The .NET Framework has added support for TLS/1.3.

We should do the work to enable TLS/1.3 in Fiddler (it's very little additional work to add "Tls1.3" to the options dialog and the underlying code). 

When there's a HAR file with h3 entries, they are either misinterpreted or ignored.

I know how to fix it both in the importer/exporter DLL and in Fiddler.exe.

I can submit a correction.

For now fiddler just have filter, and it not ignore traffic. Filter just hiding it.

Also Fiddler have option "Capture/Dont capture traffic" via menu File or F12. but it general for all. Also this option NOT work while the target app still use fiddler proxy.

My example problem :

I am using Nox to test MyDownloader app, while apk connect internet or requesting web data its ok to proxified by fiddler. But when I start downloading, the file is downloaded first to Fiddler cache until complete. after complete then fiddler continue request with that file response. That the problem. This also applied to all request in my PC. No problem if size just 20MB. But above 100M, 500MB, 1GB, sometime it make fiddler hang.

Also when i download file, then cancel it, fiddler still download file until complete. So to cancel that in fiddler, i need to disconnect it first.

For now, to bypass my problem i also using Proxi*fi*er filter to selecting mimetype.

Hello! The problem is described on this link: stackoverflow

 Please add in Filter -  feature block named "Request Body" with options "Show only if request body contains", "Hide only if request body contains"

Hi there, what's the correct way to call:

JSON.stringify({});

JSON.parse("{}");

after calling these JSON methods, fiddler says:

Variable 'JSON' has not been declared

cheers,

David

Could you add 'search text' function to the websocket tab?

In the File > Export > Export Raw Files code, there's a "Skip non-HTTP/200 responses" option. This option is designed for dumping files (either media files or files to be replayed by the AutoResponder) to a folder.

For various reasons, clients and servers often will use Range requests for media downloads, meaning that the response code for a response might be HTTP/206 instead of HTTP/200, even if the full body is present.

To enhance the file exporter, the code should look at the Content-Range response header for a HTTP/206 response. If the header is of the format:

Content-Range: bytes 0-N/N+1

Then Fiddler should treat the response as a HTTP/200 and save the body to disk.

So far Fiddler says it can only import unencrypted sessions from PCAP files.

Various tools and libraries support the SSLKeylogfile environment variable and log the necessary keys.

You can either have them inside the pcapng file or in a seperate file.

It would be nice if Fiddler would accept an optional file with these keys and treated sessions with a suitable key as unencrypted.

This would make things a lot easier in the process.

This is a feature that's present in both the Firefox and Chrome dev tools, and it's incredibly useful. Fiddler is already great, and that would make it so much better :-)

This seems to happen a non-trivial number of times, and it causes clients and scenarios to fail in surprising ways.

It would be highly useful if there was a "URL splitter" tool added, perhaps as a drop-down entry in the TextWizard, which takes a long-form paramaterized URL and splits it into a line-separated list of individual parameters (and can go the opposite way direction as well).

The "WebForms" subpanel already does this, albeit there's no manual ability to choose what URLs this can be done to ...as far as I'm aware.

I've attached the raw HTTP response, copied directly from Fiddler. At lOperations[0].lRecords, you'll see that there are 2 records (arrays) and that each record contains 6 items, the last of which is an array. However, when I view the resonse using the JSON filter, the second of these arrays appears to contain only 5 items. I'm sure that the bug has something to do with the fact that the sub-array in the second array is an empty array, but it should display as an empty array, not as if it weren't there at all.

I use the request LogRequests history to save requests, so that I can replay them when needed.  Every month or so when my machine is restarted for an update and if Fiddler is opened, the history is corrupted.  

I need a way to either save off certain requests like I can in Postman, etc, or I need Fiddler to have reliable restore points for the history so that the entire history is not corrupted so often.

Please fix or add a feature to address this -

Thanks

HOSTS in fiddler shouldn't change SNI info when Decrypt HTTPS traffic is enabled

When Decrypt HTTPS traffic is enabled and use HOSTS in fiddler, SNI should be keep the same as request, instead of use the one from HOSTS(removed when use IP, or rewrite when use another HOSTS) 

HTTP/2 has been a standard since mid-2015.   All major browsers support it,  but adoption is slow because there no good debugging tools.    I want to take advantage of pipelining, server push, etc that comes with HTTP/2 which makes it easier to adopt packages like gRPC.    Having a good debugging story (both capture as well as insertion / modification) would make this more possible

Allow to search / reuse requests from history in a more efficient way

1. Add column [Date] or [Date and Time] to history, so one can look for a request that was used at a given date / time

3. Allow to sort by request Url, date / time

4. Allow to group by request urls: If there are several requests with the same url, provide the option to group / ungroup them

5. Add column [Result] with the result code for each request, so that one can now which request to use (for example, one needs a request that gave a 404, or only 202s)

6. Filter history by request type (GET, PUT, ...), url content (example: search for "/admin/ ... etc"), date / time

When doing an IPR audit what is the actual License Type of Fiddler4 ? eg EULA, MIT Apache etc

https://www.telerik.com/purchase/license-agreement/fiddler-enterprise-support

https://www.telerik.com/download/fiddler

I am running into an issue where different business units of the company have finer grained security rules which prevent people from accepting / importing / trusting the OOTB Fiddler Root Certificate. Would it be possible for Fiddler to create a new CSR and import the new signed return certificate. This way I can sign the CSR with our internal CA which all hosts within the company have been configured to trust and accept.

Since more and more websites enforce you to use tls 1.2 (and don't support tls 1.0 any more), I suggest that the list of protocols is automatically extended with tls1.2 by a next fiddler update - or at least there should be a single-time question box with Yes-No-Cancel to extend it.

Also see reference at https://www.telerik.com/forums/some-https-sites-are-unaccessible-when-using-fiddler

Please consider installing a desktop shortcut or start menu shortcut to launch Fiddler viewer (instead of fiddler to listen and capture traffic). This will help folk that want to review fiddler traces from others without launching Fiddler and interfering with locally running apps that misbehave due to Fiddler intercepting traffic by default on launch.

i realize I can create my own shortcut using "fiddler.exe -viewer". But I want to write troubleshooting guides to engineers that are new to both the technology they are learning and Fiddler/HTTP traffic analysis in general. Having two shortcuts created will make it easier to write instructions where we can advise folk to just launch shortcut to viewer to import a session or previously made fiddler saz file from someone else.

Thanks!