From f21d21da2c9f347152de65ed7148052c20e364a5 Mon Sep 17 00:00:00 2001 From: NickIliev Date: Thu, 5 Dec 2024 14:31:02 +0200 Subject: [PATCH 01/12] updates related to Rules --- .../conditions-and-actions.md | 36 ++++++++++++++++++- modify-and-filter-traffic/filter-traffic.md | 7 ---- 2 files changed, 35 insertions(+), 8 deletions(-) diff --git a/modify-and-filter-traffic/conditions-and-actions.md b/modify-and-filter-traffic/conditions-and-actions.md index d751e8e7..666a36af 100644 --- a/modify-and-filter-traffic/conditions-and-actions.md +++ b/modify-and-filter-traffic/conditions-and-actions.md @@ -231,7 +231,7 @@ For more information, refer to the following list. ## Actions -When Fiddler Everywhere identifies a request that matches the rule's [**conditions**](#conditions), it automatically maps it to the **action** set in the rule. An action field that handles text (string modifier) is case-insensitive by default (you can use the **Aa** button to change them to case-sensitive) and can be auto-completed with suggestions corresponding to the captured sessions. Note that multiple actions will be executed in their numbered order, and action with the final action type will prevent the execution of all subsequent actions. +When Fiddler Everywhere identifies a request that matches the rule's [**conditions**](#conditions), it automatically maps it to the **action** set in the rule. An action field that handles text (string modifier) is case-insensitive by default (you can use the **Aa** button to change them to case-sensitive) and can be auto-completed with suggestions corresponding to the captured sessions. Note that multiple actions will be executed in their numbered order, and action with the final action type will prevent the execution of all subsequent actions. All actions in Fiddler Everywhere can be dragged and dropped to change their execution priority. Apart from returning files or predefined responses, a rule can perform the following specific actions: @@ -475,3 +475,37 @@ For an illustration of this scenario, refer to the following cases: In this case, the rule containing the non-final action has higher priority in the **Rules** list. When the matching request is made, the non-final action will execute, and then the following demoted rule will be triggered as well. If you add additional rules after the rule that contains final actions, they won't be executed. ![non-final action first scenario](../images/kb/final-actions/non-final-action-first.png) + +## Matching Conditions Specifics + +When creating a matching condition in Fiddler Everywhere, you should consider the following: + +- Fiddler Everywhere will try to match each session before a request is sent to the server (Fiddler receives requests > match > Fiddler forwards the request to the server) and before a response is sent to the client (Fiddler receives response > match > Fiddler forwards the response to the client app) + +- Match conditions will be tested when all the information is available. For example, match conditions that only require data available for the requests are tested before the request is sent to the server. On the contrary, match conditions that depend on a value from the response are tested before returning the response. + +- All rules and their matching conditions are tested in order of appearance from top to bottom. + +- If a rule contains a matching condition related to a response but contains actions related to the request, then the specific action will be executed after the server receives the request, and all changes will be visible in Fiddler Everywhere only. + +- Each rule's matching conditions are tested on the applied changes from the previous rule's executed actions. + +## Rules Execution Specifics + +Multiple rules enable you to create complex logic that mocks, modifies, and tests your upcoming and outgoing traffic. Sometimes, you will also need to create a combination of the above actions. This section highlights some specifics you must consider while executing multiple rules and actions. + +- Each rule will execute independently. + +- No rules can block the execution of other rules. + +- All actions in this rule will be executed once a rule matches (through the set matching conditions). + + >tip An example of the above statement: A rule with matching conditions on the HTTP request and actions on the HTTP response will match before sending the request, and the actions will be applied before returning the response. + +- All actions in a rule are executed in the order of appearance, from top to bottom. Actions can be dragged and dropped to change their execution priority. + + * If a **final** action executes, the rules' processing on these sessions stops immediately. Fiddler won't process and perform any other rules or actions (even in the same rule). + + * If a rule's actions are incorrectly ordered and a response action is before a request action, the request action will be executed after the server receives the request. The changes will be visible in Fiddler only. + + * Actions placed after a final action in one rule will not be executed. diff --git a/modify-and-filter-traffic/filter-traffic.md b/modify-and-filter-traffic/filter-traffic.md index c3dc3fb5..496bba89 100644 --- a/modify-and-filter-traffic/filter-traffic.md +++ b/modify-and-filter-traffic/filter-traffic.md @@ -7,8 +7,6 @@ position: 50 previous_url: /knowledge-base/filter-traffic --- - - # Filtering Traffic Fiddler Everywhere sets itself as the operating system proxy once the [system capturing]({%slug capture-traffic-get-started%}#system-capturing) activates. The application captures and outputs all HTTP/HTTPS/WebSocket traffic from client applications that respect the system proxy. The [**Live Traffic grid**]({%slug web-sessions-list%}#live-traffic-grid) displays