Last Updated: 12 May 2021 12:33 by ADMIN

When my machine restarts before Fiddler is closed gracefully, Fiddler opens back up with an error saying that my capture saz is corrupt and cannot be opened.  
This is a pain as I have to then manually rebuild any requests that I need.

Fiddler should have savepoints or some way to prevent it from losing all my LogResuest history whenever Fiddler is forcefully shut down

Need More Info
Last Updated: 08 Apr 2021 13:29 by ADMIN
Created by: Anton
Comments: 4
Type: Bug Report

Fiddler version: v5.0.20204.45441

If Fiddler is left for some time to work unattended then its memory usage is constantly growing.

I usually use Fiddler with some Autoresponder rules enabled and "Unmatched requests passthrough" option switched on. If left in this state for several hours an amount memory it uses could grow up to 10GB and even more which is quite annoying...

Autosave option is enabled and sessions are dumped every 5 minutes. So this behaviour is not because of session list is becoming large, it is being cleaned every 5 minutes.

Last Updated: 05 Apr 2021 06:36 by ADMIN
Created by: Eric
Comments: 0
Type: Bug Report

If you try to launch two instances of Fiddler/FiddlerViewer at the same time, you hit a sharing violation.

This file needs to be read with the correct sharing flags set.

Loading custom MIME mappings failed
Fiddler has encountered an unexpected problem. If you believe this is a bug in Fiddler, please copy this message by hitting CTRL+C, and submit a bug report at http://www.telerik.com/forums/fiddler.

The process cannot access the file 'C:\Users\ericlaw\Documents\Fiddler2\CustomMimeMappings.xml' because it is being used by another process.

Type: System.IO.IOException
Source: mscorlib
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)

   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)

   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)

   at System.IO.FileStream..ctor(String path, FileMode mode)

   at Fiddler.XmlFileMimeMappings..ctor(String filePath) in C:\Jenkins\Fiddler_Windows\workspace\FiddlerCore\FiddlerCore.Shared\Common\Core\MimeMapping\XmlFileMimeMappings.cs:line 38

   at Fiddler.frmViewer.š(Object , EventArgs ) in C:\Jenkins\Fiddler_Windows\workspace\Fiddler2\Fiddler.Shared\Viewer.cs:line 9968

Fiddler v5.0.20202.18177 (x64 AMD64) [.NET 4.0.30319.42000 on Microsoft Windows NT 10.0.19043.0] 
Last Updated: 29 Mar 2021 14:57 by ADMIN
Since one of the last updates, Fiddler takes ages to start. Its in the range of Minutes on some machines. Can we please fix this?
Last Updated: 16 Mar 2021 07:06 by ADMIN

I recently am having an issue with MS Teams while running fiddler.  MS Teams keeps giving disconnect errors. That's when I noticed that fiddler it proxying it's traffic even though I have filters set to "Show only the following Hosts", and teams.microsoft.com are not included in the hosts.  I also notice other items in my sessions list that are not in my list of hosts so what is going on?

I don't really want to post my list of hosts publicly.  If you need them, please let me know and maybe I can email them to someone.


Need More Info
Last Updated: 17 Feb 2021 09:31 by ADMIN

I've been trying to install the root certificate to decript https traffic with no results.


20:42:38:5197 Fiddler Running...
20:42:38:5202 Fiddler.Network.AutoProxy> AutoProxy Detection failed.
20:42:38:5202 AutoProxy failed. Disabling for this network.
20:42:38:5481 Windows 8+ AppContainer isolation feature detected.
20:42:44:4729 Assembly 'C:\Users\Mauro\AppData\Local\Programs\Fiddler\CertMaker.dll' was not found. Using default Certificate Generator.
20:42:44:4754 /Fiddler.CertMaker> Using .‰+˜ for certificate generation; UseWildcards=True.
20:42:46:0206 /Fiddler.CertMaker> Root Certificate located; private key in container '4f42d4e82d7f6c170e7a049cf6dfeeaa_8bf41fe8-e204-441e-8fc2-475cb85c8829'
20:42:48:8545 !Fiddler.CertMaker> Unable to auto-trust root: System.Security.Cryptography.CryptographicException: Access is denied.

   at System.Security.Cryptography.X509Certificates.X509Store.Add(X509Certificate2 certificate)
   at .‰.TrustRootCertificate() in C:\Jenkins\Fiddler_Windows\workspace\FiddlerCore\FiddlerCore.Shared\Common\Core\DefaultCertProvider.cs:line 965
Last Updated: 11 Feb 2021 16:48 by Eric

The bug I'm reporting is sometimes the Session.HostnameIs() will return true even if the supplied hostname does not match Session.hostname and a port was passed by the client in the Host header.

HostnameIs function is documented as "This method compares the supplied hostname to the hostname of the request, returning true if a case-insensitive match is found."

