Pending Review
Last Updated: 18 Feb 2020 18:28 by TelerikHDMI
Created by: TelerikHDMI
Comments: 0
Type: Feature Request
1

I would be nice if Fiddler could decrypt zstandard compressed requests.

Pending Review
Last Updated: 14 Feb 2020 07:39 by George

It's a common practice to compress binary payloads inside WebSockets using zlib.deflate, though in Fiddler they are displayed as binary dump. It's quite simple to analyze two trailing bytes of a binary packet, and if they are equal to 0xFFFF you could try to apply zlib.inflate to that packet. If it succeeds, replace the binary contents with its unzipped text equivalent.

WMBR, George Hazan.

Completed
Last Updated: 11 Feb 2020 20:33 by Dan
This is a feature that's present in both the Firefox and Chrome dev tools, and it's incredibly useful. Fiddler is already great, and that would make it so much better :-)
Unplanned
Last Updated: 11 Feb 2020 18:24 by ADMIN
Created by: Stephan
Comments: 5
Type: Feature Request
116
HTTP/2 has been a standard since mid-2015.   All major browsers support it,  but adoption is slow because there no good debugging tools.    I want to take advantage of pipelining, server push, etc that comes with HTTP/2 which makes it easier to adopt packages like gRPC.    Having a good debugging story (both capture as well as insertion / modification) would make this more possible
Under Review
Last Updated: 06 Feb 2020 14:52 by ADMIN
Created by: Imported User
Comments: 6
Type: Feature Request
9
Like the JSON and XML tabs, there should be a Protobuf tab that offers to decode protobuf requests and responses.
Unplanned
Last Updated: 06 Feb 2020 14:05 by ADMIN
Created by: Ekaterina
Comments: 6
Type: Feature Request
2

Greetings!

For now very popular technology in rest is graphQL

We use it in our project

Could you please add graphQl in Fiddler?

Thx

Pending Review
Last Updated: 06 Feb 2020 13:44 by ADMIN
Created by: S
Comments: 3
Type: Feature Request
1

It'd be extremely useful if Fiddler could have the ability to do filtering non-destructively, where filtering doesn't drop data/entries/lines altogether, but rather, merely hiding them from display.

This enables the ability for you to do multiple levels/layers/slices of filtering, as there's very often a need for doing on any given capture session. Currently, however, when you filter on something, the capture data gets dropped from the data/result set, lost altogether.

Process Monitor by Microsoft/Sysinternals has this ability, and it's extremely useful, allowing you to not only do layers of filtering, but also allowing the ability to traverse back up the "stack" 1..n filter layers, and if/when needed, able to un-filter all the way back up to baseline of all capture data shown (and without having to re-load a session save).

Procmon also has the ability to "Drop filtered events", which when enabled does destructive filtering, dropping any non-filter-matching packets from that point forward:

This would also be handy to have, but not crucial; much more beneficial/important is the ability to filter non-destructively.

Under Review
Last Updated: 31 Jan 2020 10:12 by Lior
Created by: Imported User
Comments: 2
Type: Feature Request
2
There are many organization which do not allow admin rights and also are against installing any sniffing tools. However, fiddler is a very useful tool. It works by extracting in the installer exe with 7zip. However, thats still a trouble or unknown solution for many. It fiddler is also available as portable tool, then browser hooks may not work, rest is fine.
Pending Review
Last Updated: 28 Jan 2020 00:47 by Eric
Created by: Michael
Comments: 1
Type: Feature Request
0

Viewing and editing query parameters is not a pleasant experience.

I'd prefer not having to switch to Postman for editing and sending requests, but its UI is currently so much better for this task.

Unplanned
Last Updated: 27 Jan 2020 15:53 by ADMIN

Some third-party libraries, for example HtmlAgilityPack, cannot be added as references to FiddlerScript.

The path to the assembly is added in the Tools -> Options -> Scripting -> References, but an error message that the assembly cannot be loaded appears when the method using the assembly is invoked.

Workaround: use JScript.NET as a scripting language.

Under Review
Last Updated: 18 Jan 2020 02:28 by Hein
Created by: Isaac
Comments: 4
Type: Feature Request
20
Lots of development software has dark themes because it is less stress on your eyes and looks cool.
Pending Review
Last Updated: 06 Jan 2020 16:21 by Eric

Fiddler UI mnuSessionContext "Inspect in New Window",which method of fiddler call?