the traffic as session entries. @@ -20,7 +18,6 @@ Modern applications often generate hundreds or thousands of requests, polluting - [Using browser or terminal capturing modes](#using-alternative-capturing-modes) - [Bypassing requests to specific domains](#bypassing-the-proxy) - ## Filters The **Filters** option enables you to apply complex filtering solutions, such as creating multiple filtering conditions, combining them with logical operations, saving filters for later reuse, and more. An active [column filter](#column-filters) automatically adds as a condition in your active filter (or in the **Default** filter if no saved filters are active). @@ -77,7 +74,6 @@ The **Filters** option provides a drop-down menu to manage your active and saved ![Filters menu](../images/kb/filters/filters-menu.png) - ## Column Filters Each column (including your own [custom columns]({%slug web-sessions-list%}#creating-custom-columns)) from the [**Live Traffic grid**]({%slug web-sessions-list%}#live-traffic-grid) has its own [filtering submenu]({%slug web-sessions-list%}#filtering-options). A filter condition contains different logical operations (for example, **contains**, **starts with**, **ends with**, **is equal to**, and so on). Each logical operation combines with the filter value, which depends on the column type and can be a string, number, boolean, or predefined value. @@ -88,13 +84,10 @@ A column filter adds a condition to your active filter (from the **Filters** too When you clear a column filter, it automatically deletes its condition from the active filter. If no active filter exists, the column filter removes its condition from the **Default** filter. - - ## Using Alternative Capturing Modes Fiddler Everywhere provides multiple capturing modes, with the system capturing mode being the most "invasive" as it will capture all traffic that goes through the operating system. You can limit the amount of captured traffic by using options like the [independent browser capturing mode]({%slug capture-browser-traffic%}) or the [terminal capturing mode]({%slug capture-terminal-traffic%}). These options ensure only traffic from the sandboxed instances is output in the sessions grid. All additional columns and advanced filters remain applicable. - ## Bypassing the Proxy While bypassing the proxy is not technically related to filtering, requests to specific domains may not go through the Fiddler proxy but directly through the upstream proxy. As a result, these sessions won't pollute your **Live Traffic** grid. You can set a list of domains or URLs to bypass through the [**Connections** menu]({%slug connections-submenu%}), or you can add a root domain or specific subdomain address to the bypass list while using the **Live Traffic** context menu. From 977564361702536606d3212b24cae1d29c8556e8 Mon Sep 17 00:00:00 2001 From: NickIliev Date: Thu, 5 Dec 2024 14:41:03 +0200 Subject: [PATCH 02/12] add note about duplicate and delte options --- modify-and-filter-traffic/conditions-and-actions.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modify-and-filter-traffic/conditions-and-actions.md b/modify-and-filter-traffic/conditions-and-actions.md index 666a36af..a70c6000 100644 --- a/modify-and-filter-traffic/conditions-and-actions.md +++ b/modify-and-filter-traffic/conditions-and-actions.md @@ -231,9 +231,9 @@ For more information, refer to the following list. ## Actions -When Fiddler Everywhere identifies a request that matches the rule's [**conditions**](#conditions), it automatically maps it to the **action** set in the rule. An action field that handles text (string modifier) is case-insensitive by default (you can use the **Aa** button to change them to case-sensitive) and can be auto-completed with suggestions corresponding to the captured sessions. Note that multiple actions will be executed in their numbered order, and action with the final action type will prevent the execution of all subsequent actions. All actions in Fiddler Everywhere can be dragged and dropped to change their execution priority. +When Fiddler Everywhere identifies a request that matches the rule's [**conditions**](#conditions), it automatically maps it to the **action** set in the rule. An action field that handles text (string modifier) is case-insensitive by default (you can use the **Aa** button to change them to case-sensitive) and can be auto-completed with suggestions corresponding to the captured sessions. Note that multiple actions will be executed in their numbered order, and action with the final action type will prevent the execution of all subsequent actions. All actions in Fiddler Everywhere can be dragged and dropped to change their execution priority and each action can be quickly duplicated or deleted (thorugh dedicated buttons). -Apart from returning files or predefined responses, a rule can perform the following specific actions: +Apart from returning files or predefined responses, a rule in Fiddler Everywhere can perform the following specific **actions**: From 56a5adfbb5d930a37314b9d5f86c24fd4f9681d2 Mon Sep 17 00:00:00 2001 From: NickIliev Date: Thu, 5 Dec 2024 15:41:46 +0200 Subject: [PATCH 03/12] imporved actions table --- .../conditions-and-actions.md | 32 ++++++++++++------- 1 file changed, 21 insertions(+), 11 deletions(-) diff --git a/modify-and-filter-traffic/conditions-and-actions.md b/modify-and-filter-traffic/conditions-and-actions.md index a70c6000..8766f09b 100644 --- a/modify-and-filter-traffic/conditions-and-actions.md +++ b/modify-and-filter-traffic/conditions-and-actions.md @@ -189,7 +189,7 @@ For more information, refer to the following list. - + @@ -268,7 +268,7 @@ Apart from returning files or predefined responses, a rule in Fiddler Everywhere - + @@ -336,11 +336,19 @@ Apart from returning files or predefined