Login to start a new topic

Fiddler everywhere <= Fiddler classic

So many things I can't do... Where to start?

I've not been able to find the answers to the following questions in the documentation. Either the documentation is poor, or  the features are missing. Either way, not great.

  1. Fiddler classic doesn't require me to log in to a cloud service to simply proxy internal traffic. How can I be confident that none of my data is being transmitted to the cloud? (And why would I even want to log in to use a stand alone piece of software which I'm not sharing data in?)
  2. In Fiddler "classic" I can easily decree that I'm only interested in capturing traffic to certain hosts. I can use wildcards - *.mydomain.net; *.myother.com. In fiddler everywhere I can filter, but seemingly only for explicit hosts, not wildcards. Please prove me wrong!
  3. Fiddler classic seemingly doesn't record traffic to the domains excluded by the filter; fiddler everywhere does - it's a display filter not a capture filter. How can I set a capture filter? (Yes, all the traffic needs to go via the proxy; I just don't want to bother capturing it all)
  4. How on earth does one GET or POST to manipulate data in fiddler everywhere? In Fiddler classic it's simple - you click "Break on Post" or "Break on Get"
  5. Fiddler classic will allow a choice of clients to proxy - everything, browsers only, non-browsers, remote traffic. How do you select browser-only traffic in fiddler everywhere?
I think I can see the plan - make fiddler look less complex (by sacrificing functionality?) and add the "composer" tab to take some of Postman's market share... but realistically it's far from equal to a "fiddler classic and Postman" combo.

To be fair, it's far from equal to fiddler classic alone :-(

Forgot to add


      6. Why doesn't Fiddler everywhere decode Brotli, like it's predecessor could?

Hey, Preah, indeed Fiddler Everywhere and the classic Fiddler are two different products. As Fiddler Everywhere is a new product, we initially focused on the support for multiple platforms (Linux, macOS, and Windows) and for the collaboration functionalities (sharing sessions, autoresponder rules, etc.). One of the future goals is to have feature parity (as much as possible) with the old Fiddler but consider that the old Fiddler is a product that is actively developed for over 12 years. So that said, getting to a 100% feature parity will be an ongoing process.

Regarding your questions:

1. The topic is discussed in details in your other post https://support.kinvey.com/a/forums/categories/12000000385

2. Fiddler Everywhere provides filters with the Contains option, so instead of the wild card ( *.mydomain.net ), you could set a filter for a host that contains mydomain.net 

3. Both the classic FIddler and FIddler Everywhere are working as proxies and are capturing the whole traffic, including the filtered one. The filtered traffic is just not shown. 

4. Breakpoints are still not implemented in Fiddler Everywhere. We aim for full feature parity in the future, but I can provide a specific date on when the breakpoints will be implemented.

5. Fiddler Everywhere provides a Process column and based on the process ID, which can be used to filter browser only traffic. For example, you could apply a filter on the Process column that Contains a chrome, and this way, you will be able to show only the traffic generated from the Chrome browser. Note that different tabs in chrome might use the different unique ID (for example, something like chrome:25656)

6.  the support for Brotli content encoding is logged as a feature request here: https://support.kinvey.com/a/forums/categories/12000000385 

I just installed and tried Fiddler everywhere for a few minutes but it seems like it's not the product for me yet. I want to only intercept traffic from my phone and not from my computer, but Fiddler Everywhere seems to automatically capture traffic from my computer. As mentioned in point 5, it's not possible to capture only remote traffic.

I also want to capture remote https traffic, but I absolutely don't want to trust the fiddler certificate on my computer. But if I don't trust the fiddler certificate it's not possible to capture https traffic even if I trust the certificate on my phone.

The main reason I'm using fiddler classic instead of other apps like burp suite or mitm proxy is the possiblity to create own rules with scripting. I hope this is something that will be available in the free version of Fiddler Everywhere before Fiddler Classic is eventually discontinued in the future.

Hey, Nibarius, thanks for the feedback. Fiddler Everywhere aims for feature parity with the classic Fiddler, and we will consider providing the 5th point functionality in the future. Currently, you could use the filtering by the process, as discussed in my previous answer. 

Login to start a new topic