Declined
Last Updated: 05 May 2023 07:24 by ADMIN

Fiddler classic uninstall after epic app & valorant online game not working some error as to come valorant error code : val 29

Epic error code : 404

Need More Info
Last Updated: 05 May 2023 07:09 by ADMIN
Created by: Michael
Comments: 1
Type: Bug Report
0

Fiddler would NOT allow me to save the file.  We tried this multiple times to various file locations. 

I do not have Visual Studio installed on my PC -- so I selected the latest verison in this form because it is a REQUIRED field. 

Fiddler provided the text below. 

 

---------------------------

Awww, Fiddlesticks!

---------------------------

Fiddler has encountered an unexpected problem. If you believe this is a bug in Fiddler, please copy this message by hitting CTRL+C, and submit a bug report at http://www.telerik.com/forums/fiddler.

 

Could not find file 'C:\Users\629243897\Documents\IBMSPend on v85 debug - 2 refreshes after logon.saz'.

 

Type: System.IO.FileNotFoundException

Source: mscorlib

   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)

 

   at System.IO.FileInfo.get_Length()

 

   at Fiddler.frmViewer.actSaveSessionArchive(String , String
, Session[] ) in C:\Jenkins\Fiddler_Windows\workspace\Fiddler2\Fiddler.Shared\Viewer.cs:line 6808

 

 

Fiddler v5.0.20211.51073 (x64 AMD64) [.NET 4.0.30319.42000 on Microsoft Windows NT 10.0.22621.0]

---------------------------

OK   

---------------------------


Unplanned
Last Updated: 29 Mar 2023 08:21 by ADMIN
Created by: Eric
Comments: 0
Type: Bug Report
0

When sending post data, -d option needs to ensure that the data does not start with an @

https://portswigger.net/research/the-curl-quirk-that-exposed-burp-suite-amp-google-chrome

 

BasicFormats.dll - cURLExport.cs

Planned
Last Updated: 03 Dec 2022 04:14 by Eric

As noted in the Fiddler book,

Sessions rerouted from one hostname to another using the Host Remapping tool are rendered with a light blue background in the Web Sessions list. HTTPS Sessions that have been rerouted have the X-IgnoreCertCNMismatch and X-OverrideCertCN Session Flags set to avoid raising “Certificate Name Mismatch” errors.

However, there's a bug. In the HostsFile.cs code, there's are several places that look like:

            if (oS.isTunnel) {

                oS["x-overrideCertCN"] = oS.hostname;
                oS["X-IgnoreCertCNMismatch"] = "HOSTS-Ext";
            }

This usually works for browser traffic going through Fiddler (because the HTTPS handshake is typically conducted on the CONNECT tunnel). However, it doesn't work (and the user is spammed with cert error warnings) if the traffic is sent from Fiddler itself (e.g. via Composer or using the "Reissue requests" context menu item). 

The code should look like this:

            if (oS.isHTTPS || oS.isTunnel) {

                oS["x-overrideCertCN"] = oS.hostname;
                oS["X-IgnoreCertCNMismatch"] = "HOSTS-Ext";

           }

Unplanned
Last Updated: 22 Nov 2022 16:49 by Eric

If you open use fiddler for a while (a Day or so), eventually it lock up the UI on the other monitors. It is almost as if there is an invisible dialog over the other screens. Once you kill Fiddler. its all restored again.

 

We have been Noticing this over the last few months.

Unplanned
Last Updated: 29 Aug 2022 05:36 by ADMIN

Fiddler downloads content to show on its homescreen from HTTP URLs. This is not safe because the content is rendered to the user in a WebView control and thus an attacker on the wire could replace it with malicious code or instructions that could harm the user.

Fiddler should not be using HTTP URLs for anything in this day and age.

http://fiddler2.com/content/GetArticles?clientId=0651E115B3D6EFD84CC35BE
http://fiddler2.com/content/GetBanner?clientId=0651E115B3D6EFD84CC35BE

Unplanned
Last Updated: 12 Aug 2022 06:32 by ADMIN

document-policy: force-load-at-top

 

https://chromestatus.com/feature/5744681033924608

Need More Info
Last Updated: 01 Jul 2022 19:35 by Eric

I am trying to use settings Tools -> Win8 Loopback Exemptions -> Exempt All -> Save Changes. But it is giving me some error and saving those changes. Following is the error.

Failed to set IsolationExempt AppContainers; call returned 0x57

I am blocked due to this error and cannot perform tests on my application. Pls help.

