Last Updated: 23 Oct 2020 13:03 by Mark DeMichele

I recently am having an issue with MS Teams while running fiddler.  MS Teams keeps giving disconnect errors. That's when I noticed that fiddler it proxying it's traffic even though I have filters set to "Show only the following Hosts", and teams.microsoft.com are not included in the hosts.  I also notice other items in my sessions list that are not in my list of hosts so what is going on?

I don't really want to post my list of hosts publicly.  If you need them, please let me know and maybe I can email them to someone.


Last Updated: 12 Oct 2020 05:24 by ADMIN

Fiddler’s “Auth” Inspector uses Encoding.Default() for decoding base64-encoded BASIC auth credentials. This was common practice at the time this was first written but is now obsolete. https://tools.ietf.org/html/rfc7617, written much later, demands UTF-8.

Chromium and Firefox encodes credentials using UTF-8.


Last Updated: 05 Oct 2020 04:51 by ADMIN

Hi everyone.


A screenshot of the error is provided, I think there are extra characters in the form, these should not appear, it seems to be caused by a decoding error. Note that the transfer method "transfer-encoding: chunked".


Last Updated: 28 Sep 2020 05:13 by ADMIN

If the user configures a list of sites inside Tools > Options > HTTPS > "Skip Decryption for hosts", this configuration list is ignored if the AutoResponder is enabled with the "Accept all connects" checkbox ticked.

This should be fixed because otherwise it's extremely difficult to figure out what's going wrong.


Incidentally, this behavior might be responsible for this issue: https://feedback.telerik.com/fiddler/1479071-fiddler-refusing-to-ignore-teams-microsoft-com-and-is-causing-my-ms-teams-app-on-windows-to-break

Last Updated: 02 Sep 2020 10:28 by ADMIN


I've the following request response:

    "proId": 98767975948505330

This is correctly displayed in the "Raw Tab", but when switching to the JSON tab, the displayed number is not correct.


Could you fix this ?


Last Updated: 26 Aug 2020 18:17 by Jeff

"Target Any Process" feature no longer working with Chrome. It used to work but no longer works specifically with Chrome. Still works with other processes. Capturing still works with Chrome as long as I am not using the "Target Any Process" feature.

Last Updated: 20 Aug 2020 15:20 by Lutz

I couild highlight a row in the captured data and hit the context menu for Copy | Session and it would copy the data and present it in this type of format when pasted into notepad:


PUT https://xxx.xxx.xxx.xxx/service/core/v3/AssetPartitions/-1/DiscoveryJobs/29 HTTP/1.1

Accept-Language: en-US; q=1.0, en; q=0.9
X-SignalR-Id: f83b9717-2553-438f-b76c-4c3e70159a39
Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjQyRjIzMDlCQzZGMkNFQzNBQzc1MTA3RUQyRTFCREE4NzEwQUI5MUIiLCJ0eXAiOiJKV1QiLCJ4NXQiOiJRdkl3bThieXpzT3NkUkItMHVHOXFIRUt1UnMifQ.eyJBY3R1YWxVc2VySWQiOiIxIiwiQXV0aFRva2VuSWQiOiI2OTdlZDkzOC05YTY1LTQyZDctODI2MS04MGRiYzhkYTE1OWQiLCJyc3RzOnN0czpjbGFpbXM6dXNlcjp1c2VySWQiOiIxIiwidXBuIjoiU3VwZXIiLCJhdXRobWV0aG9kIjoibG9jYWw6cHdkIiwibmFtZWlkIjoiU3VwZXIiLCJuYmYiOjE1ODc0OTI1MzMsImV4cCI6MTU4NzU3ODkzMywiaWF0IjoxNTg3NDkyNTMzLCJpc3MiOiJ1cm46dG9rZW5hdXRoZW50aWNhdGlvbnByb3ZpZGVyOlNBRkVHVUFSRF9BUFBMSUFOQ0UifQ.Leqmwi7cbogsB_XYv9DpJ2SCgCtkl7WsY8Y6pXjfHVSm1P9-82ayeNK_J9rmQUdqZrWjmCeK4DxiyifKAzpgCJm5y0XgUX02jJ5RiD_i8EWOT6ywyxgRRKLefm36jHsWVavLpidJMo4QyOEUGX1OHw0-Cgv2kJyESwkNYLgVQB34WEGMSe2Sh1kVkQrVl-WwcmlckL7yw5rPaofje5lEXrbGMHbNTfBAuei08DVf49DBjV7FGZWRMpvB3mIpWqAZylTXu2DNcfol2ZuVYG1PmTY7pENZGzO98gT7c08Q6wqbZF1846F47oZ2wZXrcYRHkNO8nJ6N7JUN8koGMQ2P6g

