Hi,

I’m developing a .NetFramework extension for Fiddler and am finding an issue with clearing bold, italic, strikethrough on the session text in the session list when using “this.session.RefreshUI()”. I’d like to be able to see these changes occur upon a context menu item click, immediately within Fiddler, without having the reload the sessions or the application. I can see the session flags are removed from the session as expected, but the bold, italic, or strikethrough is not unset.

I’m aware there is an option to Mark, Unmark sessions, but this doesn’t fit integrate closely enough with the extension I am developing or do exactly what I would like.

I seem to have no issues with changing the UI-Backcolor or UI-Color and refreshing for the updates to be immediately seen.

I can set UI-Bold, UI-Italic, UI-Strikethrough, but I cannot unset these with RefreshUI().

Is this a bug? Is the RefreshUI() call not doing something for UI-Bold, UI-Italic & UI-Strikethrough which it does do for UI-BackColor and UI-Color?

Thanks,

Jeremy.

Related issue: https://github.com/aws/aws-sdk-net/issues/2567

When sending multiple requests to the same domain, sometimes Fiddler alters the headers (in this case by duplicating the user-agent one), and in this case it causes a fail because a precomputed signature of the request does not match.

Fiddler's update check will always fail by default because you've disabled TLS/1.0 support on your server and Fiddler's now-very-outdated TLS config only enables TLS/1.0 by default. The user must manually go into Tools > Fiddler Options > HTTPS and change the Supported protocols string to <client>;tls1.2 to fix this problem (and to also fix problems with the Composer and any other Fiddler features that do not pass through traffic through a client that supports later TLS.

This is tracked by oAcceptedServerHTTPSProtocols in Config.cs.

If you open use fiddler for a while (a Day or so), eventually it lock up the UI on the other monitors. It is almost as if there is an invisible dialog over the other screens. Once you kill Fiddler. its all restored again.

We have been Noticing this over the last few months.

Fiddler downloads content to show on its homescreen from HTTP URLs. This is not safe because the content is rendered to the user in a WebView control and thus an attacker on the wire could replace it with malicious code or instructions that could harm the user.

Fiddler should not be using HTTP URLs for anything in this day and age.

http://fiddler2.com/content/GetArticles?clientId=0651E115B3D6EFD84CC35BE
http://fiddler2.com/content/GetBanner?clientId=0651E115B3D6EFD84CC35BE

document-policy: force-load-at-top

https://chromestatus.com/feature/5744681033924608

"Target Any Process" feature no longer working with Chrome. It used to work but no longer works specifically with Chrome. Still works with other processes. Capturing still works with Chrome as long as I am not using the "Target Any Process" feature.

Once a program has been "Filter now"ed via the context menu, if that filter is later deleted from down bottom, that program can no longer be "Filter Now"ed again; nothing happens.

It's as if program filtering is only given one opportunity to be "Filter Now"ed. Once that's happened, even if they filter gets deleted, the program isn't given another opportunity to be Filter Now'ed.

Hi,

1-st of all, thanks for the Fiddler!

I'm using the custom font size set under the Fiddler options (Windows OS), but its not respected during the params editing.

see attached screenshot.

When my machine restarts before Fiddler is closed gracefully, Fiddler opens back up with an error saying that my capture saz is corrupt and cannot be opened.  
This is a pain as I have to then manually rebuild any requests that I need.

Fiddler should have savepoints or some way to prevent it from losing all my LogResuest history whenever Fiddler is forcefully shut down

If you try to launch two instances of Fiddler/FiddlerViewer at the same time, you hit a sharing violation.

This file needs to be read with the correct sharing flags set.

I recently am having an issue with MS Teams while running fiddler.  MS Teams keeps giving disconnect errors. That's when I noticed that fiddler it proxying it's traffic even though I have filters set to "Show only the following Hosts", and teams.microsoft.com are not included in the hosts.  I also notice other items in my sessions list that are not in my list of hosts so what is going on?

I don't really want to post my list of hosts publicly.  If you need them, please let me know and maybe I can email them to someone.

Hello,

I am getting the following error in fiddler and without Capture HTTPS CONNECTs it works, also in the Protocols I have enabled: <client>;ssl2;ssl3;tls1.0;tls1.1;tls1.2

fiddler.network.https> HTTPS handshake to <domain> (for #6) failed. System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < The message received was unexpected or badly formatted

Win32 (SChannel) Native Error Code: 0x80090326

Ashen

[Edited by Telerik Staff to remove personal information and convert to bug report]

When loading the SAZ file, the requests are ordered incrementally based on the order they were saved in.