Thanks

Pending Review
Last Updated: 10 Apr 2022 14:30 by Eu

I want to capture the traffic from Android Phone, and already install Root Certificate as 'System Trusted Credintials' in /system/etc/security/cacerts (renamed like '269953fb.0' by md5).

Accessing the https page, It seems to behave well in a normal application and other browser (like XBrowser, a tiny volume browser, only 1.01MB) ,and which proves that the certificate is installed correctly, but in Chrome it prompts 'NET:ERR_CERT_AUTHORITY_INVALID'. As shown, it seems that Chrome does not associate the web certificate returned by Fiddler with the root certificate already installed on the system, but I use the same installation method in Charles, it behaves well and can browse https pages normally, it seems that Charles generates a different certificate than Fiddler? I used the command

'openssl x509 -inform der -text -in /mnt/d/Users/menEu/Desktop/FiddlerRoot.cer'

to see the difference and it doesn't seem to be a huge difference (but I'm not specialized in this area)

Need More Info
Last Updated: 07 Apr 2022 05:55 by ADMIN

I've tried multiple allocation ratios and nothing solves the problem, the screen allocation ratio is 2560x1600.

Version Windows 10 Home Chinese
Version number 21H1
Installation Date ‎2021/‎12/‎25
OS Build 19043.1586
Experience Windows Feature Experience Pack 120.2212.4170.0

fiddler version :

v5.0.20211.51073 for .NET 4.6.1
Need More Info
Last Updated: 07 Mar 2022 10:17 by ADMIN

Hi,

I have a connectivity issue when I run Fiddler (Progress Telerik Fiddler Web Debugger). I work behind a corporate proxy server and the server IP is changed every few hours. The change in IP is normally okay, but when I am running Fiddler with the 'Automatically Authenticate' option enabled, then Fiddler shows an error every time the proxy is changed; it shows a yellow error message suggesting "The system proxy was changed. Click to reenable capturing".

Clicking on the error in Fiddler works fine and it reconnects, but I find this frustrating because if i don't realise there was an error in fiddler and don't click it immediately then it affects my connectivity and some activities on my pc start to fail without me realising.

My suggestion is that you should let Fiddler auto-reconnect when this type of proxy change happens and when the 'Automatically Authenticate' option is enabled. I know it can't try to reconnect forever because it will cause an endless cycle for other people who have other types of proxy disconnects, but in my case it would be very helpful to let fiddler at least try once to auto reconnect (for me 1 retry is usually fine and Fiddler is able to connect to the new proxy address, but perhaps you can let the number of retries be a menu option so that users can set the number of retries that they want Fiddler to do after there was a proxy change or proxy error).

 

Thanks so much for your work, I really like Fiddler!

I hope you can bug fix this or add it as a feature, it will be very helpful!

Regards,

Eugene

Completed
Last Updated: 18 Jan 2022 07:10 by ADMIN

When HTTPS decryption is enabled in Fiddler, Fiddler parses the ClientHello and ServerHello HTTPS messages to determine the supported ciphers and other information, including TLS Extensions.

Unfortunately, Fiddler's HTTPSMessages parsers have a bug whereby if the extensions are larger than the available data on the stream/pipe, reading of the extensions is skipped and misleading text suggesting that no extensions were sent is shown in the Inspectors. For instance, the current version of Chrome Canary sends ~1308 bytes of TLS extensions in the ClientHello, but only 908 bytes are available at the time that the message is read. Fiddler claims that the ClientHello contained no extensions. 

Instead of performing a single .Read() call and ignoring the result if the size is less than expected, Fiddler should continue to read the stream until the promised number of bytes have been read.

 

[This issue is similar to https://crbug.com/1028602#c2, although the implementation is obviously unrelated).

Unplanned
Last Updated: 18 Jan 2022 06:53 by ADMIN

"Target Any Process" feature no longer working with Chrome. It used to work but no longer works specifically with Chrome. Still works with other processes. Capturing still works with Chrome as long as I am not using the "Target Any Process" feature.

Completed
Last Updated: 22 Dec 2021 06:37 by ADMIN

The GetSupportedVersions function inside HTTPSUtilities has an off-by-one error in the parser that results in omitting the final value in the list.

Instead of code like this:

    for (int index = 1; index < arrSupported.Length - 2; index += 2)

 

the code should instead be:

 

    for (int index = 1; index <= arrSupported.Length - 2; index += 2)

Completed
Last Updated: 07 Dec 2021 11:03 by ADMIN

Precondition:

  • Have a list of several AutoResponder rules.

Steps to reproduce:

  • Select a rule in the list.
  • Press the M hotkey to set a comment for the rule.
  • Edit the comment.
  • Save the comment by confirming with OK.