I didn't find the corresponding call method in the fiddlecore document.

Please @Eric

Pending Review
Last Updated: 16 Dec 2019 19:51 by Eric

 

 

 

(Some blocking rules are not shown)

 

When I use the "filter now" function, it does not filter properly.

It goes like this:

Prior to this, I used the "Filters" feature, but there was always a link that was not blocked.(this url: https://watson.telemetry.microsoft.com/Telemetry.Request  )

With the "Filters" function turned on, I used the "Filter now" function several times to block this link, but the result was only blocked at that time, and then came out again.

Now I turn off the "Filters" function, and then use "Filter now" to block that link. As a result, the blocking rule is not displayed in the lower left corner. Other blocking rules can be displayed normally.

 

 

Unplanned
Last Updated: 10 Dec 2019 07:27 by ADMIN

When HTTPS decryption is enabled in Fiddler, Fiddler parses the ClientHello and ServerHello HTTPS messages to determine the supported ciphers and other information, including TLS Extensions.

Unfortunately, Fiddler's HTTPSMessages parsers have a bug whereby if the extensions are larger than the available data on the stream/pipe, reading of the extensions is skipped and misleading text suggesting that no extensions were sent is shown in the Inspectors. For instance, the current version of Chrome Canary sends ~1308 bytes of TLS extensions in the ClientHello, but only 908 bytes are available at the time that the message is read. Fiddler claims that the ClientHello contained no extensions. 

Instead of performing a single .Read() call and ignoring the result if the size is less than expected, Fiddler should continue to read the stream until the promised number of bytes have been read.

 

[This issue is similar to https://crbug.com/1028602#c2, although the implementation is obviously unrelated).

Won't Fix
Last Updated: 09 Dec 2019 15:11 by ADMIN
Created by: Girish
Comments: 1
Type: Bug Report
0

I am getting the following crash when trying to install Fiddler, please advise : 

 

 mono Fiddler.exe

WARNING: The Carbon driver has not been ported to 64bits, and very few parts of Windows.Forms will work properly, or at all

 

=================================================================

Native Crash Reporting

=================================================================

Got a SIGSEGV while executing native code. This usually indicates

a fatal error in the mono runtime or one of the native libraries 

used by your application.

=================================================================

 

=================================================================

Native stacktrace:

=================================================================

(No frames) 

 

 

=================================================================

Telemetry Dumper:

=================================================================

Pkilling 0x7000085df000 from 0x11617bdc0

Pkilling 0x7000088e8000 from 0x11617bdc0

Entering thread summarizer pause from 0x11617bdc0

Finished thread summarizer pause from 0x11617bdc0.

 

Waiting for dumping threads to resume

 

=================================================================

External Debugger Dump:

=================================================================

(lldb) command source -s 0 '/tmp/mono-gdb-commands.95325'

Executing commands in '/tmp/mono-gdb-commands.95325'.

(lldb) process attach --pid 95325

error: attach failed: Error 1

 

=================================================================

Basic Fault Address Reporting

=================================================================

Memory around native instruction pointer (0x7fff5ce3a565):0x7fff5ce3a555  53 50 48 89 fb 48 8b 05 af 51 f3 31 48 8b 48 18  SPH..H...Q.1H.H.

0x7fff5ce3a565  48 89 4f 18 48 8b 48 10 48 89 4f 10 48 8b 08 48  H.O.H.H.H.O.H..H

0x7fff5ce3a575  8b 40 08 48 89 47 08 48 89 0f 89 f7 48 89 de e8  .@.H.G.H....H...

0x7fff5ce3a585  52 e1 fb ff 48 89 d8 48 83 c4 08 5b 5d c3 55 48  R...H..H...[].UH

 

=================================================================

Managed Stacktrace:

