Unplanned
Last Updated: 11 Feb 2020 18:24 by ADMIN
Created by: Stephan
Comments: 5
Type: Feature Request
118
HTTP/2 has been a standard since mid-2015.   All major browsers support it,  but adoption is slow because there no good debugging tools.    I want to take advantage of pipelining, server push, etc that comes with HTTP/2 which makes it easier to adopt packages like gRPC.    Having a good debugging story (both capture as well as insertion / modification) would make this more possible
Unplanned
Last Updated: 14 Nov 2019 15:28 by ADMIN
Created by: Mihai
Comments: 1
Type: Feature Request
10

Would really appreciate a proper machine based installation again, user-based installs are difficult to manage in corporate/enterprise environments & the psuedo machine install of redirecting install folder & creating new shortcuts isn't great, especially if as you mention yourself extensions wont work.

I understand the advantage of not needing admin rights to install programs, but surely most of the targeted audience for this application would either A) have admin rights, or B) be in a managed environment with deployment software in use (and potentially white-listing/App Control software preventing unauthorized apps to run anyway)

Unplanned
Last Updated: 11 Mar 2019 13:18 by ADMIN
Currently by listening to FiddlerApplication.OnWebSocketMessage it's possible to modify the incoming & outgoing messages but it's not possible to send independent direct messages in or out.

Adding the ability to send direct messages will give more freedom on injecting custom messages in both directions, repeating server response messages etc.
Currently if you need to inject an outgoing message you need to wait for the client to generate a message and only then intercept, modify and forward it. Sometimes the client may wait longer times to respond and a direct message mechanism would be quite useful to generate quicker responses.

From: How to send a new web socket message instead of modifying an existing one?
 (https://groups.google.com/forum/#!topic/httpfiddler/CC5XxiWfpuI) Related to: Add properties to WebSocket object (https://fiddler.ideas.aha.io/ideas/FID-I-146)
Unplanned
Last Updated: 31 Aug 2016 05:00 by Tsviatko
Created by: Leslie
Comments: 2
Type: Feature Request
6
New compression from Google - better than gzip.   Supported in Chrome and FF.  See site https://www.netwarc.nl/  for an example.  Fiddler is unable to decompress the response content.

Also see http://www.omgchrome.com/brotli-http-compression-coming-to-chrome/ and https://textslashplain.com/2015/09/10/brotli/
Unplanned
Last Updated: 10 Jul 2019 10:38 by ADMIN
WebSockets offer a mechanism for doing compression of messages. Fiddler's WebSocket Inspector should provide a simpler means of viewing such content.

The mechanism looks to be a simple DEFLATE operation: https://tools.ietf.org/html/rfc7692
Unplanned
Last Updated: 14 Nov 2019 15:40 by ADMIN
Created by: Antonio
Comments: 3
Type: Bug Report
4

Fiddler crashes sometimes with this message:

No se puede obtener acceso al objeto desechado.

Nombre del objeto: 'WinHttpAutoProxy'.

Type: System.ObjectDisposedException
Source: Fiddler
   en “.Ÿœ.ƒ•(String •, String& ‘‰, String& ”) en C:\JenkinsHome\jobs\FiddlerReleaseBuild\workspace\FiddlerCore\PlatformExtensions\Windows\FiddlerCore.PlatformExtensions.Windows.Shared\WinHttpAutoProxy.cs:línea 52
   en .‚•.œ(String –, IPEndPoint& žœ) en C:\JenkinsHome\jobs\FiddlerReleaseBuild\workspace\Fiddler2\Common\Core\AutoProxy.cs:línea 142
   en Fiddler.Proxy.FindGatewayForOrigin(String sURIScheme, String sHostAndPort) en C:\JenkinsHome\jobs\FiddlerReleaseBuild\workspace\Fiddler2\Common\Core\Proxy.cs:línea 805
   en Fiddler.ServerChatter.Œ() en C:\JenkinsHome\jobs\FiddlerReleaseBuild\workspace\Fiddler2\Common\Core\ServerChatter.cs:línea 1056
   en Fiddler.ServerChatter.‹Œ(AsyncCallback ŒŒ) en C:\JenkinsHome\jobs\FiddlerReleaseBuild\workspace\Fiddler2\Common\Core\ServerChatter.cs:línea 932
   en Fiddler.Session.‘() en C:\JenkinsHome\jobs\FiddlerReleaseBuild\workspace\Fiddler2\Common\Core\Session.cs:línea 3638
   en Fiddler.Session.œ™(IAsyncResult Œ) en C:\JenkinsHome\jobs\FiddlerReleaseBuild\workspace\Fiddler2\Common\Core\Session.cs:línea 3649
   en Fiddler.ServerChatter.ŽŒ() en C:\JenkinsHome\jobs\FiddlerReleaseBuild\workspace\Fiddler2\Common\Core\ServerChatter.cs:línea 1518
   en Fiddler.ServerChatter.Œ() en C:\JenkinsHome\jobs\FiddlerReleaseBuild\workspace\Fiddler2\Common\Core\ServerChatter.cs:línea 1472
   en Fiddler.ServerChatter.‹Œ(AsyncCallback ŒŒ) en C:\JenkinsHome\jobs\FiddlerReleaseBuild\workspace\Fiddler2\Common\Core\ServerChatter.cs:línea 932
   en Fiddler.Session.‘() en C:\JenkinsHome\jobs\FiddlerReleaseBuild\workspace\Fiddler2\Common\Core\Session.cs:línea 3638
   en Fiddler.Session.(Object ) en C:\JenkinsHome\jobs\FiddlerReleaseBuild\workspace\Fiddler2\Common\Core\Session.cs:línea 3426