Expected result:

  • The comment edit dialogue displays the current comment of the rule selected in the list.
  • Confirming the dialogue updates the comment of the rule selected in the list with the text box content.
  • The list selection does not change.

Actual result:

  • The comment edit dialogue displays the current comment of the rule selected in the list (expected).
  • As the edit dialogue opens, the selection in the AutoResponder list changes and a different rule is highlighted.
  • Confirming the dialogue updates the comment of the newly selected rule, not the one the user manually selected and whose initial comment was shown in the edit dialogue.

Version: 5.0.20192.25091 (2019-06-04)
Platform: Windows 10 build 17134, .NET 4.7.1

Completed
Last Updated: 07 Dec 2021 11:01 by ADMIN

Inside the Header inspector, you can add a header to a breakpointed response. The header editor offers templates. The "Set-Cookie" template for persistent cookies has an expiration date that seemed impossibly far in the future: June 2021.

 

Well, I may not have a flying car, but we're now living in a future beyond that imagined by the header inspector. We need to update to a later expiration date.

Completed
Last Updated: 07 Dec 2021 10:59 by ADMIN

The bug I'm reporting is sometimes the Session.HostnameIs() will return true even if the supplied hostname does not match Session.hostname and a port was passed by the client in the Host header.

HostnameIs function is documented as "This method compares the supplied hostname to the hostname of the request, returning true if a case-insensitive match is found."

What I think is happening is that rather than use Session.hostname for comparison Fiddler instead uses the Session.host (ie what was passed by the client in the Host header) and if a port is present maybe it incorrectly extracts out the hostname. Here is an example that shows the bug and why I think that.

In OnBeforeRequest add this code, which should only show an alert box if the hostname is test:

		if(oSession.HostnameIs("test")) {
			FiddlerObject.alert(oSession.hostname);
		}

Now in a browser try going to http://t:81/ and you will see it shows the alert box, in other words a match. Why? Well, I will guess based on my testing that your code in HostnameIs gets the index of the colon in the host t:81, which is 1, and then compares only that number of characters. So it's doing whatever is the javascript equivalent of !strnicmp("t", "test", 1).

This manifests itself through CONNECT as well, and probably more likely, since the standard ports are used in the Host header (IE might be an exception to this). For example, let's say you go to https://t/ in Firefox or Chrome and HTTPS decrypt is enabled. The Host passed by the client for the CONNECT is t:443 and so it's the same problem, !strnicmp("t", "test", 1).

This is not a theoretical issue for me, I was testing something earlier today where I had to treat a hostname that ended in .co different from the same hostname that ended in .com and it turned out the test I was doing applied to both of them because of this bug.

There may be very good reason to not use Session.hostname for the comparison, I don't know, but the likely extraction from Session.host is not done properly.
Completed
Last Updated: 07 Dec 2021 10:57 by ADMIN

https://twitter.com/ozziepeeps/status/1349126308454830082

 

Basically, the problem here is that if we're AutoAuthenticating when reissuing a request, we try to strip any default Auth header.

 

There's code that looks like

 

   if (theFlags.ContainsKey("x-AutoAuth") && newSession.requestHeaders["Authorization"].OICContains("NTLM") 

//... strip the header

The problem is that we should only be looking at the very first token of the Authorization header (e.g. before the first space). We should not search the whole header, because if the header is

 

    Authorization: Bearer BlahblahblahNtLMblahblah

 

we think it's an NTLM header and strip it. 

 

Completed
Last Updated: 07 Dec 2021 10:54 by ADMIN

Response headers named


  Cross-Origin-Embedder-Policy
  Cross-Origin-Resource-Policy
  Cross-Origin-Opener-Policy

 

Should be added to the "Security" section of the Response Headers inspector. These are important security headers added to the web platform, and looking for them will become increasingly common and important.

Completed
Last Updated: 07 Dec 2021 10:52 by ADMIN
Created by: Tony
Comments: 2
Type: Bug Report
0

Hi,

When i started latest version of Fiddler, i started to get an error window at launch saying "Failed to register Fiddler as the system proxy"

But as usual, i have plenty opened windows at the same time.

While i'm doing a search for a solution, Fiddler and the error window goes to background.

But when i come back to Fiddler, i'm unable to exit the application.

The error windows is not referenced in the taskbar and it's a pain to find it.

The best solution is to go to desktop "Win+D" and focus on Fiddler to get the splash screen and the error window visible again.

Once the error window closed, i can close Fiddler.

The issue is the error window staying on background and not having an entry in taskbar.

1 2 3 4 5