responses, a rule in Fiddler Everywhere - - + + - + + + + + + + + + @@ -349,7 +357,7 @@ Apart from returning files or predefined responses, a rule in Fiddler Everywhere - + @@ -357,7 +365,7 @@ Apart from returning files or predefined responses, a rule in Fiddler Everywhere - + @@ -365,14 +373,14 @@ Apart from returning files or predefined responses, a rule in Fiddler Everywhere - + - + @@ -388,7 +396,7 @@ Apart from returning files or predefined responses, a rule in Fiddler Everywhere - + @@ -490,7 +498,7 @@ When creating a matching condition in Fiddler Everywhere, you should consider th - Each rule's matching conditions are tested on the applied changes from the previous rule's executed actions. -## Rules Execution Specifics +## Actions and Rules Execution Specifics Multiple rules enable you to create complex logic that mocks, modifies, and tests your upcoming and outgoing traffic. Sometimes, you will also need to create a combination of the above actions. This section highlights some specifics you must consider while executing multiple rules and actions. @@ -509,3 +517,5 @@ Multiple rules enable you to create complex logic that mocks, modifies, and test * If a rule's actions are incorrectly ordered and a response action is before a request action, the request action will be executed after the server receives the request. The changes will be visible in Fiddler only. * Actions placed after a final action in one rule will not be executed. + +- The **Return File**, **Return Manual Response** and **Return Predefined Response** actions do not execute any connection to the server, they immediately set the HTTP response to the specified value. From 5a6495f0610352470188238f7138927492def93e Mon Sep 17 00:00:00 2001 From: NickIliev Date: Thu, 5 Dec 2024 17:24:04 +0200 Subject: [PATCH 04/12] add comment --- modify-and-filter-traffic/conditions-and-actions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modify-and-filter-traffic/conditions-and-actions.md b/modify-and-filter-traffic/conditions-and-actions.md index 8766f09b..0f602a37 100644 --- a/modify-and-filter-traffic/conditions-and-actions.md +++ b/modify-and-filter-traffic/conditions-and-actions.md @@ -380,7 +380,7 @@ Apart from returning files or predefined responses, a rule in Fiddler Everywhere - + From 07a1f5827cf7e7d1cc50448da5adedb9ca80544c Mon Sep 17 00:00:00 2001 From: NickIliev Date: Fri, 6 Dec 2024 09:47:53 +0200 Subject: [PATCH 05/12] docs: improve rules article --- .../conditions-and-actions.md | 44 +++++++++++++------ 1 file changed, 30 insertions(+), 14 deletions(-) diff --git a/modify-and-filter-traffic/conditions-and-actions.md b/modify-and-filter-traffic/conditions-and-actions.md index 0f602a37..f3930c90 100644 --- a/modify-and-filter-traffic/conditions-and-actions.md +++ b/modify-and-filter-traffic/conditions-and-actions.md @@ -448,6 +448,8 @@ Rule actions can be divided into **final** and **non-final** depending on their When you work with final and non-final actions, take into consideration the following insights: +* Final actions prevent the execution of any other actions in the same rule. + * Final actions prevent the execution of any other rule with lower priority (placed lower in the Rules list). * Final actions prevent the execution of any other rule with lower priority (placed lower in the Rules list). @@ -466,23 +468,15 @@ The following table demonstrate what happens when you combine final and non-fina |:-----------------|:----------------| | Only non-final actions | All matching rules have their actions performed and applied | | Only final actions | When a final action triggers, the execution of the rule immediately stops. No other demoted actions or rules will be executed after that. For example,  **Do Not Show** and **Do Not Decrypt** are final actions. | -| Mix of final and non-final Actions | When a final action triggers, the execution of the rule immediately stops. No other demoted actions or rules will be executed after that. For example, the **Do Not Show** action will block the execution of the **Update Response Body** action | - -Note that each rule is prioritized in the **Rules** list and can be demoted and promoted, which will change the execution order. Final rules won't block other active rules that have higher priority the **Rules** list. - -For an illustration of this scenario, refer to the following cases: +| Mix of final and non-final Actions | When a final action triggers, the execution of the rule immediately stops. No other demoted actions or rules will be executed after that (but promoted actions & rules won't be blocked). | -- You have a rule with a final action (for example, the **Close Gracefully** final action). - ![a rule with a final action](../images/kb/final-actions/rule-only-final.png) +When mixing non-final and final actions, note that their behavior also varies depending on the moment of execution. For example, assume you have a promoted **non-final rule A** based on a **response** matching condition. Then, we also have a demoted **final rule B** based on a **request** matching condition. The executing logic will be as follows: - In this case, the rule containing the final action has higher priority in the **Rules** list. When the matching request is made, only the first rule will execute, and other demoted rules (and actions) will not be triggered. - ![final action first scenario](../images/kb/final-actions/final-action-first.png) +1. During the request phase, Fiddler skips the non-final rule A (no match), executes the final rule B, and then stops executing further actions. -- You have a rule with non-final action (for example, the **Mark Session** action). - ![a rule with a non-final action](../images/kb/final-actions/rule-only-non-final.png) +2. During the response phase, Fiddler will execute non-final