I am running into an issue where different business units of the company have finer grained security rules which prevent people from accepting / importing / trusting the OOTB Fiddler Root Certificate. Would it be possible for Fiddler to create a new CSR and import the new signed return certificate. This way I can sign the CSR with our internal CA which all hosts within the company have been configured to trust and accept.
Since more and more websites enforce you to use tls 1.2 (and don't support tls 1.0 any more), I suggest that the list of protocols is automatically extended with tls1.2 by a next fiddler update - or at least there should be a single-time question box with Yes-No-Cancel to extend it.
Also see reference at https://www.telerik.com/forums/some-https-sites-are-unaccessible-when-using-fiddler
It would be highly useful if there was a "URL splitter" tool added, perhaps as a drop-down entry in the TextWizard, which takes a long-form paramaterized URL and splits it into a line-separated list of individual parameters (and can go the opposite way direction as well).
The "WebForms" subpanel already does this, albeit there's no manual ability to choose what URLs this can be done to ...as far as I'm aware.
Please consider installing a desktop shortcut or start menu shortcut to launch Fiddler viewer (instead of fiddler to listen and capture traffic). This will help folk that want to review fiddler traces from others without launching Fiddler and interfering with locally running apps that misbehave due to Fiddler intercepting traffic by default on launch.
i realize I can create my own shortcut using "fiddler.exe -viewer". But I want to write troubleshooting guides to engineers that are new to both the technology they are learning and Fiddler/HTTP traffic analysis in general. Having two shortcuts created will make it easier to write instructions where we can advise folk to just launch shortcut to viewer to import a session or previously made fiddler saz file from someone else.
Thanks!
I am using Fiddler for 6 months and I found it really nice and simple to understand and get the required information, but one feature in which fiddler is lacking is the NIC information although with fiddler we get the Source and destination IP, port, MIME type, TLS/SSL versions etc but if we get this NIC information it will be complete solution for Web debugging.
Regards,
Faris
For now fiddler just have filter, and it not ignore traffic. Filter just hiding it.
Also Fiddler have option "Capture/Dont capture traffic" via menu File or F12. but it general for all. Also this option NOT work while the target app still use fiddler proxy.
My example problem :
I am using Nox to test MyDownloader app, while apk connect internet or requesting web data its ok to proxified by fiddler. But when I start downloading, the file is downloaded first to Fiddler cache until complete. after complete then fiddler continue request with that file response. That the problem. This also applied to all request in my PC. No problem if size just 20MB. But above 100M, 500MB, 1GB, sometime it make fiddler hang.
Also when i download file, then cancel it, fiddler still download file until complete. So to cancel that in fiddler, i need to disconnect it first.
For now, to bypass my problem i also using Proxi*fi*er filter to selecting mimetype.
if you reboot your computer on Windows 10 with fiddler open, then it kills your network connection. One the computer boots up again, you have to reopen fiddler.
When I go to File | Save | All Sessions it defaults to a directory (that is not where I want to store the debug information I collected).
I store all problems I am working on in a different directory structure. When I go to SAVE my debug session I would like to set the Default directory (structure) where I save all my other documentation for problems I am working on. Having to "re-find" my documentation folder multiple times in 20 minutes of saving multiple debug sessions is tedious and non-productive.
I suggest a user preference that has these options:
Set default directory to: .......... (It will always open to here when a SAVE is done)
Follow Last SAVE directory: (Check box) This will open whatever directory location you last did a SAVE to
User Fiddler's Default Location: (Check box) This is like a "Reset" to Fiddler's default location.
我想修改一下Composer的功能,
请问Eric:
1. 在代码里Fiddler有什么方法可以把发送的请求信息记录到Composer History列表?(重点)
2. 点击Excute按钮,是怎么把请求记录下来的?记录的请求保存在什么位置?
期待Eric的答案。
Please consider refraining from (or at least making optional) the sorting of the JSON property keys when using the JSON tree viewer. For code which sends out complex payloads, having the properties reordered makes it hard to compare the tree to the actual payload sent. For example, we send startXXX and endXXX properties at the end of our payload, and when Fiddler moves "endXXX" to the top of the tree, debugging becomes a pain. Please allow the payload to be tree-visualized as constructed.
I find myself applying the same filters again and again on each launch of Fiddler (I mean the filters listed below the list of requests). I think it would be really great if you could allow the restoration of previously applied filters (e.g. by having a save/load filters option). Also, allowing to filter out by "Request Method" would be great too. Congratulations on this tool, by the way. It is really great. :)
Lots of development software has dark themes because it is less stress on your eyes and looks cool.
This seems to happen a non-trivial number of times, and it causes clients and scenarios to fail in surprising ways.
Most extensions and inspectors need to access the decompressed/unchunked body bytes to perform their function, requiring them to have an understanding of how to get those decoded bytes. To simplify this, add UnencodedRequestBody and UnencodedResponseBody properties to Session that return a byte[], for example:
public byte[] UnencodedResponse() {
if (!_HasResponseBody() || !Utilities.HasHeaders(oResponse)) return Utilities.emptyByteArray;
if (oResponse.headers.ExistsAny(new[] { "Content-Encoding", "Transfer-Encoding" }))
{
arrResponse = Utilities.Dupe(mySession.responseBodyBytes);
Utilities.utilDecodeHTTPBody(mySession.ResponseHeaders, ref arrResponse);
}
else
{
arrResponse = mySession.responseBodyBytes;
}
}
GetRequestBodyAsString and GetResponseBodyAsString can then be refactored to call these byte[] properties.
Today, if a browser makes a HTTPS request to a site with a certificate error, and the user picks "No" when Fiddler asks whether to accept the Certificate Error, it is very difficult to figure out where the HTTPS request made in error came from.
It would be cool if instead of simply closing the TUNNEL connection, Fiddler instead had an option by which the server connection was rejected but the client connection to the Tunnel got a 200 OK but was connected to a special "DEAD" pipe that returned HTTP/503.
That way, the client could make its HTTP requests to the dead pipe (whose URL and Referer header might reveal from where the request came) allowing the user to debug, but overall security would be maintained (no network connection made insecurely).
Im using windows 7 32-bit both on my desktop and laptop both of them have fiddler 4.6 and both of them doesnt have winconfig. Its supposed to be on the upper left corner , but mines missing on two computer.any idea? can it be activated?
Would really appreciate a proper machine based installation again, user-based installs are difficult to manage in corporate/enterprise environments & the psuedo machine install of redirecting install folder & creating new shortcuts isn't great, especially if as you mention yourself extensions wont work.
I understand the advantage of not needing admin rights to install programs, but surely most of the targeted audience for this application would either A) have admin rights, or B) be in a managed environment with deployment software in use (and potentially white-listing/App Control software preventing unauthorized apps to run anyway)
Not sure if this is a recent change, but I use Microsoft Outlook and Skype, and both are having connectivity issues when Fiddler is running. Also Windows 10 apps seem to be unable to have an internet connection as well.
Like the JSON and XML tabs, there should be a Protobuf tab that offers to decode protobuf requests and responses.