Fiddler v5.0.20173.50948 (x86 x86) [.NET 4.0.30319.42000 on Microsoft Windows NT 6.1.7601 Service Pack 1] 

Unplanned
Last Updated: 29 Jul 2019 08:56 by ADMIN
Created by: Imported User
Comments: 2
Type: Feature Request
3
When Fiddler generates a certificate based on the original server certificate (using oSession["X-UseCertCNFromServer"]), it doesn't include all ServerAltNames from the original certificate.
Unplanned
Last Updated: 27 Sep 2019 07:55 by ADMIN
Created by: Imported User
Comments: 4
Type: Feature Request
3
I had request with json body, after exporting to curl, looking at the batch file, i didn't see the body part of the request
Unplanned
Last Updated: 11 Apr 2019 12:45 by ADMIN

My Fiddler log is usually filled with thousands of ClientHello warnings. It's a burden for me to read through the log with all those messages. For example:


23:42:42:4843 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
23:42:42:4863 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
23:42:42:4863 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
23:42:42:4863 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
23:42:42:4983 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
23:42:42:4983 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
23:42:42:5113 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
23:42:42:5123 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance

 

I discussed this with Eric Lawrence in the Fiddler Groups thread HTTPSLint> Warning: ClientHello record was xxx bytes long and he had a few suggestions:

  1. Stop logging these entirely, or maybe log them only when the handshake is between 255 and 512 bytes (https://cs.chromium.org/chromium/src/third_party/boringssl/src/ssl/ssl_test.cc?l=1082&rcl=9f0e7cb314ae64234b928fd379381ae9760a9a5f). I think today the warning in Fiddler is simply >255 bytes. But we should probably get rid of this logging entirely, as the buggy server appliances are probably out of the market at this point. Although maybe show a warning at >767 bytes as a) that's huge, and b) we found that there's a server called Gatling that fails on handshakes that big.
  2. Extend the existing interfaces related to Log handling to allow an extension to "eat" messages so that they don't end up in the log.
  3. Extend the Log tab to make use of that new interface to have an "Ignore regex match" box.

 

Unplanned
Last Updated: 15 Nov 2019 07:24 by ADMIN
Created by: Jonny
Comments: 1
Type: Feature Request
2

Hi!

Is there any way to disable underlining of URL in Raw Inspector tab? It is very annoying when you try to copy part of the request but in fact open the link in the browser instead.

Unplanned
Last Updated: 06 Feb 2020 14:05 by ADMIN
Created by: Ekaterina
Comments: 6
Type: Feature Request
2

Greetings!

For now very popular technology in rest is graphQL

We use it in our project

Could you please add graphQl in Fiddler?

Thx

Unplanned
Last Updated: 03 Dec 2019 21:23 by Wojciech Rajchel
Created by: Wojciech Rajchel
Comments: 2
Type: Bug Report
2

Describe the bug
After following the steps in the Capture All IIS Traffic on the Web Server Forum Post Fiddler goes into an endless loop.

image

To Reproduce
Steps to reproduce the behavior:

  1. Disable the firewall on the IIS Web Server

  2. Edit machine.config proxy settings to point to 127.0.0.1:8888

    <system.net>
        <defaultProxy>
            <proxy autoDetect="false" bypassonlocal="false" proxyaddress="http://127.0.0.1:8888" usesystemdefault="false" />
        </defaultProxy>
    </system.net>
  3. Set the WinHTTP Proxy Settings to point to 127.0.0.1:8888
    netsh winhttp set proxy 127.0.0.1:8888

  4. Change the IIS Site Bindings to an alternate Port. In this example, it is 8080
    IIS Bindings

  5. In Fiddler, execute !listen 80 in QuickExec
    Fiddler QuickExec

  6. Add Custom Rule to Forward Requests Received to WinHTTP Port. In this case, 8080

    static function OnBeforeRequest(oSession: Session) {
        
        // ...Code removed for brevity...
        if(oSession.host == "[INSERT_HOST_NAME_HERE].com:80")
        {
            oSession.host = "[INSERT_HOST_NAME_HERE].com:8080"  /// This is the Fiddler Port
        }
        
        // ...Code removed for brevity...    
    }

Expected behavior
Fiddler should capture all traffic to and from the web server. This configuration should configure Fiddler as both the normal proxy and reverse proxy simultaneously.