rule A (as it now matches). Since rule B is final and was already executed, Fiddler will stop executing further actions & rules. - In this case, the rule containing the non-final action has higher priority in the **Rules** list. When the matching request is made, the non-final action will execute, and then the following demoted rule will be triggered as well. If you add additional rules after the rule that contains final actions, they won't be executed. - ![non-final action first scenario](../images/kb/final-actions/non-final-action-first.png) +As a result, the session will bear the action from non-final rule A, even though the final rule B was with lower priority. This is because the final action only blocks the execution of further actions and rules but does not block the execution of actions and rules that come before it. ## Matching Conditions Specifics @@ -494,7 +488,7 @@ When creating a matching condition in Fiddler Everywhere, you should consider th - All rules and their matching conditions are tested in order of appearance from top to bottom. -- If a rule contains a matching condition related to a response but contains actions related to the request, then the specific action will be executed after the server receives the request, and all changes will be visible in Fiddler Everywhere only. +- If a rule contains a matching condition related to a response but contains actions related to the request, then the specific action will be executed after the server receives the request, and all changes will be visible in Fiddler Everywhere only. The user receive a warning wihtin the UI about the above behavior. - Each rule's matching conditions are tested on the applied changes from the previous rule's executed actions. @@ -519,3 +513,25 @@ Multiple rules enable you to create complex logic that mocks, modifies, and test * Actions placed after a final action in one rule will not be executed. - The **Return File**, **Return Manual Response** and **Return Predefined Response** actions do not execute any connection to the server, they immediately set the HTTP response to the specified value. + +- If you execute multiple rules that modify the same thing in the session, the Fiddler will execute both rules in the order they have been set and change the state of the session with each rule action. + +- If you execute rules based on the results of other rules, Fiddler will execute only the first rule. The second, third, etc., will not be executed because the condition they use to test the session has changed, and there will be no match. + +## Rules Order + +Note that each rule is prioritized in the **Rules** list and can be demoted and promoted, which will change the execution order. Final rules won't block other active rules that have higher priority the **Rules** list. + +For an illustration of this scenario, refer to the following cases: + +- You have a rule with a final action (for example, the **Close Gracefully** final action). + ![a rule with a final action](../images/kb/final-actions/rule-only-final.png) + + In this case, the rule containing the final action has higher priority in the **Rules** list. When the matching request is made, only the first rule will execute, and other demoted rules (and actions) will not be triggered. + ![final action first scenario](../images/kb/final-actions/final-action-first.png) + +- You have a rule with non-final action (for example, the **Mark Session** action). + ![a rule with a non-final action](../images/kb/final-actions/rule-only-non-final.png) + + In this case, the rule containing the non-final action has higher priority in the **Rules** list. When the matching request is made, the non-final action will execute, and then the following demoted rule will be triggered as well. If you add additional rules after the rule that contains final actions, they won't be executed. + ![non-final action first scenario](../images/kb/final-actions/non-final-action-first.png) From e34a66646aec3d966971e4334d25a851ec03da74 Mon Sep 17 00:00:00 2001 From: NickIliev Date: Fri, 6 Dec 2024 16:20:00 +0200 Subject: [PATCH 06/12] add note asbout making an action final --- modify-and-filter-traffic/conditions-and-actions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modify-and-filter-traffic/conditions-and-actions.md b/modify-and-filter-traffic/conditions-and-actions.md index f3930c90..8637d62a 100644 --- a/modify-and-filter-traffic/conditions-and-actions.md +++ b/modify-and-filter-traffic/conditions-and-actions.md @@ -444,7 +444,7 @@ Apart from returning files or predefined responses, a rule in Fiddler Everywhere ## Final and Non-Final Actions -Rule actions can be divided into **final** and **non-final** depending on their behavior and whether their presence will allow our actions and rules to be executed. +Rule actions can be divided into **final** and **non-final** depending on their behavior and whether their presence will allow our actions and rules to be executed. By default, some actions are already final (refer to the detailed [actions comparison table](#actions) above). However, each non-final action can be explicitly made final through the dedicated checkbox **"Stop processing more rules"** while creating the action in the rules builder. When you work with final and non-final actions, take into consideration the following insights: From 9221ba69137edd5009c0e0210fc1bae9856f2f5b Mon Sep 17 00:00:00 2001 From: NickIliev Date: Thu, 26 Dec 2024 12:20:33 +0200 Subject: [PATCH 07/12] docs: reporter docs init --- _config.yml | 5 ++++- fiddler-reporter/overview.md | 31 +++++++++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 fiddler-reporter/overview.md diff --git a/_config.yml b/_config.yml index 4947273e..69ae5508 100644 --- a/_config.yml +++ b/_config.yml @@ -54,9 +54,12 @@ navigation: user-guide/settings: title: Settings position: 1 + fiddler-reporter: + title: Fiddler Reporter + position: 100 security: title: Security - position: 100 + position: 110 knowledge-base: title: Knowledge Base position: 1000 diff --git a/fiddler-reporter/overview.md b/fiddler-reporter/overview.md new file mode 100644 index 00000000..be1ad95b --- /dev/null +++ b/fiddler-reporter/overview.md @@ -0,0 +1,31 @@ +--- +title: Fiddler Reporter +description: "Try the free Fiddler Reporter standalone cross-platform desktop tool HTTP-request proxy and use it to capture and export HTTP(S) traffic from any browser, system, or platform ." +slug: fiddler-reporter-overview +publish: true +position: 0 +--- + +# Fiddler Reporter Introduction + +Progress® Telerik® Fiddler Reporter is a cross-platform desktop tool that monitors, and logs all HTTPS traffic, issues requests between a computer and the Internet. It allows you to quickly capture, save and export HTTPS traffic on any machine without the need for exlicit installation. It's free to use and doesn't require Fiddler Everywhere license and as such can be used on any computer including third-party devices, test devices, servers, and any other compatible Windows or macOS device. + +## How Fiddler Reporter Works + +The main purpose of the Fiddler Everywhere Reporter is to serve as an extension tool of the Fiddler Everywhere application that aims to capture traffic on the end user (remote) and share it with a user holding an active license for Fiddler Everywhere. + + Any user can download Fiddler Reporter and start it immediatelly without the need for an explicit installation. Once the tool starts you can choose the prefered capturing mode and capture the targeted HTTPS traffic. Then once the capturing is complete, the Fiddler EReporter tool presents the option to save the captured traffis as a SAZ file (also known as an Fiddler archive). The SAZ archive will contain a snapshot of all captured HTTPS sessions, which , at any point, can be inspected in details and tailored in Fiddler Everywhere. + + ## Download Fiddler Reporter + + You can dowload the latest version of the Fiddler Reporter from the official download link. The tool is free-to-use and doesn't require a Fiddler Everywhere license. + + ## Prerequisites + +- A device with Windows 10 x64 (version 22H2 or newer patch version), Windows 11 x64, or Windows Server 2016 (or newer), or macOS version 11 (or newer). + +- An account with administrative rights to install the Fiddler certificate authority (CA) and to set/unset system proxy. + +## Login and License + +The Fiddler Reporter is a free tool that does not require any login or licenses. \ No newline at end of file From 742468948a137479b11da146f507b16c41d6e3e6 Mon Sep 17 00:00:00 2001 From: NickIliev Date: Thu, 26 Dec 2024 12:52:57 +0200 Subject: [PATCH 08/12] docs: init features page --- fiddler-reporter/features.md | 19 ++++++++++++++++++ fiddler-reporter/overview.md | 37 ++++++++++++++++++++++++++---------- 2 files changed, 46 insertions(+), 10 deletions(-) create mode 100644 fiddler-reporter/features.md diff --git a/fiddler-reporter/features.md b/fiddler-reporter/features.md new file mode 100644 index 00000000..9c9f81ef --- /dev/null +++ b/fiddler-reporter/features.md @@ -0,0 +1,19 @@ +--- +title: Fiddler Reporter Features +description: "Using the different capturing modes in the Fiddler Reporter tool and learning more about the available configuration options." +slug: reporter-features +publish: true +position: 10 +--- + +# Fiddler Reporter Features + +The Fiddler Reporter presents several capturing modes to best fit different environment scenarios. The application also provides options to manually configure the default browser instance, and to explicitly generate, export and install the Fiddler certificate authority (CA) file plus some additional capturing settings. + +## Capturing Modes + +The Fiddler Reporter has four different capturing modes + +## Tools + +## Cinfiguring the Fiddler Certificate \ No newline at end of file diff --git a/fiddler-reporter/overview.md b/fiddler-reporter/overview.md index be1ad95b..2cafdd6d 100644 --- a/fiddler-reporter/overview.md +++ b/fiddler-reporter/overview.md @@ -1,20 +1,14 @@ --- -title: Fiddler Reporter +title: Fiddler Reporter Overview description: "Try the free Fiddler Reporter standalone cross-platform desktop tool HTTP-request proxy and use it to capture and export HTTP(S) traffic from any browser, system, or platform ." slug: fiddler-reporter-overview publish: true position: 0 --- -# Fiddler Reporter Introduction +# Fiddler Reporter -Progress® Telerik® Fiddler Reporter is a cross-platform desktop tool that monitors, and logs all HTTPS traffic, issues requests between a computer and the Internet. It allows you to quickly capture, save and export HTTPS traffic on any machine without the need for exlicit installation. It's free to use and doesn't require Fiddler Everywhere license and as such can be used on any computer including third-party devices, test devices, servers, and any other compatible Windows or macOS device. - -## How Fiddler Reporter Works - -The main purpose of the Fiddler Everywhere Reporter is to serve as an extension tool of the Fiddler Everywhere application that aims to capture traffic on the end user (remote) and share it with a user holding an active license for Fiddler Everywhere. - - Any user can download Fiddler Reporter and start it immediatelly without the need for an explicit installation. Once the tool starts you can choose the prefered capturing mode and capture the targeted HTTPS traffic. Then once the capturing is complete, the Fiddler EReporter tool presents the option to save the captured traffis as a SAZ file (also known as an Fiddler archive). The SAZ archive will contain a snapshot of all