HTTP/1.1 200 OK
Cache-Control: no-store, must-revalidate, no-cache
Content-Length: 1872
Content-Type: application/json; charset=utf-8
Content-Language: en-US
Vary: Origin
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1; mode=block
Content-Security-Policy: object-src 'none'; img-src 'self' data:; font-src 'self'
Referrer-Policy: same-origin
X-Cluster-Role: primary
X-TokenLifetimeRemaining: 1433
Date: Tue, 21 Apr 2020 18:16:29 GMT

[{"DiscoveredDate":"2020-04-21T17:20:10.228Z","AccountName":"BobAdmin","AccountDomainName":null,"AccountId":10,"AssetName":"PAM-QA-WIN2019","AssetId":23,"AssetPartitionId":1,"AssetPartitionName":"Import","SshKeyProfileId":1,"SshKeyProfileName":"Import SSH Key Profile","SshKeyDiscoveryScheduleId":15,"SshKeyDiscoveryScheduleName":"Import SSH Key Discovery","PublicKey":"AAAAB3NzaC1yc2EAAAADAQABAAABAQCjJh0+dkm7SMIzhCVPaZTxu0pQA9uhScH26GSxDb5ddoYigi9dlq45/4zal230Nk4o3IQmbP7hLikKTCr2Y3GRUZJEJ8IdQe9zXtGnm+N2iczbmg9kGPcb6j3pMcfxrjZlcOFOXgRaz1tnJXdaSLuM4kI45+sJjtdJ9e/nDdX1HgWVyo0U3CO7q/k/srI1+KaetKW58iCIK6zZnoW8jUhmyXdxA/UkkOwUCdK7kQwOn6kBV7pRgErS1nWmd4RZ7UNi0iSpZdrg6yL7mngLfzS7ee4iZ2Hp3WUY8s1aYhPkDJcJl6uEbxy2NpwLvbUgCWcbJCUPRQUKAdheR7uJuTfF","Comment":"bross@prod@Q3LJ2RQ2","Fingerprint":"4D7280929A77CAD8C0EF03099AF90F4F","KeyType":"Rsa","Options":null,"KeyLength":2048,"AccountStatus":"Managed","IsIgnored":false,"IsManaged":true},{"DiscoveredDate":"2020-04-21T17:20:09.686Z","AccountName":"BobAdmin","AccountDomainName":null,"AccountId":10,"AssetName":"PAM-QA-WIN2019","AssetId":23,"AssetPartitionId":1,"AssetPartitionName":"Import","SshKeyProfileId":1,"SshKeyProfileName":"Import SSH Key Profile","SshKeyDiscoveryScheduleId":15,"SshKeyDiscoveryScheduleName":"Import SSH Key Discovery","PublicKey":"AAAAB3NzaC1yc2EAAAADAQABAAABAQDP1WLHVC8mq6ICGre8OUPi5FQMYxomTGlSgnVqIvIUHLNI8PPH0xpkOpfhlZASzu7WtHWX37LDvEcUqW0gYb0eYww56IeERHui5yuJ7ocJnXETO33W+n0pnYjZuyqxEjSa8P14O6smg5z6bxm+/StItb8GyL1kBdQdoVeVMfWUSUO/2qyvmK22QOS8df2Gl+MWcBvsoU6rrtTq5N9FlS05zFsQJGUt/MrV3qHhKUqviFEZ1sl5ziisRknWInCb+YTkq7a5HFSbSAjxHZDjwPJ92gTWs+W/n6GsSY9Xjnjx+rFfpD1bSD4JnjwJ2QUsbTLPutJ0CpLFdOUJbgzsQY1N","Comment":"Safeguard_Windows_SSH","Fingerprint":"850585DBE61DE4F2D638EC3DE66CCE83","KeyType":"Rsa","Options":null,"KeyLength":2048,"AccountStatus":"Managed","IsIgnored":false,"IsManaged":false}]


Now all I get is the URL...

