The .NET Framework has added support for TLS/1.3.
We should do the work to enable TLS/1.3 in Fiddler (it's very little additional work to add "Tls1.3" to the options dialog and the underlying code).
When sending post data, -d option needs to ensure that the data does not start with an @
https://portswigger.net/research/the-curl-quirk-that-exposed-burp-suite-amp-google-chrome
BasicFormats.dll - cURLExport.cs
If you open use fiddler for a while (a Day or so), eventually it lock up the UI on the other monitors. It is almost as if there is an invisible dialog over the other screens. Once you kill Fiddler. its all restored again.
We have been Noticing this over the last few months.
Fiddler downloads content to show on its homescreen from HTTP URLs. This is not safe because the content is rendered to the user in a WebView control and thus an attacker on the wire could replace it with malicious code or instructions that could harm the user.
Fiddler should not be using HTTP URLs for anything in this day and age.
http://fiddler2.com/content/GetArticles?clientId=0651E115B3D6EFD84CC35BE
http://fiddler2.com/content/GetBanner?clientId=0651E115B3D6EFD84CC35BE
document-policy: force-load-at-top
https://chromestatus.com/feature/5744681033924608
When there's a HAR file with h3 entries, they are either misinterpreted or ignored.
I know how to fix it both in the importer/exporter DLL and in Fiddler.exe.
I can submit a correction.
Hello! The problem is described on this link: stackoverflow
Please add in Filter - feature block named "Request Body" with options "Show only if request body contains", "Hide only if request body contains"
So far Fiddler says it can only import unencrypted sessions from PCAP files.
Various tools and libraries support the SSLKeylogfile environment variable and log the necessary keys.
You can either have them inside the pcapng file or in a seperate file.
It would be nice if Fiddler would accept an optional file with these keys and treated sessions with a suitable key as unencrypted.
This would make things a lot easier in the process.
"Target Any Process" feature no longer working with Chrome. It used to work but no longer works specifically with Chrome. Still works with other processes. Capturing still works with Chrome as long as I am not using the "Target Any Process" feature.
It would be highly useful if there was a "URL splitter" tool added, perhaps as a drop-down entry in the TextWizard, which takes a long-form paramaterized URL and splits it into a line-separated list of individual parameters (and can go the opposite way direction as well).
The "WebForms" subpanel already does this, albeit there's no manual ability to choose what URLs this can be done to ...as far as I'm aware.
Once a program has been "Filter now"ed via the context menu, if that filter is later deleted from down bottom, that program can no longer be "Filter Now"ed again; nothing happens.
It's as if program filtering is only given one opportunity to be "Filter Now"ed. Once that's happened, even if they filter gets deleted, the program isn't given another opportunity to be Filter Now'ed.
I've attached the raw HTTP response, copied directly from Fiddler. At lOperations[0].lRecords, you'll see that there are 2 records (arrays) and that each record contains 6 items, the last of which is an array. However, when I view the resonse using the JSON filter, the second of these arrays appears to contain only 5 items. I'm sure that the bug has something to do with the fact that the sub-array in the second array is an empty array, but it should display as an empty array, not as if it weren't there at all.
Hi,
1-st of all, thanks for the Fiddler!
I'm using the custom font size set under the Fiddler options (Windows OS), but its not respected during the params editing.
see attached screenshot.
I use the request LogRequests history to save requests, so that I can replay them when needed. Every month or so when my machine is restarted for an update and if Fiddler is opened, the history is corrupted.
I need a way to either save off certain requests like I can in Postman, etc, or I need Fiddler to have reliable restore points for the history so that the entire history is not corrupted so often.
Please fix or add a feature to address this -
Thanks
HOSTS in fiddler shouldn't change SNI info when Decrypt HTTPS traffic is enabled
When Decrypt HTTPS traffic is enabled and use HOSTS in fiddler, SNI should be keep the same as request, instead of use the one from HOSTS(removed when use IP, or rewrite when use another HOSTS)
HTTP/2 has been a standard since mid-2015. All major browsers support it, but adoption is slow because there no good debugging tools. I want to take advantage of pipelining, server push, etc that comes with HTTP/2 which makes it easier to adopt packages like gRPC. Having a good debugging story (both capture as well as insertion / modification) would make this more possible
Allow to search / reuse requests from history in a more efficient way 1. Add column [Date] or [Date and Time] to history, so one can look for a request that was used at a given date / time 3. Allow to sort by request Url, date / time 4. Allow to group by request urls: If there are several requests with the same url, provide the option to group / ungroup them 5. Add column [Result] with the result code for each request, so that one can now which request to use (for example, one needs a request that gave a 404, or only 202s) 6. Filter history by request type (GET, PUT, ...), url content (example: search for "/admin/ ... etc"), date / time
When my machine restarts before Fiddler is closed gracefully, Fiddler opens back up with an error saying that my capture saz is corrupt and cannot be opened.
This is a pain as I have to then manually rebuild any requests that I need.
Fiddler should have savepoints or some way to prevent it from losing all my LogResuest history whenever Fiddler is forcefully shut down
If you try to launch two instances of Fiddler/FiddlerViewer at the same time, you hit a sharing violation.
This file needs to be read with the correct sharing flags set.
---------------------------