captured HTTPS sessions, which , at any point, can be inspected in details and tailored in Fiddler Everywhere. +Progress® Telerik® Fiddler Reporter is a cross-platform desktop tool that monitors, and logs all HTTPS traffic, issues requests between a computer and the Internet. It allows you to quickly capture, save and export HTTPS traffic on any machine without the need for exlicit installation. It's free to use and doesn't require Fiddler Everywhere license and as such can be used on any computer including third-party devices, test devices, servers, and any other compatible Windows or macOS device. The main purpose of the Fiddler Everywhere Reporter is to serve as an extension tool of the Fiddler Everywhere application that aims to capture traffic on the end user (remote) and share it with a user holding an active license for Fiddler Everywhere. ## Download Fiddler Reporter @@ -28,4 +22,27 @@ The main purpose of the Fiddler Everywhere Reporter is to serve as an extension ## Login and License -The Fiddler Reporter is a free tool that does not require any login or licenses. \ No newline at end of file +The Fiddler Reporter is a free tool that does not require any login or licenses. + +## Using Fiddler Reporter + +Any user can download Fiddler Reporter and start it immediatelly without the need for an explicit installation. After the tool loads, you can choose and start the prefered [capturing mode]({%slug reporter-features%}) to log the targeted HTTPS traffic. Once the capturing completes, the Fiddler Reporter tool presents the option to save the captured traffis as a SAZ file (also known as an Fiddler archive). The SAZ archive will contain a snapshot of all captured HTTPS sessions, which, at any point, can be loaded in Fiddler Everywhere. + + Basic usage of the Fiddler Reporter tool: + + - Download the Fiddler Reporter. + + - Start the application by clicking on the downloaded artefact. + + - Click on the **Start Capturing Browser** button. + + >tip The **Start Capturing Browser** is the default option that captures HTTPS traffic from a sandboxed browser instance. Fiddler +Everywhere Reporter starts an independent browser instance (Google Chrome or MS Edge) preconfigured to respect the Fiddler proxy and to trust its certificate authority (CA). If you aim to capture traffic from other client you can use other [capturing modes]({%slug reporter-features%}). + +- Capture the targeted traffic in the sandboxed browser instance opened from the Fiddler Reporter tool. + +- Click on the **Stop Capture** button. + +- Click on the **Save Capture** option and choose location to store your SAZ file. + +That's it! You have now captured, saved and exported the web traffic as Fiddler archive (SAZ). As a next step a licensed Fiddler user can load the SAZ archive in the Fiddler Everywhere desktop application where the traffic can be inspected, analyzed, replayed, and modified as per your needs. \ No newline at end of file From 51eb15c45fd7f601c2058e91ca1e5510afc7a1d2 Mon Sep 17 00:00:00 2001 From: NickIliev Date: Thu, 26 Dec 2024 13:08:34 +0200 Subject: [PATCH 09/12] docs: content --- fiddler-reporter/features.md | 47 +++++++++++++++++++++++++++++++++--- fiddler-reporter/overview.md | 18 +++++++------- 2 files changed, 53 insertions(+), 12 deletions(-) diff --git a/fiddler-reporter/features.md b/fiddler-reporter/features.md index 9c9f81ef..a1a59e9d 100644 --- a/fiddler-reporter/features.md +++ b/fiddler-reporter/features.md @@ -8,12 +8,53 @@ position: 10 # Fiddler Reporter Features -The Fiddler Reporter presents several capturing modes to best fit different environment scenarios. The application also provides options to manually configure the default browser instance, and to explicitly generate, export and install the Fiddler certificate authority (CA) file plus some additional capturing settings. +The Fiddler Reporter presents several capturing modes to best fit different environment scenarios. The application also provides options to manually configure the default browser instance, explicitly generate export, and install the Fiddler certificate authority (CA) file, plus some additional capturing settings. ## Capturing Modes -The Fiddler Reporter has four different capturing modes +The Fiddler Reporter has four different capturing modes, which you can use depending on your needs and environment. The options are as follows: + +- Capturing Browser - this option corresponds to the browser capturing mode. It captures traffic from a sandboxed browser instance. + +- Capturing Everything - this option corresponds to the terminal capturing mode. It captures traffic from a sandboxed terminal instance. + +- Capturing Terminal - this option corresponds to the system capturing mode. It sets the Fiddler Reporter proxy as the operating system upstream proxy. This option requires the explicit instalation and trust of the Fiddler certificate authroity file. + +- Manual Setup (Advanced)- this option corresponds to the explicit capturing mode. You can use this option to configure a specific client application alongside the Fiddler Reporter proxy address and port. This option requires the explicit installation and trust of the Fiddler certificate authority file. + +### Capturing Browser Option + +The **Start Browser Capturing** is the default option that allows traffic to be captured from a sandboxed browser instance. As a result, Fiddler Reporter starts an independent browser instance preconfigured to respect the Fiddler proxy and +to trust its Root Certificate Authority (CA). The HTTPS traffic generated will appear in Fiddler Everywhere +Reporter. Currently, the tool supports independent browser capturing only for Chrome and Edge browsers. If +both exist on the machine, Chrome will be opened by default. Currently, there is no way to configure the +launch of Edge if both are on the machine. If the user has not installed Chrome or Edge, +the tool will display an error message that the browser option can’t be started. +Note - users on Mac need to manually quit the browser instance from the dock even after the Fiddler Reporter tool is closed. + +### Capturing Everything Option + +The **Capturing Everything** option will log all HTTP, HTTPS, WebSocket, SSE, and gRPC traffic between the +computer and the Internet. It works by setting the system proxy and capturing all incoming and outgoing +traffic from any application that supports a proxy - browsers, desktop applications, CLI tools, etc. This +option requires installing and trusting the operating system's Fiddler Root Certificate Authority (CA). + +### Capturing Terminal Option + +The **Capturing Terminal** option will launch a new, clean terminal instance and route traffic only from this +instance through Fiddler Everywhere Reporter. It will open PowerShell on Windows and the default Terminal +on Mac. The option currently supports capturing traffic from cURL, Node.js, and Python out of the box. If you +need to capture traffic from .NET applications, it is required to install and trust the Fiddler Root manually +Certificate Authority (these options can be found in the Tools menu). The terminal capturing mode allows +the proxy to be used in a sandboxed environment without changing the global OS proxy settings. + +### Manual Setup Option + +When this mode is selected, Fiddler Everywhere Reporter will start listening on the port printed next to the +“Details” label. The address can be copied and used to specify the proxy registry setting of your application and +manually configure it to send incoming and outgoing traffic to Fiddler Everywhere Reporter. In addition, the +Fiddler Root Certificate must be trusted from the Tools menu or manually exported and trusted. ## Tools -## Cinfiguring the Fiddler Certificate \ No newline at end of file +## Configuring the Fiddler Certificate \ No newline at end of file diff --git a/fiddler-reporter/overview.md b/fiddler-reporter/overview.md index 2cafdd6d..7c4a8c0f 100644 --- a/fiddler-reporter/overview.md +++ b/fiddler-reporter/overview.md @@ -8,41 +8,41 @@ position: 0 # Fiddler Reporter -Progress® Telerik® Fiddler Reporter is a cross-platform desktop tool that monitors, and logs all HTTPS traffic, issues requests between a computer and the Internet. It allows you to quickly capture, save and export HTTPS traffic on any machine without the need for exlicit installation. It's free to use and doesn't require Fiddler Everywhere license and as such can be used on any computer including third-party devices, test devices, servers, and any other compatible Windows or macOS device. The main purpose of the Fiddler Everywhere Reporter is to serve as an extension tool of the Fiddler Everywhere application that aims to capture traffic on the end user (remote) and share it with a user holding an active license for Fiddler Everywhere. +Progress® Telerik® Fiddler Reporter is a cross-platform desktop tool that monitors and logs all HTTPS traffic and issues requests between a computer and the Internet. It lets you quickly capture, save, and export HTTPS traffic on any machine without explicit installation. It's free to use and doesn't require a Fiddler Everywhere license. As such, it can be used on any computer, including third-party devices, test devices, servers, and any other compatible Windows or macOS device. The primary purpose of the Fiddler Everywhere Reporter is to serve as an extension tool of the Fiddler Everywhere application that aims to capture traffic on the end user (remote) and share it with a user holding an active license for Fiddler Everywhere. ## Download Fiddler Reporter - You can dowload the latest version of the Fiddler Reporter from the official download link. The tool is free-to-use and doesn't require a Fiddler Everywhere license. + The latest version of the Fiddler Reporter can be downloaded from the official download link. The tool is free to use and doesn't require a Fiddler Everywhere license. ## Prerequisites -- A device with Windows 10 x64 (version 22H2 or newer patch version), Windows 11 x64, or Windows Server 2016 (or newer), or macOS version 11 (or newer). +- A device with Windows 10 x64 (version 22H2 or newer patch version), Windows 11 x64, Windows Server 2016 (or newer), or macOS version 11 (or newer). - An account with administrative rights to install the Fiddler certificate authority (CA) and to set/unset system proxy. ## Login and License -The Fiddler Reporter is a free tool that does not require any login or licenses. +The Fiddler Reporter is a free tool that requires no login or licenses. ## Using Fiddler Reporter -Any user can download Fiddler Reporter and start it immediatelly without the need for an explicit installation. After the tool loads, you can choose and start the prefered [capturing mode]({%slug reporter-features%}) to log the targeted HTTPS traffic. Once the capturing completes, the Fiddler Reporter tool presents the option to save the captured traffis as a SAZ file (also known as an Fiddler archive). The SAZ archive will contain a snapshot of all captured HTTPS sessions, which, at any point, can be loaded in Fiddler Everywhere. +Any user can download Fiddler Reporter and start it immediately without an explicit installation. After the tool loads, you can choose and start the preferred [capturing mode]({%slug reporter-features%}) to log the targeted HTTPS traffic. Once the capture is complete, the Fiddler Reporter tool presents the option to save the captured traffic as an SAZ file (also known as a Fiddler archive). The SAZ archive will contain a snapshot of all captured HTTPS sessions, which, at any point, can be loaded in Fiddler