=================================================================

  at <unknown> <0xffffffff>

  at System.Windows.Forms.XplatUICarbon:CGDisplayBounds <0x000bc>

  at System.Windows.Forms.XplatUICarbon:get_WorkingArea <0x00072>

  at System.Windows.Forms.XplatUICarbon:get_VirtualScreen <0x00043>

  at System.Windows.Forms.XplatUI:get_VirtualScreen <0x00048>

  at System.Windows.Forms.Screen:.cctor <0x0017a>

  at System.Object:runtime_invoke_void <0x000a5>

  at <unknown> <0xffffffff>

  at System.Windows.Forms.Form:get_CreateParams <0x0062a>

  at System.Windows.Forms.Control:CreateHandle <0x0009e>

  at System.Windows.Forms.Form:CreateHandle <0x00052>

  at System.Windows.Forms.Control:CreateControl <0x000c6>

  at System.Windows.Forms.Control:SetVisibleCore <0x00112>

  at System.Windows.Forms.Form:SetVisibleCore <0x0024a>

  at System.Windows.Forms.Control:set_Visible <0x00052>

  at System.Windows.Forms.Control:Show <0x00042>

  at System.Windows.Forms.Control:Show <0x000a2>

  at Fiddler.frmViewer:‹• <0x0028a>

  at Fiddler.frmViewer:‡• <0x000d2>

  at <Module>:runtime_invoke_void_object <0x000b0>

=================================================================

zsh: abort      mono Fiddler.exe


Unplanned
Last Updated: 09 Dec 2019 10:41 by ADMIN

As it stands today, the "Show only traffic from" combobox in the Filters tab will show the process name, its process ID and its window title, if one is available.

However, command line applications, like dotnet.exe do not show any additional information, which can make it harder to distinguish them when there are multiple instances running.

At that point one needs to open task manager to find the process with the expected command line and figure out its process ID.

 

If the drop down were to show the process full command line, it would eliminate this extra step.

 

Thanks

 

Declined
Last Updated: 09 Dec 2019 08:51 by ADMIN
Created by: Morten
Comments: 3
Type: Feature Request
0

Hi,

I'm using the feature to right-click on requests and show or hide them heavily. It would be very nice to have this functionality from the QuickExec. Especially a ShowOnly by URL would be very nice. When using Fiddler for debugging the process ID may change frequently so that is not a good basis for filtering. On the other hand a modern development machine makes so many requests - if you have a few browser tabs open - that selecting hide for all is very inconvenient.

Unplanned
Last Updated: 03 Dec 2019 21:23 by Wojciech Rajchel
Created by: Wojciech Rajchel
Comments: 2
Type: Bug Report
1

Describe the bug
After following the steps in the Capture All IIS Traffic on the Web Server Forum Post Fiddler goes into an endless loop.

image

To Reproduce
Steps to reproduce the behavior:

  1. Disable the firewall on the IIS Web Server

  2. Edit machine.config proxy settings to point to 127.0.0.1:8888

    <system.net>
        <defaultProxy>
            <proxy autoDetect="false" bypassonlocal="false" proxyaddress="http://127.0.0.1:8888" usesystemdefault="false" />
        </defaultProxy>
    </system.net>
  3. Set the WinHTTP Proxy Settings to point to 127.0.0.1:8888
    netsh winhttp set proxy 127.0.0.1:8888

  4. Change the IIS Site Bindings to an alternate Port. In this example, it is 8080
    IIS Bindings

  5. In Fiddler, execute !listen 80 in QuickExec
    Fiddler QuickExec

  6. Add Custom Rule to Forward Requests Received to WinHTTP Port. In this case, 8080

    static function OnBeforeRequest(oSession: Session) {
        
        // ...Code removed for brevity...
        if(oSession.host == "[INSERT_HOST_NAME_HERE].com:80")
        {
            oSession.host = "[INSERT_HOST_NAME_HERE].com:8080"  /// This is the Fiddler Port
        }
        
        // ...Code removed for brevity...    
    }

Expected behavior
Fiddler should capture all traffic to and from the web server. This configuration should configure Fiddler as both the normal proxy and reverse proxy simultaneously.

Desktop (please complete the following information):

  • OS: Windows Server 2012 R2
  • Browser: Any
  • Version: Any
Pending Review
Last Updated: 27 Nov 2019 08:15 by ADMIN
Hello! I have the latest version of the feedler, and the "Show only traffic from" function does not work in it. It happens that it intercepts the traffic of some tabs, but almost always not.
Completed
Last Updated: 20 Nov 2019 11:54 by ADMIN
Created by: Eric
Comments: 0
Type: Feature Request
5
Ensure that traffic from the Brave web browser is properly categorized by the traffic filtering system in the status bar.
1 2 3 4 5 6