diff --git a/_config.yml b/_config.yml index 4947273e..69ae5508 100644 --- a/_config.yml +++ b/_config.yml @@ -54,9 +54,12 @@ navigation: user-guide/settings: title: Settings position: 1 + fiddler-reporter: + title: Fiddler Reporter + position: 100 security: title: Security - position: 100 + position: 110 knowledge-base: title: Knowledge Base position: 1000 diff --git a/fiddler-reporter/features.md b/fiddler-reporter/features.md new file mode 100644 index 00000000..9466cdd7 --- /dev/null +++ b/fiddler-reporter/features.md @@ -0,0 +1,125 @@ +--- +title: Features +description: "Using the different capturing modes in the Fiddler Reporter tool and learning more about the available configuration options." +slug: reporter-features +publish: true +position: 10 +--- + +# Fiddler Reporter Features + +The Fiddler Reporter presents several capturing modes to best suit different environment scenarios. The application also provides options to configure the default browser instance, control the Fiddler certificate authority (CA) file installation, and set some additional capturing settings. + +## Capturing Modes + +The Fiddler Reporter has four different capturing modes, which you can use depending on your needs and environment. The options are as follows: + +- [**Start Capturing Browser**](#capturing-browser-option) - this option in Reporter corresponds to the browser capturing mode in Fiddler Everywhere. It captures traffic from a sandboxed browser instance. + +- [**Start Capturing Everything**](#capturing-everything-option) - this option corresponds to the system capturing mode. It sets the Fiddler Reporter proxy as the operating system upstream proxy. This option requires the explicit instalation and trust of the Fiddler certificate authroity file. + +- [**Start Capturing Terminal**](#capturing-terminal-option) - this option corresponds to the terminal capturing mode. It captures traffic from a sandboxed terminal instance. + +- [**Manual Setup (Advanced)**](#manual-setup-option) - this option corresponds to the explicit capturing mode. You can use this option to configure a specific client application alongside the Fiddler Reporter proxy address and port. This option requires the explicit installation and trust of the Fiddler certificate authority file. + +### Capturing Browser Option + +The **Start Browser Capturing** is the default option that allows traffic to be captured from a sandboxed browser instance. As a result, Fiddler Reporter starts an independent browser instance preconfigured to respect the Fiddler proxy and +to trust its Root Certificate Authority (CA). The HTTPS traffic generated will appear in Fiddler Everywhere +Reporter. Currently, the tool supports independent browser capturing only for Chrome and Edge browsers. If +both exist on the machine, Chrome will be opened by default. MacOS users need to manually quit the browser instance from the dock even after the Fiddler Reporter tool is closed. + +Use the browser option as follows: + +1. Start the Fiddler Reporter application. + +1. Click on the **Start Capturing Browser** button. + +1. Capture the targeted traffic in the sandboxed browser instance opened from the Fiddler Reporter tool. + +1. Click on the **Stop Capture** button. + +1. Click the **Save Capture** option, set a password, and choose a location to store your SAZ file. + +### Capturing Everything Option + +The **Start Capturing Everything** option will log all HTTP, HTTPS, WebSocket, SSE, and gRPC traffic between the +computer and the Internet. It works by setting the system proxy and capturing all incoming and outgoing +traffic from any application that supports a proxy - browsers, desktop applications, CLI tools, etc. This +option requires installing and trusting the operating system's Fiddler Root Certificate Authority (CA). + +Use the capture everything option as follows: + +1. Start the Fiddler Reporter application. + +1. Click the **Start Capturing Everything** button (available through a drop-down). + + >warning If that is your first time using this mode, then you will need to export and install the Fiddler certificate authority file explicitly while using [the **Certificate > Trust Root Certificate** option](#configuring-the-fiddler-certificate) or by manualy exporting and installing the Fiddler CA. + +1. Capture the targeted traffic from the targeted client application. + +1. Click on the **Stop Capture** button. + +1. Click the **Save Capture** option, set a password, and choose a location to store your SAZ file. + +### Capturing Terminal Option + +The **Start Capturing Terminal** option will launch a new, clean terminal instance and route traffic only from this +instance through Fiddler Everywhere