Fiddler version: v5.0.20204.45441
If Fiddler is left for some time to work unattended then its memory usage is constantly growing.
I usually use Fiddler with some Autoresponder rules enabled and "Unmatched requests passthrough" option switched on. If left in this state for several hours an amount memory it uses could grow up to 10GB and even more which is quite annoying...
Autosave option is enabled and sessions are dumped every 5 minutes. So this behaviour is not because of session list is becoming large, it is being cleaned every 5 minutes.
I've been trying to install the root certificate to decript https traffic with no results.
20:42:38:5197 Fiddler Running...
For now fiddler just have filter, and it not ignore traffic. Filter just hiding it.
Also Fiddler have option "Capture/Dont capture traffic" via menu File or F12. but it general for all. Also this option NOT work while the target app still use fiddler proxy.
My example problem :
I am using Nox to test MyDownloader app, while apk connect internet or requesting web data its ok to proxified by fiddler. But when I start downloading, the file is downloaded first to Fiddler cache until complete. after complete then fiddler continue request with that file response. That the problem. This also applied to all request in my PC. No problem if size just 20MB. But above 100M, 500MB, 1GB, sometime it make fiddler hang.
Also when i download file, then cancel it, fiddler still download file until complete. So to cancel that in fiddler, i need to disconnect it first.
For now, to bypass my problem i also using Proxi*fi*er filter to selecting mimetype.
Hello dear fiddler support.
The bug i've found is: Fiddler doesn't support some encryption ciphers.
Recently I was trying to connect to https://inlat.am/ site with "Decrypt SSL traffic" option set in fiddler to my genuine surprise i couldn't even connect to site.
I am using chrome 87.0.4280.88 64bit and fiddler v5.0.20204.45441 for .NET 4.6.1
Without "Decrypt SSL traffic" option set in Fiddler - chrome works fine.
So i decided to investigate what actually happen.
I run to https://www.ssllabs.com/ site to check supported ciphers - here you can check it https://www.ssllabs.com/ssltest/analyze.html?d=inlat.am&s=18.104.22.168
and tried to reproduce the issue with wirshark on.
In wire shark i can see that there is no ciphers supported by https://inlat.am/ site
Cipher Suites (24 suites)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
Now i now what the issue is about.
My question is how to fix the problem with ciphers.
In my opinion you should somehow add it in Fiddler.
I'm testing a website that has a self signed SSL cert. I can navigate to this URL via an extra warning step on chrome (see attached screen shot).
However via Fiddler, I just get an error that "this site cannot be reached" and I can see it's dropped on the Fiddler side: I can see the tunnel CONNECT request, but no subsequent request.
I've enabled the option "Ignore server certificate errors (unsafe)" and restarted Fiddler, but the problem still persists.
As always, thank you for your work on this.
When using Fiddler, there seems to be some bugs around resizing the GUI/UI, namely the dividers between sections such as between packet list vs. inspectors panes. It seems that when Fiddler is maximized full-screen, the divider (while using "Wide" layout) is shifted all the way up high, just beneath the initial packet in the list (Fiddler's update check).
I've been able to adjust the UI by manually manipulating Fiddler's registry settings, but even then it still seems finicky -- sometimes they take, sometimes they don't.
v5.0.20202.18177 for .NET 4.6.1
Built: Tuesday, April 14, 2020