Pending Review
Last Updated: 18 Feb 2020 18:28 by TelerikHDMI
Created by: TelerikHDMI
Comments: 0
Type: Feature Request
1

I would be nice if Fiddler could decrypt zstandard compressed requests.

Pending Review
Last Updated: 14 Feb 2020 07:39 by George

It's a common practice to compress binary payloads inside WebSockets using zlib.deflate, though in Fiddler they are displayed as binary dump. It's quite simple to analyze two trailing bytes of a binary packet, and if they are equal to 0xFFFF you could try to apply zlib.inflate to that packet. If it succeeds, replace the binary contents with its unzipped text equivalent.

WMBR, George Hazan.

Pending Review
Last Updated: 06 Feb 2020 13:44 by ADMIN
Created by: S
Comments: 3
Type: Feature Request
1

It'd be extremely useful if Fiddler could have the ability to do filtering non-destructively, where filtering doesn't drop data/entries/lines altogether, but rather, merely hiding them from display.

This enables the ability for you to do multiple levels/layers/slices of filtering, as there's very often a need for doing on any given capture session. Currently, however, when you filter on something, the capture data gets dropped from the data/result set, lost altogether.

Process Monitor by Microsoft/Sysinternals has this ability, and it's extremely useful, allowing you to not only do layers of filtering, but also allowing the ability to traverse back up the "stack" 1..n filter layers, and if/when needed, able to un-filter all the way back up to baseline of all capture data shown (and without having to re-load a session save).

Procmon also has the ability to "Drop filtered events", which when enabled does destructive filtering, dropping any non-filter-matching packets from that point forward:

This would also be handy to have, but not crucial; much more beneficial/important is the ability to filter non-destructively.

Pending Review
Last Updated: 28 Jan 2020 00:47 by Eric
Created by: Michael
Comments: 1
Type: Feature Request
0

Viewing and editing query parameters is not a pleasant experience.

I'd prefer not having to switch to Postman for editing and sending requests, but its UI is currently so much better for this task.

Unplanned
Last Updated: 27 Jan 2020 15:53 by ADMIN

Some third-party libraries, for example HtmlAgilityPack, cannot be added as references to FiddlerScript.

The path to the assembly is added in the Tools -> Options -> Scripting -> References, but an error message that the assembly cannot be loaded appears when the method using the assembly is invoked.

Workaround: use JScript.NET as a scripting language.

Pending Review
Last Updated: 06 Jan 2020 16:21 by Eric

Fiddler UI mnuSessionContext "Inspect in New Window",which method of fiddler call?

I didn't find the corresponding call method in the fiddlecore document.

Please @Eric

Pending Review
Last Updated: 16 Dec 2019 19:51 by Eric

 

 

 

(Some blocking rules are not shown)

 

When I use the "filter now" function, it does not filter properly.

It goes like this:

Prior to this, I used the "Filters" feature, but there was always a link that was not blocked.(this url: https://watson.telemetry.microsoft.com/Telemetry.Request  )

With the "Filters" function turned on, I used the "Filter now" function several times to block this link, but the result was only blocked at that time, and then came out again.

Now I turn off the "Filters" function, and then use "Filter now" to block that link. As a result, the blocking rule is not displayed in the lower left corner. Other blocking rules can be displayed normally.

 

 

Unplanned
Last Updated: 10 Dec 2019 07:27 by ADMIN

When HTTPS decryption is enabled in Fiddler, Fiddler parses the ClientHello and ServerHello HTTPS messages to determine the supported ciphers and other information, including TLS Extensions.

Unfortunately, Fiddler's HTTPSMessages parsers have a bug whereby if the extensions are larger than the available data on the stream/pipe, reading of the extensions is skipped and misleading text suggesting that no extensions were sent is shown in the Inspectors. For instance, the current version of Chrome Canary sends ~1308 bytes of TLS extensions in the ClientHello, but only 908 bytes are available at the time that the message is read. Fiddler claims that the ClientHello contained no extensions. 

Instead of performing a single .Read() call and ignoring the result if the size is less than expected, Fiddler should continue to read the stream until the promised number of bytes have been read.

 

[This issue is similar to https://crbug.com/1028602#c2, although the implementation is obviously unrelated).

Won't Fix
Last Updated: 09 Dec 2019 15:11 by ADMIN
Created by: Girish
Comments: 1
Type: Bug Report
0

I am getting the following crash when trying to install Fiddler, please advise : 

 

 mono Fiddler.exe

WARNING: The Carbon driver has not been ported to 64bits, and very few parts of Windows.Forms will work properly, or at all

 

=================================================================

Native Crash Reporting

=================================================================

Got a SIGSEGV while executing native code. This usually indicates

a fatal error in the mono runtime or one of the native libraries 

used by your application.

