Today, Fiddler exposes these two events to handle scenarios where the user is saving or loading a SAZ file.

        /// fires just before a SAZ file is saved
        public static event EventHandler<WriteSAZEventArgs> OnSaveSAZ;

        /// fires just after a SAZ file is loaded
        public static event EventHandler<ReadSAZEventArgs> OnLoadSAZ;

Equivalent event handlers should be created for the scenario where a user is Importing content into the Sessions list (e.g. using NetLog import or HAR import, etc). Otherwise, developers must undertake cumbersome workarounds to detect that a list of Sessions has been created/loaded from a file import, if, say, they wish to perform processing on those imported Sessions (adding custom properties or changing the display properties in the Session list).

I would be nice if Fiddler could decrypt zstandard compressed requests.

I will be very useful if the font can be configured separately. One font for the composer and results, and the other for the IDE.

If I change the FONT, all the IDE is updated, including the composers, but after RESTARING, the composer has the same font than before

I want to capture the traffic from Android Phone, and already install Root Certificate as 'System Trusted Credintials' in /system/etc/security/cacerts (renamed like '269953fb.0' by md5).

Accessing the https page, It seems to behave well in a normal application and other browser (like XBrowser, a tiny volume browser, only 1.01MB) ,and which proves that the certificate is installed correctly, but in Chrome it prompts 'NET:ERR_CERT_AUTHORITY_INVALID'. As shown, it seems that Chrome does not associate the web certificate returned by Fiddler with the root certificate already installed on the system, but I use the same installation method in Charles, it behaves well and can browse https pages normally, it seems that Charles generates a different certificate than Fiddler? I used the command

'openssl x509 -inform der -text -in /mnt/d/Users/menEu/Desktop/FiddlerRoot.cer'

to see the difference and it doesn't seem to be a huge difference (but I'm not specialized in this area)

Since more and more websites enforce you to use tls 1.2 (and don't support tls 1.0 any more), I suggest that the list of protocols is automatically extended with tls1.2 by a next fiddler update - or at least there should be a single-time question box with Yes-No-Cancel to extend it.

Also see reference at https://www.telerik.com/forums/some-https-sites-are-unaccessible-when-using-fiddler

Hi,I have a problem,and I need your help,thankyou.

    when I click "Rules" -> "Customize Rules", pop up a prompt: Urhandled exception has occurred in your spplication. If you click Continue, the application will ignore this error and attempt to continue. If you click Quit, the application will close immedi ately.Font Cowrier New' does not support style 'Regular' .

  【My computer system is  windows7 64】

Using iOS 13.4.1

Using Catalina 10.15.4

Using Fiddler for Mac

I have followed this https://www.telerik.com/blogs/how-to-capture-ios-traffic-with-fiddler blog post for configuration. 

But when I try to go to the http://ip4v.fiddler:8888 I get the below error

[Fiddler] DNS Lookup for "ip4v.fiddler" failed. System.Net.SocketExceptionFactory+ExtendedSocketException Device not configured

 

May I suggest to publish an interface assembly with Fiddler, containing only the interfaces of all the Fiddler public types?

This way, IntelliSense could be used, both, with ScriptEditor and with any of the Visual Studio products.

That would require Telerik to derive their public classes, like Session, from an interface, like ISession. That interface would need to be stored in a separate assembly that would be published then along with Fiddler.

Autoresponder is a great feature, but it works only with response.
I and my coleagues have a many cases when need to replace request headers, params or body

breakpoints isn't good, coze sometimes application dont wait and drops connection to requests

Examples 
mobile request is post only with curent time in body, but i need to post this request with past time.
Backend is accept body with past requests
I dont have access to DB to change time, and no requests to change time. Also app is works only with current request (i can't use composer to create another request)

and make me feel bad about telerik.

fiddler was much beter before telerik bought it.

 

 

do you want to check for an udpate ?  do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?

It's a common practice to compress binary payloads inside WebSockets using zlib.deflate, though in Fiddler they are displayed as binary dump. It's quite simple to analyze two trailing bytes of a binary packet, and if they are equal to 0xFFFF you could try to apply zlib.inflate to that packet. If it succeeds, replace the binary contents with its unzipped text equivalent.

