Please look in: unable to add neXpert add on. I know it is an issue from add-on side. However I would like to inform you to take this request in right direction. Many Thanks.
If we can filter-out sessions by process, we should be able to only interfere (decrypt) HTTPS sessions for specific processes, without affecting other running processes. We have the option to decrypt HTTPS traffic from browsers, non-browsers, or all processes... why cannot we decrypt traffic only for specific processes?
Hi, I recently used Fiddler installer "[Sep-15-17] v4.6.20173.38786" to upgrade from a July 2017 build. The installer, even when run as administrator, no longer chooses Program Files even if Fiddler is already installed in that location. Instead the location is always "C:\Users\USERNAME\AppData\Local\Programs\Fiddler" whether I run it as admin or not. So I manually changed the location to "c:\Program Files (x86)\Fiddler2". But then the installer told me uninstall failed and to manually uninstall the july version. In the programs menu I had trouble finding "Fiddler" because you actually put the company name in the program name field instead of just in the company field. For example it's listed as "Progress Telerik Fiddler" which I don't think anyone is going to think of if they want to uninstall. Almost all programs put their company name in the company field and leave it out of the program name. Anyway, I did uninstall it but chose to keep settings. Then when I installed it I noticed it connecting to emergency update even though I had that disabled in the registry. In other words the uninstall though promising to keep my settings wiped out the: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fiddler2] "BlockUpdateCheck"="True" so I had to re-add that. Now everything appears to be working ok. I think you should fix the following things in the installer: * Fix the auto-detect for the Fiddler program location or if not then offer Fiddler users an option to install single-user or all-users. * Fix the uninstaller not to remove the BlockUpdateCheck key, or better whatever other settings it deletes from the registry. * Fix the installer not running a proper uninstall (if possible -- that may be just a fluke on my end for some reason). * Change the program name to Fiddler and put your company name in the company field so if someone needs to uninstall it they can easily find it.
I enabled Automatic Breakpoints > Before Requests and the session inspector has a dropdown but I cannot see what's in it because the dropdown is too narrow, as shown in the attached screenshot. v4.6.20173.38786 Built: Friday, September 15, 2017
The number of sessions area in the strip at the bottom of the Fiddler window is too small. In the attached screenshot there's 932 selected sessions but the number is cut off, as is the total number. As a workaround I'm using the Request Count in the statistics window to get the selected count.
I'm subscribed to a number of issues including some that I reported. I am not receiving updates when comments are added. I'm not sure if this is a bug or intended. For example I just by chance saw an issue that I reported (https://fiddler.ideas.aha.io/ideas/FID-I-260) has a reply by Eric Lawrence with a workaround (thanks Eric). But I received no e-mail update for the comment. Then I went and checked all my other subscriptions and some of them had comments and I never received updates for them. Please fix the forum to give me e-mail updates when comments are added.
Today, FiddlerCore sets the base path for writing (e.g. temp files generated when compressing/decompressing brotli, etc) to a "FiddlerCore" subfolder of the user's MyDocuments folder. This isn't a particularly good default, but the bigger problem is that it cannot be easily overridden without reflecting into the private members of the CONFIG class. This path should be settable, at least before Startup() is called.
Hi! When user works with AutoResponder a lot, it may contain lots of rules, most of them are probably start with https:// or regex:. To understand what rule does, especially after some time or when import/export for colleagues the context is fading. I propose to add new column with label/comment which will contain any string for rule name or any explanation what rule does. It may be editable cell so user will be able to change it "on the fly" without needing to select rule and then select input on the bottom of the panel. Also would be great to have folders or categories, then user will be able to sort rules for different hosts or purposes.
The handler for the "M" key in the AutoResponder needs to suppress the keypress. Right now, if you have a rule in the "If request matches" column that starts with "M" and you select a different rule, hit "M" to add a comment to it, then Windows automatically focuses the list item that starts with "M", then Fiddler invokes the "Add Comment" action on that rule instead of the one originally selected.
Hi! Add possibility to change "Browse" button default browser or use last selected browser when user clicks on it.
I think this may be a regression. The Content-Security-Policy header needs to be shown in the Security headers section, not in the Entity headers session (which looks for "Content-*").
Observing session based authentication such as NTLM only works when the first WWW-Authenticate header in the 401 response is either either NTLM or Negotiate. For example, if I set up my server to send the headers in the following order: WWW-Authenticate: NTLM WWW-Authenticate: Bearer Then the Proxy-Support: Session-Based-Authentication header is added by Fiddler and NTLM authentication succeeds. If I instead reorder them: WWW-Authenticate: Bearer WWW-Authenticate: NTLM In this case the Proxy-Support: Session-Based-Authentication header is not added by Fiddler. If the client only supports NTLM and not bearer authentication, then the connection will fail unexpectedly. In conclusion: It looks like fiddler is checking only the first WWW-Authenticate header when deciding whether or not to send Proxy-Support: Session-Based-Authentication. It should be checking all of the WWW-Authenticate headers.
It's small, clipped, and not noticable. Just spent the last hour trying to troubleshoot why I was getting an Internal Server Error. If I would have noticed the JSON error message, it would have saved me most of that time. See attachment. Consider red bold font.
I installed Fiddler in D:\Dev\Fiddler\ But FiddlerCertMaker still installed in C:\Program Files (x86)\Fiddler
Drag/drop a Content-Encoding: gzip compressed response from the Web Sessions list to the AutoResponder. Right-click it and choose Edit Response. Observe: Response is compressed and cannot be edited. I think in the past this used to show the little yellow "Click here to decode" bar in the Editors popup window.
I use fiddler all the time to test various apis and it would be nice to have either templates or access to the composer header/body textboxes via QuickExec. That way I could create standard templates (or actions) to prefill certain values. The template should contain.. Action Url Protocol Request Headers Request Body A new Template explorer could be added under the existing Log Request History which could be a tree view that allows one to structure their templates.
It appears that in the latest version (v5.0.20173.50948 for .NET 4.6.1) there's a bug that the Response Inspectors are no longer properly sorted in the tab strip by their Order, such that the ordering is pretty much random.