Last Updated: 12 Aug 2020 08:36 by ADMIN

Most extensions and inspectors need to access the decompressed/unchunked body bytes to perform their function, requiring them to have an understanding of how to get those decoded bytes. To simplify this, add UnencodedRequestBody and UnencodedResponseBody properties to Session that return a byte[], for example:


         public byte[] UnencodedResponse() {
            if (!_HasResponseBody() || !Utilities.HasHeaders(oResponse)) return Utilities.emptyByteArray;

            if (oResponse.headers.ExistsAny(new[] { "Content-Encoding", "Transfer-Encoding" }))
                arrResponse = Utilities.Dupe(mySession.responseBodyBytes);
                Utilities.utilDecodeHTTPBody(mySession.ResponseHeaders, ref arrResponse);
                arrResponse = mySession.responseBodyBytes;


GetRequestBodyAsString and GetResponseBodyAsString can then be refactored to call these byte[] properties.

Last Updated: 05 Aug 2020 09:50 by ADMIN
Created by: Eric
Comments: 0
Type: Feature Request

Today, if a browser makes a HTTPS request to a site with a certificate error, and the user picks "No" when Fiddler asks whether to accept the Certificate Error, it is very difficult to figure out where the HTTPS request made in error came from.

It would be cool if instead of simply closing the TUNNEL connection, Fiddler instead had an option by which the server connection was rejected but the client connection to the Tunnel got a 200 OK but was connected to a special "DEAD" pipe that returned HTTP/503.

That way, the client could make its HTTP requests to the dead pipe (whose URL and Referer header might reveal from where the request came) allowing the user to debug, but overall security would be maintained (no network connection made insecurely).

Last Updated: 30 Jul 2020 15:41 by ADMIN
Created by: Mihai
Comments: 3
Type: Feature Request

Would really appreciate a proper machine based installation again, user-based installs are difficult to manage in corporate/enterprise environments & the psuedo machine install of redirecting install folder & creating new shortcuts isn't great, especially if as you mention yourself extensions wont work.

I understand the advantage of not needing admin rights to install programs, but surely most of the targeted audience for this application would either A) have admin rights, or B) be in a managed environment with deployment software in use (and potentially white-listing/App Control software preventing unauthorized apps to run anyway)

Last Updated: 21 Jul 2020 15:31 by Eric

When loading the SAZ file, the requests are ordered incrementally based on the order they were saved in.

For example, a Fiddler session was sorted by URL and then saved to SAZ. When the file is loaded, the requests are still sorted by URL but the original index numbers are lost and the requests are numbered incrementally as per this sort. This means that it is not possible to sort the session back to the original linear order by clicking on the index column (#) as it was possible to do before the save/load.

I've seen that the original index is saved in the Comments column. This is only a partial solution because:

1. When sorting by this column, a lexical sort is performed meaning the sessions would be numbered: 1,10,100,101,11,12..19,2,20,21 etc...
2. If the request had a comment associated with it, this overrides this feature and the original index number is lost.

Also, I know it's possible to sort by ClientDoneRequest as a good approximation but it obviously doesn't recreate the original order.

It would be beneficial to keep the original index numbers (even including the gaps between them) as there is information there that shouldn't be lost when saving.


As always thank you for your work on this wonderful product.







Last Updated: 24 Jun 2020 12:30 by ADMIN

Removing interception certificates via Fiddler options "Remove Interception Certificates" only removes them from Personal and Trusted Root Certification Authorities of the Local Computer Store.

Certificates located in Current User Store - Trusted Root Certification Authorities  and Intermediate Certificates is not removed.

This certificate is not trusted after using "Remove Interception Certificates" and has status "This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store".

sigcheck -t[u]v doesn't show any warnings.

Tested this on both Windows 7 and 10.

Tried refreshing certmgr, restarting it, and rebooting machine with no success - certificates are still there.

This should


Last Updated: 22 Jun 2020 07:13 by Tony


I updated Fiddler to v5.0.20202.18177

Progress Telerik Fiddler Web Debugger

v5.0.20202.18177 for .NET 4.6.1
Built: mardi 14 avril 2020

64-bit AMD64, VM: 37,0mb, WS: 65,0mb
.NET 4.8 WinNT 10.0.18362.0

You've run Progress Telerik Fiddler: 17 times.