What I think is happening is that rather than use Session.hostname for comparison Fiddler instead uses the Session.host (ie what was passed by the client in the Host header) and if a port is present maybe it incorrectly extracts out the hostname. Here is an example that shows the bug and why I think that.

In OnBeforeRequest add this code, which should only show an alert box if the hostname is test:

		if(oSession.HostnameIs("test")) {

Now in a browser try going to http://t:81/ and you will see it shows the alert box, in other words a match. Why? Well, I will guess based on my testing that your code in HostnameIs gets the index of the colon in the host t:81, which is 1, and then compares only that number of characters. So it's doing whatever is the javascript equivalent of !strnicmp("t", "test", 1).

This manifests itself through CONNECT as well, and probably more likely, since the standard ports are used in the Host header (IE might be an exception to this). For example, let's say you go to https://t/ in Firefox or Chrome and HTTPS decrypt is enabled. The Host passed by the client for the CONNECT is t:443 and so it's the same problem, !strnicmp("t", "test", 1).

This is not a theoretical issue for me, I was testing something earlier today where I had to treat a hostname that ended in .co different from the same hostname that ended in .com and it turned out the test I was doing applied to both of them because of this bug.

There may be very good reason to not use Session.hostname for the comparison, I don't know, but the likely extraction from Session.host is not done properly.
Last Updated: 18 Jan 2021 07:32 by ADMIN



Basically, the problem here is that if we're AutoAuthenticating when reissuing a request, we try to strip any default Auth header.


There's code that looks like


   if (theFlags.ContainsKey("x-AutoAuth") && newSession.requestHeaders["Authorization"].OICContains("NTLM") 

//... strip the header

The problem is that we should only be looking at the very first token of the Authorization header (e.g. before the first space). We should not search the whole header, because if the header is


    Authorization: Bearer BlahblahblahNtLMblahblah


we think it's an NTLM header and strip it. 


Last Updated: 17 Dec 2020 07:17 by ADMIN

Response headers named



Should be added to the "Security" section of the Response Headers inspector. These are important security headers added to the web platform, and looking for them will become increasingly common and important.

Need More Info
Last Updated: 06 Dec 2020 06:31 by Eric

Hello dear fiddler support.


The bug i've found is: Fiddler doesn't support some encryption ciphers.


Recently I was trying to connect to https://inlat.am/ site with "Decrypt SSL traffic" option set in fiddler to my genuine surprise i couldn't even connect to site.

I am using chrome 87.0.4280.88 64bit  and fiddler v5.0.20204.45441 for .NET 4.6.1

Without  "Decrypt SSL traffic" option set in Fiddler - chrome works fine.


So i decided to investigate what actually happen.

I run to https://www.ssllabs.com/ site to check supported ciphers - here you can check it https://www.ssllabs.com/ssltest/analyze.html?d=inlat.am&s=

and tried to reproduce the issue with wirshark  on.


In wire shark i can see that there is no ciphers supported by https://inlat.am/ site 

Cipher Suites (24 suites)
    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
    Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)
    Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
    Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
    Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
    Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
    Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
    Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
    Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
    Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
    Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
    Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
    Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
    Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
    Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
    Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a)
    Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)
    Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
    Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
    Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
    Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)


Now i now what the issue is about.

My question is how to fix the problem with ciphers.

In my opinion you should somehow add it in Fiddler.





Last Updated: 04 Dec 2020 13:57 by ADMIN
Created by: Ahsen
Comments: 4
Type: Bug Report


I am getting the following error in fiddler and without Capture HTTPS CONNECTs it works, also in the Protocols I have enabled: <client>;ssl2;ssl3;tls1.0;tls1.1;tls1.2

fiddler.network.https> HTTPS handshake to <domain> (for #6) failed. System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < The message received was unexpected or badly formatted

Win32 (SChannel) Native Error Code: 0x80090326


[Edited by Telerik Staff to remove personal information and convert to bug report]

Won't Fix
Last Updated: 03 Dec 2020 14:42 by ADMIN
Created by: Poor
Comments: 1
Type: Bug Report

In the Good Old Times™ "give feednback" just mean "give feedback".

Well, here is your feedback.

Why do i have to

  • create an account I need like Aids
  • confirm the account  I need like Aids
  • set a password to an account I need like Aids
  • log in with said account I need like Aids
  • click the "report bug" button (finally)
  • getting interrupted again by some page who tries to trick me in a fucking search
  • find the "yes I really really want to report that bug" button
  • and finally after all the above being able to GIVE SOME FUCKING FEEDBACK?

Why are you wasting my time? I did not make it buggy, it was you!

Last Updated: 18 Nov 2020 15:26 by Eric

When loading the SAZ file, the requests are ordered incrementally based on the order they were saved in.

For example, a Fiddler session was sorted by URL and then saved to SAZ. When the file is loaded, the requests are still sorted by URL but the original index numbers are lost and the requests are numbered incrementally as per this sort. This means that it is not possible to sort the session back to the original linear order by clicking on the index column (#) as it was possible to do before the save/load.