Desktop (please complete the following information):

  • OS: Windows Server 2012 R2
  • Browser: Any
  • Version: Any
Unplanned
Last Updated: 20 Mar 2020 17:03 by ADMIN
Created by: Carlos
Comments: 1
Type: Feature Request
2
Since most browser's and mobile apps are starting to use HTTP3 it would be nice if Fiddler could also support this.
Unplanned
Last Updated: 09 Dec 2019 10:41 by ADMIN

As it stands today, the "Show only traffic from" combobox in the Filters tab will show the process name, its process ID and its window title, if one is available.

However, command line applications, like dotnet.exe do not show any additional information, which can make it harder to distinguish them when there are multiple instances running.

At that point one needs to open task manager to find the process with the expected command line and figure out its process ID.

 

If the drop down were to show the process full command line, it would eliminate this extra step.

 

Thanks

 

Unplanned
Last Updated: 10 Dec 2019 07:27 by ADMIN

When HTTPS decryption is enabled in Fiddler, Fiddler parses the ClientHello and ServerHello HTTPS messages to determine the supported ciphers and other information, including TLS Extensions.

Unfortunately, Fiddler's HTTPSMessages parsers have a bug whereby if the extensions are larger than the available data on the stream/pipe, reading of the extensions is skipped and misleading text suggesting that no extensions were sent is shown in the Inspectors. For instance, the current version of Chrome Canary sends ~1308 bytes of TLS extensions in the ClientHello, but only 908 bytes are available at the time that the message is read. Fiddler claims that the ClientHello contained no extensions. 

Instead of performing a single .Read() call and ignoring the result if the size is less than expected, Fiddler should continue to read the stream until the promised number of bytes have been read.

 

[This issue is similar to https://crbug.com/1028602#c2, although the implementation is obviously unrelated).

Unplanned
Last Updated: 06 Nov 2019 01:28 by S
Scheduled for Fiddler for Windows vNext

Once a program has been "Filter now"ed via the context menu, if that filter is later deleted from down bottom, that program can no longer be "Filter Now"ed again; nothing happens.

It's as if program filtering is only given one opportunity to be "Filter Now"ed. Once that's happened, even if they filter gets deleted, the program isn't given another opportunity to be Filter Now'ed.

Unplanned
Last Updated: 14 Nov 2019 15:39 by ADMIN

When right-clicking a session and going into the "Filter Now" context menu, there's a filter option at the bottom which filters by Content-Type. Very useful. However, when using Fiddler's ALT-click function on the session list, ALT-clicking on a particular session's Content-Type column value (in order to select all sessions with that same content-type), it factors in subsequent content-type parameters as a unique content-type.

For example, if back-to-back sessions for a particular website were content-types "application/json" followed by "application/json; charset=utf-8", ALT-clicking on one of their content-type entries in the Content-Type column would not select the other, since ALT-click would view them as different content-types. However, if you right-click either of them and Filter-Now by its content-type (application/json), this will filter both sessions despite the additional parameter appended onto the content-type of the latter session -- this is the more useful methodology, in my opinion.

The Filter-Now rule as it stands is the most/more useful of the two methods, since base content-type is almost always what's most important (in my experience).

Can the ALT-click functionality on Content-Type column values mirror the Filter-Now functionality in only looking at base Content-Type of a session? It would be most useful if so, especially since "charsets" can vary so widely/dynamically across sites, when trying to quickly hone-select on all sessions with application/json (or similar), for example.

Unplanned
Last Updated: 17 Sep 2019 07:25 by ADMIN
Created by: Lesences
Comments: 2
Type: Bug Report
1

Hi sir,

     I am an android developer from China, I really like to use Fiddler.But today,when I try to download it, I find avery serious error that Taiwan and Hong Kong are in the 'Country' option. Everyone knows that Taiwan and Hong Kong are part of China,please  add '-China' behind them,thanks.

     Or just like Oracle ,the picture below is a screenshot of my from Oracle.

     I will follow this thing! :)

 

 

     

Unplanned
Last Updated: 16 Jul 2019 07:40 by ADMIN

Repro steps:

1. Inspect a websocket connections traffic

2. Expand the preview column so that the message body should show more than 65 characters.

3. Observe that even though the column is wide enough to support more than 65 characters, only 65 characters are displayed.

Unplanned
Last Updated: 08 Oct 2019 14:20 by ADMIN
Created by: Frank
Comments: 0
Type: Feature Request
1
Would it be possible to update the History section of the Composer so that the urls shown aren't cut off because of the column width? Resizing it is also a chore because first you have to resize the entire section and then the column.
1 2