Please consider refraining from (or at least making optional) the sorting of the JSON property keys when using the JSON tree viewer. For code which sends out complex payloads, having the properties reordered makes it hard to compare the tree to the actual payload sent. For example, we send startXXX and endXXX properties at the end of our payload, and when Fiddler moves "endXXX" to the top of the tree, debugging becomes a pain. Please allow the payload to be tree-visualized as constructed.
I find myself applying the same filters again and again on each launch of Fiddler (I mean the filters listed below the list of requests). I think it would be really great if you could allow the restoration of previously applied filters (e.g. by having a save/load filters option). Also, allowing to filter out by "Request Method" would be great too. Congratulations on this tool, by the way. It is really great. :)
Lots of development software has dark themes because it is less stress on your eyes and looks cool.
This seems to happen a non-trivial number of times, and it causes clients and scenarios to fail in surprising ways.
Most extensions and inspectors need to access the decompressed/unchunked body bytes to perform their function, requiring them to have an understanding of how to get those decoded bytes. To simplify this, add UnencodedRequestBody and UnencodedResponseBody properties to Session that return a byte[], for example:
public byte[] UnencodedResponse() {
if (!_HasResponseBody() || !Utilities.HasHeaders(oResponse)) return Utilities.emptyByteArray;
if (oResponse.headers.ExistsAny(new[] { "Content-Encoding", "Transfer-Encoding" }))
{
arrResponse = Utilities.Dupe(mySession.responseBodyBytes);
Utilities.utilDecodeHTTPBody(mySession.ResponseHeaders, ref arrResponse);
}
else
{
arrResponse = mySession.responseBodyBytes;
}
}
GetRequestBodyAsString and GetResponseBodyAsString can then be refactored to call these byte[] properties.
Today, if a browser makes a HTTPS request to a site with a certificate error, and the user picks "No" when Fiddler asks whether to accept the Certificate Error, it is very difficult to figure out where the HTTPS request made in error came from.
It would be cool if instead of simply closing the TUNNEL connection, Fiddler instead had an option by which the server connection was rejected but the client connection to the Tunnel got a 200 OK but was connected to a special "DEAD" pipe that returned HTTP/503.
That way, the client could make its HTTP requests to the dead pipe (whose URL and Referer header might reveal from where the request came) allowing the user to debug, but overall security would be maintained (no network connection made insecurely).
Im using windows 7 32-bit both on my desktop and laptop both of them have fiddler 4.6 and both of them doesnt have winconfig. Its supposed to be on the upper left corner , but mines missing on two computer.any idea? can it be activated?
Would really appreciate a proper machine based installation again, user-based installs are difficult to manage in corporate/enterprise environments & the psuedo machine install of redirecting install folder & creating new shortcuts isn't great, especially if as you mention yourself extensions wont work.
I understand the advantage of not needing admin rights to install programs, but surely most of the targeted audience for this application would either A) have admin rights, or B) be in a managed environment with deployment software in use (and potentially white-listing/App Control software preventing unauthorized apps to run anyway)
Not sure if this is a recent change, but I use Microsoft Outlook and Skype, and both are having connectivity issues when Fiddler is running. Also Windows 10 apps seem to be unable to have an internet connection as well.
Like the JSON and XML tabs, there should be a Protobuf tab that offers to decode protobuf requests and responses.
Currently, the ImageView Inspector is only available for responses. Why not enable it for requests?
Currently Statistics show the time of request:
ACTUAL PERFORMANCE
--------------
ClientConnected: 15:33:43.395
ClientBeginRequest: 15:33:43.725
GotRequestHeaders: 15:33:43.725
ClientDoneRequest: 15:33:43.725
It would be useful to know the date of the request as well for projects that span several days.
Thank you.
I've been a Fiddler user for longer than I can recall. Recently, whilst setting up a new PC I took the opportunity to try out Fiddler Everywhere. Unfortunately after about 30seconds I had to go back and download the original Fiddler.
Here's just a couple of the things that were show stoppers for me:
- No history for composer - this was a useful addition made to Fiddler that I now can't live without
- No way to copy a request from Inspectors view to Composer
- Switching between Inspector and Composer view resets the Composer screen
- Not able to have Inspector and Composer visible at the same time - this isn't really possible in Fiddler at the moment but it feels like it's easier to switch between inspecting requests and composing requests in Fiddler.
- Enabling Https debugging doesn't trust the certificate
It would be great to have Inspector and Composer either in tabs that can be ripped off into separate windows. Ideally it would be great to have multiple Composer windows
This way, IntelliSense could be used, both, with ScriptEditor and with any of the Visual Studio products.
That would require Telerik to derive their public classes, like Session, from an interface, like ISession. That interface would need to be stored in a separate assembly that would be published then along with Fiddler.
For example, if you've clicked into the inspectors pane, spacebar will get sent to that pane, not the session list. To get back into the session pane (where spacebar would work), you have to either click back inside the session pane, which would change the session selection you were on, or employ some roundabout shift-tab trickery, like clicking the furthest left tab closest to the session list, then shift-tabbing a handful of times to get back into the session list. But this is pretty kludgy.
It'd be great if there was either a keyboard shortcut to switch focus back into the session list, or at least a tabbing shortcut multiplier which switches between panes, e.g., if Ctrl-Tab switches tabs, Ctrl-Alt-Tab switches between panes -- though this particular combo wouldn't work, as it's already claimed by Windows OS.
Sometimes,I need to know response json node's count,but I can only paste it into the json editor to see the quantity. Please check the pictures in the attachment.
https://twitter.com/ericlaw/status/1232024946030862336
Today, Fiddler's AutoResponder only automatically replies to a HTTPS CONNECT with a HTTP/200 OK if the capture contains such a response, or if the "Unmatched requests passthrough" box is unchecked. Otherwise, the CONNECT request will pass or fail based on whether the real server is reachable.
This is confusing, and almost never what the user really wants to have happen.
We should add a new checkbox to the AutoResponder titled "Accept all CONNECTs" that when checked, sets a hidden rule equivalent to this rule which can be created manually
method:CONNECT
*ReplyWithTunnel
Otherwise, users will be sad when AutoResponder doesn't do what they hope, and they'll wonder why they are getting ERR_TUNNEL_CONNECTION_FAILED error messages in their browser when they have AutoResponder rules for HTTPS requests that they expect to fire.
I would be nice if Fiddler could decrypt zstandard compressed requests.
I and my coleagues have a many cases when need to replace request headers, params or body
breakpoints isn't good, coze sometimes application dont wait and drops connection to requests
Examples
mobile request is post only with curent time in body, but i need to post this request with past time.
Backend is accept body with past requests
I dont have access to DB to change time, and no requests to change time. Also app is works only with current request (i can't use composer to create another request)