Reporter. It will open PowerShell on Windows and the default Terminal +on Mac. The option currently supports capturing traffic from cURL, Node.js, and Python out of the box. If you +need to capture traffic from .NET applications, it is required to install and trust the Fiddler Root +Certificate Authority manually (these options can be found in the Tools menu). The terminal capturing mode allows +the proxy to be used in a sandboxed environment without changing the global OS proxy settings. + +Use the capturing terminal option as follows: + +1. Start the Fiddler Reporter application. + +1. Click on the **Start Capturing Terminal** button. + +1. Capture the targeted traffic in the sandboxed terminal instance opened from the Fiddler Reporter tool. + +1. Click on the **Stop Capture** button. + +1. Click on the **Save Capture** option, set a password, and choose a location to store your SAZ file. + +### Manual Setup Option + +When this mode is selected, Fiddler Everywhere Reporter will start listening on the port printed next to the +“Details” label. The address can be copied and used to specify the proxy registry setting of your application and +manually configure it to send incoming and outgoing traffic to Fiddler Everywhere Reporter. In addition, the +Fiddler Root Certificate must be trusted from the Tools menu or manually exported and trusted. + +Use the manual setup option as follows: + +1. Configure your client application to use the Fiddler proxy address (127.0.0.1), port (8877). + +1. To capture and decrypt secure traffic (HTTPS), export and install the Fiddler CA within your client applicaiton. + +1. Start the Fiddler Reporter application. + +1. Click on the **Manual Setup (Advanced)** button. + +1. Capture the targeted traffic from your client application. Note that at this point, the application should already respect the Fiddler Reporter proxy address, port and certificate. + +1. Click on the **Stop Capture** button. + +1. Click on the **Save Capture** option, set a password, and choose a location to store your SAZ file. + +## Tools + +Use the **Tools** section within the application menu to set the default browser (for the [**Start Capturing Browser**](#capturing-browser-option) option) and to explicitly allow remote devices to connect. + +- **Default Browser** - Allows you to set the default browser which Fiddler Reporter should use to createa a sandboxed browser instance. Currently, the supported browsers are Google Chrome and Microsoft Edge. +- **Allow Remote Devices to Connect** - Controls whether inbound connections to Fiddler Reporter are allowed. Enable this option to capture traffic from remote devices. Behind the scenes, the option opens (or closes) the Fiddler Reporter port for inbound connections on the host machine. + +## Configuring the Fiddler Certificate + +Use the **Certificate** section within the application menu to trust, export, reset, and remove the Fiddler certificate authority (CA) or ignore server certificate errors. The options are as follows: + +- **Trust Root Certificate** - Installs and trusts the Fiddler root certificate authority (CA) in the **user store** of the operating system certificate manager. +- **Export Root Certificate** - Exports the Fiddler Reporter CA on your `Desktop` folder. The format varies depending on the operating system. +- **Remove Certificate** - Removes the currently trusted CA from the OS certificate store. +- **Reset Root Certificate** - Removes the currently trusted CA, generates a new one, and trusts it. +- **Ignore Server Certificate Errors (unsafe)** - Configure Fiddler Reporter to ignore all server certificate errors automatically. + diff --git a/fiddler-reporter/overview.md b/fiddler-reporter/overview.md new file mode 100644 index 00000000..4898de5d --- /dev/null +++ b/fiddler-reporter/overview.md @@ -0,0 +1,47 @@ +--- +title: Overview +description: "Try the free Fiddler Reporter standalone cross-platform desktop tool HTTP-request proxy and use it to capture and export HTTP(S) traffic from any browser, system, or platform." +slug: fiddler-reporter-overview +publish: true +position: 0 +--- + +# Fiddler Reporter + +Progress® Telerik® Fiddler Reporter is a cross-platform desktop tool that monitors and logs all HTTPS traffic and issues requests between a computer and the Internet. It lets you quickly capture, save, and export HTTPS traffic on any machine without explicit installation. It's free to use and doesn't require a Fiddler Everywhere license. As such, it can be used on any computer, including third-party devices, test devices, servers, and any other compatible Windows or macOS device. The primary purpose of the Fiddler Everywhere Reporter is to serve as