Running on: xxxx:8888
Listening to: All Adapters
Gateway: No Gateway

Copyright ©2003-2020 Progress Software Corporation. All rights reserved.and started to get error at launch

then i started to get error at launch : Failed to register Fiddler as the system proxy

I found a possible solution : change "WinHttp Web Proxy Auto-Discovery Service" startup to automatic

a reboot later, Fiddler worked fine 

but today, the error is back

i checked, the service is still in automatic startup


So i get a previous installer, and installed a previous version and the error is gone

Tried to update again, the error come back, rollbacked to previous version, working again

Progress Telerik Fiddler Web Debugger

v5.0.20182.28034 for .NET 4.6.1
Built: mercredi 27 juin 2018

64-bit AMD64, VM: 62,0mb, WS: 118,0mb
.NET 4.7.1 WinNT 10.0.18362.0

You've run Progress Telerik Fiddler: 18 times.

Running on: xxxx:8888
Listening to: All Adapters
Gateway: Auto-Config

Copyright ©2003-2018 Telerik EAD. All rights reserved.

Didn't found any thread on the forum about this issue

Last Updated: 17 Jun 2020 08:19 by ADMIN
Created by: Tony
Comments: 1
Type: Bug Report


When i started latest version of Fiddler, i started to get an error window at launch saying "Failed to register Fiddler as the system proxy"

But as usual, i have plenty opened windows at the same time.

While i'm doing a search for a solution, Fiddler and the error window goes to background.

But when i come back to Fiddler, i'm unable to exit the application.

The error windows is not referenced in the taskbar and it's a pain to find it.

The best solution is to go to desktop "Win+D" and focus on Fiddler to get the splash screen and the error window visible again.

Once the error window closed, i can close Fiddler.

The issue is the error window staying on background and not having an entry in taskbar.

Last Updated: 10 Jun 2020 16:23 by ADMIN
Created by: Carlos
Comments: 5
Type: Feature Request
Since most browser's and mobile apps are starting to use HTTP3 it would be nice if Fiddler could also support this.
Last Updated: 01 Jun 2020 07:33 by ADMIN
Created by: Imported User
Comments: 4
Type: Feature Request
Currently, the ImageView Inspector is only available for responses.

Why not enable it for requests?
Last Updated: 27 May 2020 07:39 by ADMIN

Just installed on Windows 10 Version 1909 OS 18363.836.  Hangs whenever I try to do Step 1 of the docs, set decryption.  Debugged in VS 2019, access violation trying to read 0x00000, NullException.  Finally, shutdown all of my work and restarted machine.  Error cleared and this time asked me to accept the new Cert.  

What a terrible first time experience.  Issue resolved.

Last Updated: 21 May 2020 14:16 by Eric
Created by: Ronen
Comments: 2
Type: Feature Request

Currently Statistics show the time of request:

ClientConnected: 15:33:43.395
ClientBeginRequest: 15:33:43.725
GotRequestHeaders: 15:33:43.725
ClientDoneRequest: 15:33:43.725


It would be useful to know the date of the request as well for projects that span several days.


Thank you.

Last Updated: 18 May 2020 11:17 by ADMIN
Created by: Nick
Comments: 1
Type: Feature Request

I've been a Fiddler user for longer than I can recall. Recently, whilst setting up a new PC I took the opportunity to try out Fiddler Everywhere. Unfortunately after about 30seconds I had to go back and download the original Fiddler.

Here's just a couple of the things that were show stoppers for me:

- No history for composer - this was a useful addition made to Fiddler that I now can't live without

- No way to copy a request from Inspectors view to Composer

- Switching between Inspector and Composer view resets the Composer screen

- Not able to have Inspector and Composer visible at the same time - this isn't really possible in Fiddler at the moment but it feels like it's easier to switch between inspecting requests and composing requests in Fiddler.

- Enabling Https debugging doesn't trust the certificate

It would be great to have Inspector and Composer either in tabs that can be ripped off into separate windows. Ideally it would be great to have multiple Composer windows


Last Updated: 27 Apr 2020 20:00 by ADMIN
Created by: Eric
Comments: 2
Type: Bug Report


Set Examine to "Headers Only"

OBSERVE: "Search binaries" and "Decode First" checkboxes are correctly disabled.

Perform a search


OBSERVE: BUG: When the dialog reopens, the "Search Binaries" checkbox is not disabled.


The bug is in the initialization of the dialog. The selected entries in the comboboxes for "Examine" and "Search In" are set in that order, but the code in the SelectedIndexChanged event handlers is not independent. The SearchIn combobox's change handler sets the state of SearchBinaries checkbox without considering the state of the Examine combobox.

1 2 3