=================================================================

 

=================================================================

Native stacktrace:

=================================================================

(No frames) 

 

 

=================================================================

Telemetry Dumper:

=================================================================

Pkilling 0x7000085df000 from 0x11617bdc0

Pkilling 0x7000088e8000 from 0x11617bdc0

Entering thread summarizer pause from 0x11617bdc0

Finished thread summarizer pause from 0x11617bdc0.

 

Waiting for dumping threads to resume

 

=================================================================

External Debugger Dump:

=================================================================

(lldb) command source -s 0 '/tmp/mono-gdb-commands.95325'

Executing commands in '/tmp/mono-gdb-commands.95325'.

(lldb) process attach --pid 95325

error: attach failed: Error 1

 

=================================================================

Basic Fault Address Reporting

=================================================================

Memory around native instruction pointer (0x7fff5ce3a565):0x7fff5ce3a555  53 50 48 89 fb 48 8b 05 af 51 f3 31 48 8b 48 18  SPH..H...Q.1H.H.

0x7fff5ce3a565  48 89 4f 18 48 8b 48 10 48 89 4f 10 48 8b 08 48  H.O.H.H.H.O.H..H

0x7fff5ce3a575  8b 40 08 48 89 47 08 48 89 0f 89 f7 48 89 de e8  .@.H.G.H....H...

0x7fff5ce3a585  52 e1 fb ff 48 89 d8 48 83 c4 08 5b 5d c3 55 48  R...H..H...[].UH

 

=================================================================

Managed Stacktrace:

=================================================================

  at <unknown> <0xffffffff>

  at System.Windows.Forms.XplatUICarbon:CGDisplayBounds <0x000bc>

  at System.Windows.Forms.XplatUICarbon:get_WorkingArea <0x00072>

  at System.Windows.Forms.XplatUICarbon:get_VirtualScreen <0x00043>

  at System.Windows.Forms.XplatUI:get_VirtualScreen <0x00048>

  at System.Windows.Forms.Screen:.cctor <0x0017a>

  at System.Object:runtime_invoke_void <0x000a5>

  at <unknown> <0xffffffff>

  at System.Windows.Forms.Form:get_CreateParams <0x0062a>

  at System.Windows.Forms.Control:CreateHandle <0x0009e>

  at System.Windows.Forms.Form:CreateHandle <0x00052>

  at System.Windows.Forms.Control:CreateControl <0x000c6>

  at System.Windows.Forms.Control:SetVisibleCore <0x00112>

  at System.Windows.Forms.Form:SetVisibleCore <0x0024a>

  at System.Windows.Forms.Control:set_Visible <0x00052>

  at System.Windows.Forms.Control:Show <0x00042>

  at System.Windows.Forms.Control:Show <0x000a2>

  at Fiddler.frmViewer:‹• <0x0028a>

  at Fiddler.frmViewer:‡• <0x000d2>

  at <Module>:runtime_invoke_void_object <0x000b0>

=================================================================

zsh: abort      mono Fiddler.exe


Declined
Last Updated: 09 Dec 2019 08:51 by ADMIN
Created by: Morten
Comments: 3
Type: Feature Request
0

Hi,

I'm using the feature to right-click on requests and show or hide them heavily. It would be very nice to have this functionality from the QuickExec. Especially a ShowOnly by URL would be very nice. When using Fiddler for debugging the process ID may change frequently so that is not a good basis for filtering. On the other hand a modern development machine makes so many requests - if you have a few browser tabs open - that selecting hide for all is very inconvenient.

Unplanned
Last Updated: 09 Dec 2019 10:41 by ADMIN

As it stands today, the "Show only traffic from" combobox in the Filters tab will show the process name, its process ID and its window title, if one is available.

However, command line applications, like dotnet.exe do not show any additional information, which can make it harder to distinguish them when there are multiple instances running.

At that point one needs to open task manager to find the process with the expected command line and figure out its process ID.

 

If the drop down were to show the process full command line, it would eliminate this extra step.

 

Thanks

 

Unplanned
Last Updated: 03 Dec 2019 21:23 by Wojciech Rajchel
Created by: Wojciech Rajchel
Comments: 2
Type: Bug Report
1

Describe the bug
After following the steps in the Capture All IIS Traffic on the Web Server Forum Post Fiddler goes into an endless loop.

image

To Reproduce
Steps to reproduce the behavior:

  1. Disable the firewall on the IIS Web Server

  2. Edit machine.config proxy settings to point to 127.0.0.1:8888

    <system.net>
        <defaultProxy>
            <proxy autoDetect="false" bypassonlocal="false" proxyaddress="http://127.0.0.1:8888" usesystemdefault="false" />
        </defaultProxy>
    </system.net>
  3. Set the WinHTTP Proxy Settings to point to 127.0.0.1:8888
    netsh winhttp set proxy 127.0.0.1:8888

  4. Change the IIS Site Bindings to an alternate Port. In this example, it is 8080
    IIS Bindings

  5. In Fiddler, execute !listen 80 in QuickExec
    Fiddler QuickExec

  6. Add Custom Rule to Forward Requests Received to WinHTTP Port. In this case, 8080

    static function OnBeforeRequest(oSession: Session) {
        
        // ...Code removed for brevity...
        if(oSession.host == "[INSERT_HOST_NAME_HERE].com:80")
        {
            oSession.host = "[INSERT_HOST_NAME_HERE].com:8080"  /// This is the Fiddler Port
        }
        
        // ...Code removed for brevity...    
    }

Expected behavior
Fiddler should capture all traffic to and from the web server. This configuration should configure Fiddler as both the normal proxy and reverse proxy simultaneously.