an extension tool of the Fiddler Everywhere application that aims to capture traffic on the end user (remote) and share it with a user holding an active license for Fiddler Everywhere. + +## Download Fiddler Reporter + +The latest version of the Fiddler Reporter can be downloaded from the [official download link](https://www.telerik.com/download/fiddler-everywhere-reporter). The tool is free to use and doesn't require a Fiddler Everywhere license. + +## Prerequisites + +- A device with Windows 10 x64 (version 22H2 or newer patch version), Windows 11 x64, Windows Server 2016 (or newer), or macOS version 11 (or newer). + +- To use the **Start Capturing Everything**, the app must start from an account with administrative rights to install the Fiddler certificate authority (CA) and set/unset the operating system proxy. + +## Login and License + +The Fiddler Reporter is a free tool that requires no login or licenses. + +## Using Fiddler Reporter + +Any user can download Fiddler Reporter and start it immediately without an explicit installation. After the tool loads, you can choose and start the preferred [capturing mode]({%slug reporter-features%}) to log the targeted HTTPS traffic. Once the capture is complete, the Fiddler Reporter tool presents the option to save the captured traffic as an SAZ file (also known as a Fiddler archive). The SAZ archive will contain a snapshot of all captured HTTPS sessions, which, at any point, can be loaded in Fiddler Everywhere. + +Example for basic usage of the Fiddler Reporter application: + +1. Download the Fiddler Reporter. + +1. Start the application by clicking on the downloaded artifact. + +1. Click on the **Start Capturing Browser** button. + + >tip The **Start Capturing Browser** is the default option that captures HTTPS traffic from a sandboxed browser instance. The reporter starts an independent browser instance (Google Chrome or MS Edge) that is preconfigured to respect the Fiddler proxy and trust its certificate authority (CA). If you aim to capture traffic from another client, you can use other [capturing modes]({%slug reporter-features%}). + +1. Capture the targeted traffic in the sandboxed browser instance opened from the Fiddler Reporter tool. + +1. Click on the **Stop Capture** button. + +1. Click on the **Save Capture** option, set a password, and choose a location to store your SAZ file. + +That's it! You have now captured, saved, and exported the web traffic as a Fiddler archive (SAZ). As a next step, a licensed Fiddler user can load the SAZ archive in the Fiddler Everywhere desktop application, where the traffic can be inspected, analyzed, replayed, and modified according to your needs. \ No newline at end of file diff --git a/modify-and-filter-traffic/conditions-and-actions.md b/modify-and-filter-traffic/conditions-and-actions.md index 8637d62a..bd844472 100644 --- a/modify-and-filter-traffic/conditions-and-actions.md +++ b/modify-and-filter-traffic/conditions-and-actions.md @@ -452,8 +452,6 @@ When you work with final and non-final actions, take into consideration the foll * Final actions prevent the execution of any other rule with lower priority (placed lower in the Rules list). -* Final actions prevent the execution of any other rule with lower priority (placed lower in the Rules list). - * Final actions are valid (as final) only when the rule matches an HTTP(S) session. * If a session matches with conditions that depend on its response (for example, a response body contains "HTML"), then any final action in any rule that matches the session will be ignored. The reason for this behavior is that final actions replace the response. By design, Fiddler is not intended to replace a response that was already received and matched conditions in a rule. @@ -488,7 +486,7 @@ When creating a matching condition in Fiddler Everywhere, you should consider th - All rules and their matching conditions are tested in order of appearance from top to bottom. -- If a rule contains a matching condition related to a response but contains actions related to the request, then the specific action will be executed after the server receives the request, and all changes will be visible in Fiddler Everywhere only. The user receive a warning wihtin the UI about the above behavior. +- If a rule contains a matching condition related to a response but contains actions related to the request, then the specific action will be executed after the server receives the request, and all changes will be visible in Fiddler Everywhere only. The user receives a warning within the UI about the above behavior. - Each rule's matching conditions are tested on the applied changes from the previous rule's executed actions.