Since more and more websites enforce you to use tls 1.2 (and don't support tls 1.0 any more), I suggest that the list of protocols is automatically extended with tls1.2 by a next fiddler update - or at least there should be a single-time question box with Yes-No-Cancel to extend it.
Also see reference at https://www.telerik.com/forums/some-https-sites-are-unaccessible-when-using-fiddler
I would be nice if Fiddler could decrypt zstandard compressed requests.
and make me feel bad about telerik.
fiddler was much beter before telerik bought it.
do you want to check for an udpate ? do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?do you want to check for an udpate ?
It's a common practice to compress binary payloads inside WebSockets using zlib.deflate, though in Fiddler they are displayed as binary dump. It's quite simple to analyze two trailing bytes of a binary packet, and if they are equal to 0xFFFF you could try to apply zlib.inflate to that packet. If it succeeds, replace the binary contents with its unzipped text equivalent.
WMBR, George Hazan.
It'd be extremely useful if Fiddler could have the ability to do filtering non-destructively, where filtering doesn't drop data/entries/lines altogether, but rather, merely hiding them from display.
This enables the ability for you to do multiple levels/layers/slices of filtering, as there's very often a need for doing on any given capture session. Currently, however, when you filter on something, the capture data gets dropped from the data/result set, lost altogether.
Process Monitor by Microsoft/Sysinternals has this ability, and it's extremely useful, allowing you to not only do layers of filtering, but also allowing the ability to traverse back up the "stack" 1..n filter layers, and if/when needed, able to un-filter all the way back up to baseline of all capture data shown (and without having to re-load a session save).
Procmon also has the ability to "Drop filtered events", which when enabled does destructive filtering, dropping any non-filter-matching packets from that point forward:
This would also be handy to have, but not crucial; much more beneficial/important is the ability to filter non-destructively.
Viewing and editing query parameters is not a pleasant experience.
I'd prefer not having to switch to Postman for editing and sending requests, but its UI is currently so much better for this task.
It would be really great to be able to view requests and responses as a formatted json string. Currently, you can show JSON, which uses some tree format, and you can show raw, which is just a flat hard to use string.
It would also be great to be able to format json inside the request composer so it can be easy to modify.
A simple change request: when I navigate, using Fiddler, to a page that has an untrusted https certificate, I get the popup from Fiddler warning me of the same. I want to get this popup, I don't want to disable it. However, when I click "Yes" on the popup, the main Fiddler window is brought into front, on top of my browser. My environment has a lot of self signed certificates in use on non-production systems, so this is happening quite often.
I propose the popup should work as now, but clicking on the popup should not bring the main Fiddler window up, in case it was minimized or under other windows.
Thanks a lot for your great work on the program.
Fiddler is great but the composer tab really needs some love. For example, it could do with text manipulation features from other applications - double click selects a chunk of text, but it doesn't appear to be aware of common symbols like : ? # " ' ; etc, instead it highlights up to the next space. If i were to do this in vs code or notepad++ it would be more intelligent about delimiters and highlight the portion before the : or inside the " ".
Pressing tab inside the editors moves to the next editor - this seems counter intuitive in this context as you'd expect the editor to insert a tab rather than move you to another field.
I've been using fiddler for years and this has always bugged me. I normally edit the request in another application and paste it in, but it'd be great if i could do some basic editing in fiddler itself. It shouldn't be full ide-mode, but a little bit of help would be appreciated.
Simple things that would make this much better:
Cheers
Running into more and more issues where the end user are authenticating via a smartcard. If the issue is after the initial handshake then we may be able to turn on Fiddler after the authentication and everything is okay. If the issue is specifically to do with the authentication or authentication screens then we are stuck and have no tool to use to debug the issue, especially when it may involve multiple processes.
With appropriate new settings in the Fiddler Options, could the socket connection on a TLS send certificate challenge call the appropriate API to use the SmartCard reader as well as challenge for a pin/biometric instead of reading from a certificate.cer file?
Hi,
Websocket monitoring is such a cool feature in fiddler. What i´m missing is the possibility to export all messages sent and received via the websocket.
In Wireshark i would associate that functionality with "Follow TCP stream".
The reason behind:
I want to search within the websocket communication for certain id´s patterns etc. This is currently not possible as every message is handled separately in fiddler.
What i would expect:
Beeing able to export selected or all messages in the WebSocket pane. (one could think of adding "received","sent" and a timestamp between the messages with a certain beginning to be able to filter those messages later.)
I would call the fact that:
- "Save" - "Selected Sessions" "as Text or ZIP" is only saving the websocket HTTP upgrade request together with the response but without the websockets payload
a bug.
Or i am missing something. Comments welcome...
Jan
Request a lighweight proxy forwarder like combination between Proxifier + AppContainer Loopback Excemption Utility in 1 desktop app. Since Fiddler is too heavy in CPU usage and Proxifier cannot forward any proxy to UWP desktop app (any apps from Windows Store).... no need extra feature but just a proxy forwarder like Proxifier + AppContainer Loopback Excemption Utility that works in any Desktop software environtment like OpenVPN adapter. Thanks.
The Tools -> HOSTS is a great feature, especially for situations that prevent local admin rights. I find it difficult to know that the redirection is functioning when looking at the capture log. It would be nice if something visual would standout to help draw attention that this rule was applied.
Thank you!