Desktop (please complete the following information):

  • OS: Windows Server 2012 R2
  • Browser: Any
  • Version: Any
Unplanned
Last Updated: 06 Feb 2020 14:05 by ADMIN
Created by: Ekaterina
Comments: 6
Type: Feature Request
2

Greetings!

For now very popular technology in rest is graphQL

We use it in our project

Could you please add graphQl in Fiddler?

Thx

Pending Review
Last Updated: 27 Nov 2019 08:15 by ADMIN
Hello! I have the latest version of the feedler, and the "Show only traffic from" function does not work in it. It happens that it intercepts the traffic of some tabs, but almost always not.
Declined
Last Updated: 11 Nov 2019 07:12 by ADMIN
Unplanned
Last Updated: 14 Nov 2019 15:28 by ADMIN
Created by: Mihai
Comments: 1
Type: Feature Request
10

Would really appreciate a proper machine based installation again, user-based installs are difficult to manage in corporate/enterprise environments & the psuedo machine install of redirecting install folder & creating new shortcuts isn't great, especially if as you mention yourself extensions wont work.

I understand the advantage of not needing admin rights to install programs, but surely most of the targeted audience for this application would either A) have admin rights, or B) be in a managed environment with deployment software in use (and potentially white-listing/App Control software preventing unauthorized apps to run anyway)

Unplanned
Last Updated: 13 Nov 2019 10:57 by ADMIN

For Fiddler to be able to recognize the Edge Chromium process.

To add the Context Menu to Auto replay from the Ribbon Bar where we see the IE Icon and by right click in the request frame to replay it.

 

The first screenshot shows where I would like to see the Edge Chromium listed under.

The second illustration, shows the Context menu Revisit In option.

 

Pending Review
Last Updated: 14 Nov 2019 14:00 by ADMIN

Run 1 Example 1 (first 32 characters): {"SummaryTracker":null,"Column1

Run 2 Example 2 (first 32 characters):  ¢ €ªªªêÿteÐ(È„´47ó ¯*·:˜y@X

CustomRules.js

if (oSession.uriContains("/yadayada?Id=")) 
{
var qs = oSession.fullUrl.ToString;
var qsT = oSession.fullUrl.Split("=");
var qsone = qsT[1] + "_ABC";
oSession.SaveResponseBody("C:\\temp\\" + qsone + ".json");
}

Using latest Chrome as browser. Running fine for many months until 1 November 2019, Boom! Can anyone tell me what is going on? It appears to be random.

Thanks!

Unplanned
Last Updated: 14 Nov 2019 15:39 by ADMIN

When right-clicking a session and going into the "Filter Now" context menu, there's a filter option at the bottom which filters by Content-Type. Very useful. However, when using Fiddler's ALT-click function on the session list, ALT-clicking on a particular session's Content-Type column value (in order to select all sessions with that same content-type), it factors in subsequent content-type parameters as a unique content-type.

For example, if back-to-back sessions for a particular website were content-types "application/json" followed by "application/json; charset=utf-8", ALT-clicking on one of their content-type entries in the Content-Type column would not select the other, since ALT-click would view them as different content-types. However, if you right-click either of them and Filter-Now by its content-type (application/json), this will filter both sessions despite the additional parameter appended onto the content-type of the latter session -- this is the more useful methodology, in my opinion.

The Filter-Now rule as it stands is the most/more useful of the two methods, since base content-type is almost always what's most important (in my experience).

Can the ALT-click functionality on Content-Type column values mirror the Filter-Now functionality in only looking at base Content-Type of a session? It would be most useful if so, especially since "charsets" can vary so widely/dynamically across sites, when trying to quickly hone-select on all sessions with application/json (or similar), for example.

Declined
Last Updated: 15 Nov 2019 06:26 by wu
As subject means,oSession["x-OverrideGateway"] does not work with https sessions.Ive searched google and docs of fiddler.none of them can solve this,and i've tried such as oSession["x-OverrideGateway"] = "https=127.0.0.1:8080",but it just causes errors.By setting oSession["x-OverrideGateway"] = "127.0.0.1:8080",all http session works fine,but https session will just bypass this setting and go through directly.how can i deal with it?thx for your reply.
1 2 3 4 5 6