Unplanned
Last Updated: 04 Mar 2024 16:04 by N
Created by: Eric
Comments: 4
Type: Feature Request
11

The .NET Framework has added support for TLS/1.3.

We should do the work to enable TLS/1.3 in Fiddler (it's very little additional work to add "Tls1.3" to the options dialog and the underlying code). 

Unplanned
Last Updated: 04 Feb 2024 09:49 by piccolo

Hi,

I’m developing a .NetFramework extension for Fiddler and am finding an issue with clearing bold, italic, strikethrough on the session text in the session list when using “this.session.RefreshUI()”. I’d like to be able to see these changes occur upon a context menu item click, immediately within Fiddler, without having the reload the sessions or the application. I can see the session flags are removed from the session as expected, but the bold, italic, or strikethrough is not unset.

I’m aware there is an option to Mark, Unmark sessions, but this doesn’t fit integrate closely enough with the extension I am developing or do exactly what I would like.

I seem to have no issues with changing the UI-Backcolor or UI-Color and refreshing for the updates to be immediately seen.

I can set UI-Bold, UI-Italic, UI-Strikethrough, but I cannot unset these with RefreshUI().

Is this a bug? Is the RefreshUI() call not doing something for UI-Bold, UI-Italic & UI-Strikethrough which it does do for UI-BackColor and UI-Color?

Thanks,

Jeremy.

Unplanned
Last Updated: 24 Dec 2023 07:22 by Xriuk
Created by: Xriuk
Comments: 3
Type: Bug Report
1

Related issue: https://github.com/aws/aws-sdk-net/issues/2567

When sending multiple requests to the same domain, sometimes Fiddler alters the headers (in this case by duplicating the user-agent one), and in this case it causes a fail because a precomputed signature of the request does not match.


Unplanned
Last Updated: 27 Nov 2023 10:37 by Niko
Created by: Imported User
Comments: 6
Type: Feature Request
2
I've attached the raw HTTP response, copied directly from Fiddler. At lOperations[0].lRecords, you'll see that there are 2 records (arrays) and that each record contains 6 items, the last of which is an array. However, when I view the resonse using the JSON filter, the second of these arrays appears to contain only 5 items. I'm sure that the bug has something to do with the fact that the sub-array in the second array is an empty array, but it should display as an empty array, not as if it weren't there at all.
Unplanned
Last Updated: 21 Oct 2023 07:04 by Dan Avni
Created by: Dan Avni
Comments: 2
Type: Feature Request
0

I have a base64 of a gzip of utf8 bytes of a string - base64(gzip(utg8(string)))

Please add to the TextWizard options in the transform to encode/decode a string to gzip

 

Unplanned
Last Updated: 16 Aug 2023 06:36 by ADMIN

Fiddler's update check will always fail by default because you've disabled TLS/1.0 support on your server and Fiddler's now-very-outdated TLS config only enables TLS/1.0 by default. The user must manually go into Tools > Fiddler Options > HTTPS and change the Supported protocols string to <client>;tls1.2 to fix this problem (and to also fix problems with the Composer and any other Fiddler features that do not pass through traffic through a client that supports later TLS.

This is tracked by oAcceptedServerHTTPSProtocols in Config.cs.

Unplanned
Last Updated: 12 Jun 2023 05:52 by ADMIN

For legacy reasons, Fiddler logs the message "HTTPSLint> Warning: ClientHello record was {0} bytes long. Some servers have problems with ClientHello's greater than 255 bytes"

This message should be removed because at this point, effectively ALL clienthellos are over 500 bytes and basically all servers are okay with it.

(This message was only relevant around 2014 or so when longer clienthellos started becoming common)

Unplanned
Last Updated: 29 Mar 2023 08:21 by ADMIN
Created by: Eric
Comments: 0
Type: Bug Report
0

When sending post data, -d option needs to ensure that the data does not start with an @

https://portswigger.net/research/the-curl-quirk-that-exposed-burp-suite-amp-google-chrome

 

BasicFormats.dll - cURLExport.cs

Unplanned
Last Updated: 22 Nov 2022 16:49 by Eric

If you open use fiddler for a while (a Day or so), eventually it lock up the UI on the other monitors. It is almost as if there is an invisible dialog over the other screens. Once you kill Fiddler. its all restored again.

