Most extensions and inspectors need to access the decompressed/unchunked body bytes to perform their function, requiring them to have an understanding of how to get those decoded bytes. To simplify this, add UnencodedRequestBody and UnencodedResponseBody properties to Session that return a byte[], for example:

            

         public byte[] UnencodedResponse() {
            if (!_HasResponseBody() || !Utilities.HasHeaders(oResponse)) return Utilities.emptyByteArray;

            if (oResponse.headers.ExistsAny(new[] { "Content-Encoding", "Transfer-Encoding" }))
            {
                arrResponse = Utilities.Dupe(mySession.responseBodyBytes);
                Utilities.utilDecodeHTTPBody(mySession.ResponseHeaders, ref arrResponse);
            }
            else
            {
                arrResponse = mySession.responseBodyBytes;
            }
         }

 

GetRequestBodyAsString and GetResponseBodyAsString can then be refactored to call these byte[] properties.

Today, if a browser makes a HTTPS request to a site with a certificate error, and the user picks "No" when Fiddler asks whether to accept the Certificate Error, it is very difficult to figure out where the HTTPS request made in error came from.

It would be cool if instead of simply closing the TUNNEL connection, Fiddler instead had an option by which the server connection was rejected but the client connection to the Tunnel got a 200 OK but was connected to a special "DEAD" pipe that returned HTTP/503.

That way, the client could make its HTTP requests to the dead pipe (whose URL and Referer header might reveal from where the request came) allowing the user to debug, but overall security would be maintained (no network connection made insecurely).

Im using windows 7 32-bit both on my desktop and laptop both of them have fiddler 4.6 and both of them doesnt have winconfig. Its supposed to be on the upper left corner , but mines missing on two computer.any idea? can it be activated?

Would really appreciate a proper machine based installation again, user-based installs are difficult to manage in corporate/enterprise environments & the psuedo machine install of redirecting install folder & creating new shortcuts isn't great, especially if as you mention yourself extensions wont work.

I understand the advantage of not needing admin rights to install programs, but surely most of the targeted audience for this application would either A) have admin rights, or B) be in a managed environment with deployment software in use (and potentially white-listing/App Control software preventing unauthorized apps to run anyway)

Not sure if this is a recent change, but I use Microsoft Outlook and Skype, and both are having connectivity issues when Fiddler is running. Also Windows 10 apps seem to be unable to have an internet connection as well.

Like the JSON and XML tabs, there should be a Protobuf tab that offers to decode protobuf requests and responses.

Since most browser's and mobile apps are starting to use HTTP3 it would be nice if Fiddler could also support this.

Currently, the ImageView Inspector is only available for responses.

Why not enable it for requests?

Currently Statistics show the time of request:

ACTUAL PERFORMANCE
--------------
ClientConnected: 15:33:43.395
ClientBeginRequest: 15:33:43.725
GotRequestHeaders: 15:33:43.725
ClientDoneRequest: 15:33:43.725

 

It would be useful to know the date of the request as well for projects that span several days.

 

Thank you.

I've been a Fiddler user for longer than I can recall. Recently, whilst setting up a new PC I took the opportunity to try out Fiddler Everywhere. Unfortunately after about 30seconds I had to go back and download the original Fiddler.

Here's just a couple of the things that were show stoppers for me:

- No history for composer - this was a useful addition made to Fiddler that I now can't live without

- No way to copy a request from Inspectors view to Composer

- Switching between Inspector and Composer view resets the Composer screen

- Not able to have Inspector and Composer visible at the same time - this isn't really possible in Fiddler at the moment but it feels like it's easier to switch between inspecting requests and composing requests in Fiddler.

- Enabling Https debugging doesn't trust the certificate

It would be great to have Inspector and Composer either in tabs that can be ripped off into separate windows. Ideally it would be great to have multiple Composer windows

 

May I suggest to publish an interface assembly with Fiddler, containing only the interfaces of all the Fiddler public types?

This way, IntelliSense could be used, both, with ScriptEditor and with any of the Visual Studio products.

That would require Telerik to derive their public classes, like Session, from an interface, like ISession. That interface would need to be stored in a separate assembly that would be published then along with Fiddler.

The Spacebar keyboard shortcut only works if you're still focused inside of the session list. If you've clicked anywhere outside of the session list pane, pressing spacebar won't get passed to the session list.

For example, if you've clicked into the inspectors pane, spacebar will get sent to that pane, not the session list. To get back into the session pane (where spacebar would work), you have to either click back inside the session pane, which would change the session selection you were on, or employ some roundabout shift-tab trickery, like clicking the furthest left tab closest to the session list, then shift-tabbing a handful of times to get back into the session list. But this is pretty kludgy.

It'd be great if there was either a keyboard shortcut to switch focus back into the session list, or at least a tabbing shortcut multiplier which switches between panes, e.g., if Ctrl-Tab switches tabs, Ctrl-Alt-Tab switches between panes -- though this particular combo wouldn't work, as it's already claimed by Windows OS.

Sometimes,I need to know response json node's count,but I can only paste it into the json editor to see the quantity.

Please check the pictures in the attachment.

https://twitter.com/ericlaw/status/1232024946030862336

Today, Fiddler's AutoResponder only automatically replies to a HTTPS CONNECT with a HTTP/200 OK if the capture contains such a response, or if the "Unmatched requests passthrough" box is unchecked. Otherwise, the CONNECT request will pass or fail based on whether the real server is reachable.

This is confusing, and almost never what the user really wants to have happen.

We should add a new checkbox to the AutoResponder titled "Accept all CONNECTs" that when checked, sets a hidden rule equivalent to this rule which can be created manually

    method:CONNECT
    *ReplyWithTunnel

Otherwise, users will be sad when AutoResponder doesn't do what they hope, and they'll wonder why they are getting ERR_TUNNEL_CONNECTION_FAILED error messages in their browser when they have AutoResponder rules for HTTPS requests that they expect to fire.

 

I would be nice if Fiddler could decrypt zstandard compressed requests.

Autoresponder is a great feature, but it works only with response.
I and my coleagues have a many cases when need to replace request headers, params or body

breakpoints isn't good, coze sometimes application dont wait and drops connection to requests

Examples 
mobile request is post only with curent time in body, but i need to post this request with past time.
Backend is accept body with past requests
I dont have access to DB to change time, and no requests to change time. Also app is works only with current request (i can't use composer to create another request)

Hello


I have Xiaomi Redmi 3 phone. I cant install FiddlerRoot.cer. When i try to install error appear. Device can't read file. But device recognize extension of file.

I'm using Fiddler v4.6.20173.38786 (Built: Friday, September 15, 2017). When I click on the Customize Rules menu entry there is a message box that says "Unable to load Fiddler for code-completion support". After I click OK to that the Fiddler script editor will open normally.

and make me feel bad about telerik.

fiddler was much beter before telerik bought it.

 

 

do you want to check for an udpate ?  do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?

It's a common practice to compress binary payloads inside WebSockets using zlib.deflate, though in Fiddler they are displayed as binary dump. It's quite simple to analyze two trailing bytes of a binary packet, and if they are equal to 0xFFFF you could try to apply zlib.inflate to that packet. If it succeeds, replace the binary contents with its unzipped text equivalent.

WMBR, George Hazan.