Add option to sanitize trace of credentials

Progress® Telerik® Fiddler™ Classic Feedback Portal

Create an account Log In

Back to Feed

Request a Feature Report a Bug

Under Review

Last Updated: 15 Feb 2017 17:19 by Imported User

Imported User

Created on: 15 Feb 2017 05:59

Type: Feature Request

Add option to sanitize trace of credentials

Often in troubleshooting issues with websites a repro using Fiddler may be gathered. But customers may not know that any credentials posted in a web form are captured.

It would be easier if the Fiddler trace has an option added to offer to sanitize all occurrences of a string (especially in post body) which looks like a credential been sent.

This helps customer ensure no sensitive information is shared. The support engineer can rest assured that he has what he needs minus the password to review troubleshoot the trace.

1 comment

Eric

Posted on: 15 Feb 2017 06:00

There are scripts to do this (https://groups.google.com/forum/#!searchin/httpfiddler/remove$20authentication%7Csort:relevance/httpfiddler/y8TKF887P2o/juEl01yJY8QJ) , and it might make sense to try to offer a built-in option to do it.

The problem is that it leads to a false sense of privacy, insofar as it's entirely possible for credentials to be masked in such a way (e.g. base64-encoding, rot-13, what have you) such that a cleaner script doesn't recognize them but an attacker would not.