WMBR, George Hazan.

It'd be extremely useful if Fiddler could have the ability to do filtering non-destructively, where filtering doesn't drop data/entries/lines altogether, but rather, merely hiding them from display.

This enables the ability for you to do multiple levels/layers/slices of filtering, as there's very often a need for doing on any given capture session. Currently, however, when you filter on something, the capture data gets dropped from the data/result set, lost altogether.

Process Monitor by Microsoft/Sysinternals has this ability, and it's extremely useful, allowing you to not only do layers of filtering, but also allowing the ability to traverse back up the "stack" 1..n filter layers, and if/when needed, able to un-filter all the way back up to baseline of all capture data shown (and without having to re-load a session save).

Procmon also has the ability to "Drop filtered events", which when enabled does destructive filtering, dropping any non-filter-matching packets from that point forward:

This would also be handy to have, but not crucial; much more beneficial/important is the ability to filter non-destructively.

Viewing and editing query parameters is not a pleasant experience.

I'd prefer not having to switch to Postman for editing and sending requests, but its UI is currently so much better for this task.

Fiddler UI mnuSessionContext "Inspect in New Window"，which method of fiddler call?

I didn't find the corresponding call method in the fiddlecore document.

Please @Eric

 

 

 

(Some blocking rules are not shown)

 

When I use the "filter now" function, it does not filter properly.

It goes like this:

Prior to this, I used the "Filters" feature, but there was always a link that was not blocked.(this url: https://watson.telemetry.microsoft.com/Telemetry.Request  )

With the "Filters" function turned on, I used the "Filter now" function several times to block this link, but the result was only blocked at that time, and then came out again.

Now I turn off the "Filters" function, and then use "Filter now" to block that link. As a result, the blocking rule is not displayed in the lower left corner. Other blocking rules can be displayed normally.

 

 

Hello! I have the latest version of the feedler, and the "Show only traffic from" function does not work in it. It happens that it intercepts the traffic of some tabs, but almost always not.

Run 1 Example 1 (first 32 characters): {"SummaryTracker":null,"Column1

Run 2 Example 2 (first 32 characters): ¢ €ªªªêÿteÐ(È„´47ó ¯*·:˜y@X

CustomRules.js

if (oSession.uriContains("/yadayada?Id=")) 
{
var qs = oSession.fullUrl.ToString;
var qsT = oSession.fullUrl.Split("=");
var qsone = qsT[1] + "_ABC";
oSession.SaveResponseBody("C:\\temp\\" + qsone + ".json");
}

Using latest Chrome as browser. Running fine for many months until 1 November 2019, Boom! Can anyone tell me what is going on? It appears to be random.

Thanks!

It would be really great to be able to view requests and responses as a formatted json string.  Currently, you can show JSON, which uses some tree format, and you can show raw, which is just a flat hard to use string.

It would also be great to be able to format json inside the request composer so it can be easy to modify.

Issue:

Fiddler does not set up it's proxy server for the websocket protocol.  Applications looking at the global proxy settings are told by WebRequest.DefaultWebProxy.IsBypassed(Uri) that no proxy server should be used for the specified wss Uri.

 

Replication steps:

1. Have a .NET application that uses websockets and checks WebRequest.DefaultWebProxy.IsBypassed(Uri) to see if a proxy should be used for a wss Uri.

2. Try to use Fiddler to observe websocket traffic

 

Workaround:

After turning on fiddler, enable "Use the same proxy server for all protocols" in the Internet Options / Advanced Proxy settings screen.

A simple change request: when I navigate, using Fiddler, to a page that has an untrusted https certificate, I get the popup from Fiddler warning me of the same. I want to get this popup, I don't want to disable it. However, when I click "Yes" on the popup, the main Fiddler window is brought into front, on top of my browser. My environment has a lot of self signed certificates in use on non-production systems, so this is happening quite often.

I propose the popup should work as now, but clicking on the popup should not bring the main Fiddler window up, in case it was minimized or under other windows.

Thanks a lot for your great work on the program.