For example, a Fiddler session was sorted by URL and then saved to SAZ. When the file is loaded, the requests are still sorted by URL but the original index numbers are lost and the requests are numbered incrementally as per this sort. This means that it is not possible to sort the session back to the original linear order by clicking on the index column (#) as it was possible to do before the save/load.

I've seen that the original index is saved in the Comments column. This is only a partial solution because:

1. When sorting by this column, a lexical sort is performed meaning the sessions would be numbered: 1,10,100,101,11,12..19,2,20,21 etc...
2. If the request had a comment associated with it, this overrides this feature and the original index number is lost.

Also, I know it's possible to sort by ClientDoneRequest as a good approximation but it obviously doesn't recreate the original order.

It would be beneficial to keep the original index numbers (even including the gaps between them) as there is information there that shouldn't be lost when saving.

As always thank you for your work on this wonderful product.

Cheers,

  Ronen

This bug occurs in both Fiddler and Fiddler Everywhere so you may want to take a look.

The system I'm running on is Win7x64 with latest patches loaded.

Note that when Fiddler/Fiddler Everywhere is not loaded, I can access this website normally.

Hi everyone.

A screenshot of the error is provided, I think there are extra characters in the form, these should not appear, it seems to be caused by a decoding error. Note that the transfer method "transfer-encoding: chunked".

If the user configures a list of sites inside Tools > Options > HTTPS > "Skip Decryption for hosts", this configuration list is ignored if the AutoResponder is enabled with the "Accept all connects" checkbox ticked.

This should be fixed because otherwise it's extremely difficult to figure out what's going wrong.

Incidentally, this behavior might be responsible for this issue: https://feedback.telerik.com/fiddler/1479071-fiddler-refusing-to-ignore-teams-microsoft-com-and-is-causing-my-ms-teams-app-on-windows-to-break

Hello

I've the following request response:

{
    "proId": 98767975948505330
}

This is correctly displayed in the "Raw Tab", but when switching to the JSON tab, the displayed number is not correct.

Could you fix this ?

Thanks

I couild highlight a row in the captured data and hit the context menu for Copy | Session and it would copy the data and present it in this type of format when pasted into notepad:

PUT https://xxx.xxx.xxx.xxx/service/core/v3/AssetPartitions/-1/DiscoveryJobs/29 HTTP/1.1

GET https://10.5.33.172/service/core/v3/AssetPartitions/1/DiscoveredSshKeys/23/10?page=0&limit=200 HTTP/1.1
Accept-Language: en-US; q=1.0, en; q=0.9
X-SignalR-Id: f83b9717-2553-438f-b76c-4c3e70159a39
Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjQyRjIzMDlCQzZGMkNFQzNBQzc1MTA3RUQyRTFCREE4NzEwQUI5MUIiLCJ0eXAiOiJKV1QiLCJ4NXQiOiJRdkl3bThieXpzT3NkUkItMHVHOXFIRUt1UnMifQ.eyJBY3R1YWxVc2VySWQiOiIxIiwiQXV0aFRva2VuSWQiOiI2OTdlZDkzOC05YTY1LTQyZDctODI2MS04MGRiYzhkYTE1OWQiLCJyc3RzOnN0czpjbGFpbXM6dXNlcjp1c2VySWQiOiIxIiwidXBuIjoiU3VwZXIiLCJhdXRobWV0aG9kIjoibG9jYWw6cHdkIiwibmFtZWlkIjoiU3VwZXIiLCJuYmYiOjE1ODc0OTI1MzMsImV4cCI6MTU4NzU3ODkzMywiaWF0IjoxNTg3NDkyNTMzLCJpc3MiOiJ1cm46dG9rZW5hdXRoZW50aWNhdGlvbnByb3ZpZGVyOlNBRkVHVUFSRF9BUFBMSUFOQ0UifQ.Leqmwi7cbogsB_XYv9DpJ2SCgCtkl7WsY8Y6pXjfHVSm1P9-82ayeNK_J9rmQUdqZrWjmCeK4DxiyifKAzpgCJm5y0XgUX02jJ5RiD_i8EWOT6ywyxgRRKLefm36jHsWVavLpidJMo4QyOEUGX1OHw0-Cgv2kJyESwkNYLgVQB34WEGMSe2Sh1kVkQrVl-WwcmlckL7yw5rPaofje5lEXrbGMHbNTfBAuei08DVf49DBjV7FGZWRMpvB3mIpWqAZylTXu2DNcfol2ZuVYG1PmTY7pENZGzO98gT7c08Q6wqbZF1846F47oZ2wZXrcYRHkNO8nJ6N7JUN8koGMQ2P6g
Host: 10.5.33.172


