Within a .net application when the CheckCertificateRevocationList is set SSL connections can no longer be made while fiddler is running.

An example:

ServicePointManager.CheckCertificateRevocationList = true;

WebRequest request = WebRequest.Create("https://www.google.com");

var response = await request.GetResponseAsync();

This fails with

The remote certificate is invalid according to the validation procedure.

 

If I register a validation callback (ServicePointManager.ServerCertificateValidationCallback) too  see what is going on I see

SSLPolicyErrors = RemoteCertificateChainErrors

When looking at the X509Chain I see "The revocation function was unable to check revocation for the certificate.\r\n"

Some other threads on stack overflow indicated this may be due to no revocation list being attached to the fiddler root certificates.

So I was wondering if anyone was able to get fiddler to work with the CheckCertificateRevocationList= true.  I know I can disable it but that would not be good for security. I also could in the handler allow fiddler certificates, but I was hoping there was a way to generate the fiddler certificates in a way that worked with that setting.

 

Hello, it seems like there are a few ways to configure fiddler to chain to an upstream proxy, but none of the instructions i found mentioned what to do when you are using a setup script for the proxy. Is there a way to still configure fiddler to chain to the upstream proxy in this case? 

https://vimeo.com/758966052

Pleas take a look at video above here.

I compare between fiddler classic and echo mirage and i want to know why fiddler can't capture it? and how to fix this. (fiddler classic can capture http(s) normally)

I can capture traffic, decrypt HTTPs from web browsers and other applications with Fiddler just fine.

But with this app, Fiddler doesn't see anything. Tried options like adding protocols,  checking ignore cert errors, even tried tried turning off HTTPS decryption. No difference, just nothing.

With Wireshark. I can see the SSL/TCP traffic.

Here's the app link (You can register for free with junk email to login via app)

https://tinyurl.com/4yd3e94r

Please help

 

Question

I want auto close tabs.

I'm every times doing this steps.

1. Launch Fiddler Classic
2. Close these tabs(Click mouse middle button to close)

• Fiddler Orchestra Beta
• Log
• Timeline
• Get Started
• Statistics
• Auto Responder

3. Start using Fiddler Classic

I'm tired.
I'm doing this about 1 year ago.

So, I want auto close tabs.

It is possible?
How can i do it?

Thank you.

Environment

• Windows 11 64bit
• Fiddler Classic: v5.0.20211.51073 for .NET 4.6.1

For example:

In the session, Host is 'www.aaa.com', URL is '/bbb/ccc?ddd'

I want to save this www.aaa.com/bbb/ccc?ddd to a local txt file,  so I run to fiddler script/ onBeforeResponse part,  save oSession.fullUrl to a local file.

But what I get is 'www.aaa.com:443'. I wonder how to save what I need with script, now it seems to omit the URL part and add '443' instead.

Hello, how can I configure Fiddler Classic, so that only one URL appears? since two identical URLs appear to me, but I only want one to appear, how can I configure it?, thanks.

 

Hi,

When anyone try to download fiddler classic and access this page: https://www.telerik.com/download/fiddler you force the user to enter email address.

This is not UE GDPR compliance

HI:

I'm try to use fiddler as reverse proxy ,and i Write a FiddlerScript Rule like this

if (oSession.host.toLowerCase() == "192.168.5.201:8889") oSession.host = "pubs.acs.org";

then i try access https://192.168.5.201:8889 , I get this:

 i know this is because cloudflare detective it as a ddos attack.

Does it possible to solve this problem?

Afternoon folks...

I have an application that keeps sending DNS traffic over HTTPS and ultimately fails because it resolves as external where it should be internal. So I'm tracing it down using Fiddler. The application is spawned by Edge WebView2 and I can see the requests to Google and CloudFlare over :443 for DNS (through WireShark). What is very odd, is when I am running Fiddler the application never fails. So I'm trying to understand what Fiddler does while it's capturing so I can pick it apart and see which bit is making this work.

I know it uses WPAD for a bit of its operations too, I have that enabled on my machine now too. I killed DoH on my laptop too as well as Secure DNS in Edge/Chrome.

Anyone know the innerworkings of Fiddler (obviously not at an intellectual property level) but more what is it doing while it's running.