, but I use the same installation method in Charles, it behaves well and can browse https pages normally, it seems that Charles generates a different certificate than Fiddler? I used the command

'openssl x509 -inform der -text -in /mnt/d/Users/menEu/Desktop/FiddlerRoot.cer'

to see the difference and it doesn't seem to be a huge difference (but I'm not specialized in this area)