HTTP/1.1 200 OK
Cache-Control: no-store, must-revalidate, no-cache
Content-Length: 1872
Content-Type: application/json; charset=utf-8
Content-Language: en-US
Vary: Origin
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1; mode=block
Content-Security-Policy: object-src 'none'; img-src 'self' data:; font-src 'self'
Referrer-Policy: same-origin
X-Cluster-Role: primary
X-TokenLifetimeRemaining: 1433
Date: Tue, 21 Apr 2020 18:16:29 GMT

[{"DiscoveredDate":"2020-04-21T17:20:10.228Z","AccountName":"BobAdmin","AccountDomainName":null,"AccountId":10,"AssetName":"PAM-QA-WIN2019","AssetId":23,"AssetPartitionId":1,"AssetPartitionName":"Import","SshKeyProfileId":1,"SshKeyProfileName":"Import SSH Key Profile","SshKeyDiscoveryScheduleId":15,"SshKeyDiscoveryScheduleName":"Import SSH Key Discovery","PublicKey":"AAAAB3NzaC1yc2EAAAADAQABAAABAQCjJh0+dkm7SMIzhCVPaZTxu0pQA9uhScH26GSxDb5ddoYigi9dlq45/4zal230Nk4o3IQmbP7hLikKTCr2Y3GRUZJEJ8IdQe9zXtGnm+N2iczbmg9kGPcb6j3pMcfxrjZlcOFOXgRaz1tnJXdaSLuM4kI45+sJjtdJ9e/nDdX1HgWVyo0U3CO7q/k/srI1+KaetKW58iCIK6zZnoW8jUhmyXdxA/UkkOwUCdK7kQwOn6kBV7pRgErS1nWmd4RZ7UNi0iSpZdrg6yL7mngLfzS7ee4iZ2Hp3WUY8s1aYhPkDJcJl6uEbxy2NpwLvbUgCWcbJCUPRQUKAdheR7uJuTfF","Comment":"bross@prod@Q3LJ2RQ2","Fingerprint":"4D7280929A77CAD8C0EF03099AF90F4F","KeyType":"Rsa","Options":null,"KeyLength":2048,"AccountStatus":"Managed","IsIgnored":false,"IsManaged":true},{"DiscoveredDate":"2020-04-21T17:20:09.686Z","AccountName":"BobAdmin","AccountDomainName":null,"AccountId":10,"AssetName":"PAM-QA-WIN2019","AssetId":23,"AssetPartitionId":1,"AssetPartitionName":"Import","SshKeyProfileId":1,"SshKeyProfileName":"Import SSH Key Profile","SshKeyDiscoveryScheduleId":15,"SshKeyDiscoveryScheduleName":"Import SSH Key Discovery","PublicKey":"AAAAB3NzaC1yc2EAAAADAQABAAABAQDP1WLHVC8mq6ICGre8OUPi5FQMYxomTGlSgnVqIvIUHLNI8PPH0xpkOpfhlZASzu7WtHWX37LDvEcUqW0gYb0eYww56IeERHui5yuJ7ocJnXETO33W+n0pnYjZuyqxEjSa8P14O6smg5z6bxm+/StItb8GyL1kBdQdoVeVMfWUSUO/2qyvmK22QOS8df2Gl+MWcBvsoU6rrtTq5N9FlS05zFsQJGUt/MrV3qHhKUqviFEZ1sl5ziisRknWInCb+YTkq7a5HFSbSAjxHZDjwPJ92gTWs+W/n6GsSY9Xjnjx+rFfpD1bSD4JnjwJ2QUsbTLPutJ0CpLFdOUJbgzsQY1N","Comment":"Safeguard_Windows_SSH","Fingerprint":"850585DBE61DE4F2D638EC3DE66CCE83","KeyType":"Rsa","Options":null,"KeyLength":2048,"AccountStatus":"Managed","IsIgnored":false,"IsManaged":false}]

Now all I get is the URL...