I've seen that the original index is saved in the Comments column. This is only a partial solution because:

1. When sorting by this column, a lexical sort is performed meaning the sessions would be numbered: 1,10,100,101,11,12..19,2,20,21 etc...
2. If the request had a comment associated with it, this overrides this feature and the original index number is lost.

Also, I know it's possible to sort by ClientDoneRequest as a good approximation but it obviously doesn't recreate the original order.

It would be beneficial to keep the original index numbers (even including the gaps between them) as there is information there that shouldn't be lost when saving.


As always thank you for your work on this wonderful product.







Last Updated: 16 Nov 2020 08:24 by ADMIN

This bug occurs in both Fiddler and Fiddler Everywhere so you may want to take a look.

The system I'm running on is Win7x64 with latest patches loaded.

Note that when Fiddler/Fiddler Everywhere is not loaded, I can access this website normally.

====== Message from Fiddler v5.0.20204.45441 for .NET v4.6.1 Built: 2020-11-03 ======
HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 10:19:31.203
Connection: close

fiddler.network.https> HTTPS handshake to devblogs.microsoft.com (for #14) failed. System.Security.Authentication.AuthenticationException 呼叫 SSPI 失敗,請查看內部例外狀況。 < 接收到的訊息超出預期或格式不正確。

Win32 (SChannel) Native Error Code: 0x80090326

====== Message from Fiddler Everywhere 1.2.1 Built: Friday, November 6, 2020 ======
fiddler.network.https> HTTPS handshake to devblogs.microsoft.com (for #17) failed. System.Security.Authentication.AuthenticationException Authentication failed, see inner exception. < 接收到的訊息超出預期或格式不正確。

Win32 (SChannel) Native Error Code: 0x80090326
Won't Fix
Last Updated: 05 Nov 2020 07:03 by Adam
Created by: Adam
Comments: 4
Type: Bug Report
We downloaded Fiddler Classic from our site for evaluation, and when we try to distribute it via Google Drive (we are enterprise subscribers), we get a virus warning, and the download is not allowed.

I'm guessing this is a false positive, but want to verify that with you, and see if you know why it might be flagged as virus by Google's scanning service.

We are holding off distributing or evaluating the product for now, erring on the side of caution.


Adam Creighton
Studio Head, Enduring Games
Need More Info
Last Updated: 02 Nov 2020 13:02 by ADMIN


I'm testing a website that has a self signed SSL cert. I can navigate to this URL via an extra warning step on chrome (see attached screen shot).

However via Fiddler, I just get an error that "this site cannot be reached" and I can see it's dropped on the Fiddler side: I can see the tunnel CONNECT request, but no subsequent request.

I've enabled the option "Ignore server certificate errors (unsafe)" and restarted Fiddler, but the problem still persists.


As always, thank you for your work on this.



Last Updated: 12 Oct 2020 05:24 by ADMIN

Fiddler’s “Auth” Inspector uses Encoding.Default() for decoding base64-encoded BASIC auth credentials. This was common practice at the time this was first written but is now obsolete. https://tools.ietf.org/html/rfc7617, written much later, demands UTF-8.

Chromium and Firefox encodes credentials using UTF-8.


Need More Info
Last Updated: 05 Oct 2020 05:22 by ADMIN
Created by: S
Comments: 1
Type: Bug Report

When using Fiddler, there seems to be some bugs around resizing the GUI/UI, namely the dividers between sections such as between packet list vs. inspectors panes. It seems that when Fiddler is maximized full-screen, the divider (while using "Wide" layout) is shifted all the way up high, just beneath the initial packet in the list (Fiddler's update check).

I've been able to adjust the UI by manually manipulating Fiddler's registry settings, but even then it still seems finicky -- sometimes they take, sometimes they don't.

v5.0.20202.18177 for .NET 4.6.1
Built: Tuesday, April 14, 2020

Last Updated: 05 Oct 2020 04:51 by ADMIN

Hi everyone.


A screenshot of the error is provided, I think there are extra characters in the form, these should not appear, it seems to be caused by a decoding error. Note that the transfer method "transfer-encoding: chunked".


Last Updated: 28 Sep 2020 05:13 by ADMIN

If the user configures a list of sites inside Tools > Options > HTTPS > "Skip Decryption for hosts", this configuration list is ignored if the AutoResponder is enabled with the "Accept all connects" checkbox ticked.

This should be fixed because otherwise it's extremely difficult to figure out what's going wrong.


Incidentally, this behavior might be responsible for this issue: https://feedback.telerik.com/fiddler/1479071-fiddler-refusing-to-ignore-teams-microsoft-com-and-is-causing-my-ms-teams-app-on-windows-to-break

1 2 3 4