 

We have been Noticing this over the last few months.

Unplanned
Last Updated: 29 Aug 2022 05:36 by ADMIN

Fiddler downloads content to show on its homescreen from HTTP URLs. This is not safe because the content is rendered to the user in a WebView control and thus an attacker on the wire could replace it with malicious code or instructions that could harm the user.

Fiddler should not be using HTTP URLs for anything in this day and age.

http://fiddler2.com/content/GetArticles?clientId=0651E115B3D6EFD84CC35BE
http://fiddler2.com/content/GetBanner?clientId=0651E115B3D6EFD84CC35BE

Unplanned
Last Updated: 12 Aug 2022 06:32 by ADMIN

document-policy: force-load-at-top

 

https://chromestatus.com/feature/5744681033924608

Unplanned
Last Updated: 23 May 2022 06:51 by ADMIN

When there's a HAR file with h3 entries, they are either misinterpreted or ignored.

I know how to fix it both in the importer/exporter DLL and in Fiddler.exe.

I can submit a correction.

Unplanned
Last Updated: 21 Apr 2022 22:07 by Eric

Hello! The problem is described on this link: stackoverflow

 

 Please add in Filter -  feature block named "Request Body" with options "Show only if request body contains", "Hide only if request body contains"

Unplanned
Last Updated: 23 Mar 2022 06:25 by ADMIN

So far Fiddler says it can only import unencrypted sessions from PCAP files.

Various tools and libraries support the SSLKeylogfile environment variable and log the necessary keys.

You can either have them inside the pcapng file or in a seperate file.

It would be nice if Fiddler would accept an optional file with these keys and treated sessions with a suitable key as unencrypted.

This would make things a lot easier in the process.

Unplanned
Last Updated: 18 Jan 2022 06:53 by ADMIN

"Target Any Process" feature no longer working with Chrome. It used to work but no longer works specifically with Chrome. Still works with other processes. Capturing still works with Chrome as long as I am not using the "Target Any Process" feature.

Unplanned
Last Updated: 20 Dec 2021 15:35 by Eric
Created by: S
Comments: 2
Type: Feature Request
1

It would be highly useful if there was a "URL splitter" tool added, perhaps as a drop-down entry in the TextWizard, which takes a long-form paramaterized URL and splits it into a line-separated list of individual parameters (and can go the opposite way direction as well).

The "WebForms" subpanel already does this, albeit there's no manual ability to choose what URLs this can be done to ...as far as I'm aware.

Unplanned
Last Updated: 07 Dec 2021 10:46 by ADMIN
Scheduled for Fiddler for Windows vNext

Once a program has been "Filter now"ed via the context menu, if that filter is later deleted from down bottom, that program can no longer be "Filter Now"ed again; nothing happens.

It's as if program filtering is only given one opportunity to be "Filter Now"ed. Once that's happened, even if they filter gets deleted, the program isn't given another opportunity to be Filter Now'ed.

Unplanned
Last Updated: 17 Sep 2021 05:34 by ADMIN

Hi,

1-st of all, thanks for the Fiddler!

I'm using the custom font size set under the Fiddler options (Windows OS), but its not respected during the params editing.

see attached screenshot.

 

Unplanned
Last Updated: 04 Sep 2021 19:51 by Eric

I use the request LogRequests history to save requests, so that I can replay them when needed.  Every month or so when my machine is restarted for an update and if Fiddler is opened, the history is corrupted.  

I need a way to either save off certain requests like I can in Postman, etc, or I need Fiddler to have reliable restore points for the history so that the entire history is not corrupted so often.

Please fix or add a feature to address this -

Thanks

Unplanned
Last Updated: 13 Aug 2021 22:02 by Eric

HOSTS in fiddler shouldn't change SNI info when Decrypt HTTPS traffic is enabled

 

When Decrypt HTTPS traffic is enabled and use HOSTS in fiddler, SNI should be keep the same as request, instead of use the one from HOSTS(removed when use IP, or rewrite when use another HOSTS) 

1 2 3 4