Everywhere. Basic usage of the Fiddler Reporter tool: - Download the Fiddler Reporter. - - Start the application by clicking on the downloaded artefact. + - Start the application by clicking on the downloaded artifact. - Click on the **Start Capturing Browser** button. >tip The **Start Capturing Browser** is the default option that captures HTTPS traffic from a sandboxed browser instance. Fiddler -Everywhere Reporter starts an independent browser instance (Google Chrome or MS Edge) preconfigured to respect the Fiddler proxy and to trust its certificate authority (CA). If you aim to capture traffic from other client you can use other [capturing modes]({%slug reporter-features%}). +Everywhere, the reporter starts an independent browser instance (Google Chrome or MS Edge) that is preconfigured to respect the Fiddler proxy and trust its certificate authority (CA). If you aim to capture traffic from another client, you can use other [capturing modes]({%slug reporter-features%}). - Capture the targeted traffic in the sandboxed browser instance opened from the Fiddler Reporter tool. - Click on the **Stop Capture** button. -- Click on the **Save Capture** option and choose location to store your SAZ file. +Click on the **Save Capture** option, set a password, and choose a location to store your SAZ file. -That's it! You have now captured, saved and exported the web traffic as Fiddler archive (SAZ). As a next step a licensed Fiddler user can load the SAZ archive in the Fiddler Everywhere desktop application where the traffic can be inspected, analyzed, replayed, and modified as per your needs. \ No newline at end of file +That's it! You have now captured, saved, and exported the web traffic as a Fiddler archive (SAZ). As a next step, a licensed Fiddler user can load the SAZ archive in the Fiddler Everywhere desktop application, where the traffic can be inspected, analyzed, replayed, and modified according to your needs. \ No newline at end of file From 635651ff3a57c02891110ba79daa854d9ae556ee Mon Sep 17 00:00:00 2001 From: NickIliev Date: Thu, 26 Dec 2024 14:11:53 +0200 Subject: [PATCH 10/12] docs: adding content + markdown improvments --- fiddler-reporter/features.md | 86 ++++++++++++++++++++++++++++++++---- fiddler-reporter/overview.md | 27 ++++++----- 2 files changed, 90 insertions(+), 23 deletions(-) diff --git a/fiddler-reporter/features.md b/fiddler-reporter/features.md index a1a59e9d..14994fd6 100644 --- a/fiddler-reporter/features.md +++ b/fiddler-reporter/features.md @@ -1,5 +1,5 @@ --- -title: Fiddler Reporter Features +title: Features description: "Using the different capturing modes in the Fiddler Reporter tool and learning more about the available configuration options." slug: reporter-features publish: true @@ -8,19 +8,19 @@ position: 10 # Fiddler Reporter Features -The Fiddler Reporter presents several capturing modes to best fit different environment scenarios. The application also provides options to manually configure the default browser instance, explicitly generate export, and install the Fiddler certificate authority (CA) file, plus some additional capturing settings. +The Fiddler Reporter presents several capturing modes to best suit different environment scenarios. The application also provides options to configure the default browser instance, control the Fiddler certificate authority (CA) file installation, and set some additional capturing settings. ## Capturing Modes The Fiddler Reporter has four different capturing modes, which you can use depending on your needs and environment. The options are as follows: -- Capturing Browser - this option corresponds to the browser capturing mode. It captures traffic from a sandboxed browser instance. +- [**Start Capturing Browser**](#capturing-browser-option) - this option in Reporter corresponds to the browser capturing mode in Fiddler Everywhere. It captures traffic from a sandboxed browser instance. -- Capturing Everything - this option corresponds to the terminal capturing mode. It captures traffic from a sandboxed terminal instance. +- [**Start Capturing Everything**](#capturing-everything-option) - this option corresponds to the terminal capturing mode. It captures traffic from a sandboxed terminal instance. -- Capturing Terminal - this option corresponds to the system capturing mode. It sets the Fiddler Reporter proxy as the operating system upstream proxy. This option requires the explicit instalation and trust of the Fiddler certificate authroity file. +- [**Start Capturing Terminal**](#capturing-terminal-option) - this option corresponds to the system capturing mode. It sets the Fiddler Reporter proxy as the operating system upstream proxy. This option requires the explicit instalation and trust of the Fiddler certificate authroity file. -- Manual Setup (Advanced)- this option corresponds to the explicit capturing mode. You can use this option to configure a specific client application alongside the Fiddler Reporter proxy address and port. This option requires the explicit installation and trust of the Fiddler certificate authority file. +- [**Manual Setup (Advanced)**](#manual-setup-option) - this option corresponds to the explicit capturing mode. You can use this option to configure a specific client application alongside the Fiddler Reporter proxy address and port. This option requires the explicit installation and trust of the Fiddler certificate authority file. ### Capturing Browser Option @@ -32,22 +32,60 @@ launch of Edge if both are on the machine. If the user has not installed Chrome the tool will display an error message that the browser option can’t be started. Note - users on Mac need to manually quit the browser instance from the dock even after the Fiddler Reporter tool is closed. +Use the browser option as follows: + +1. Start the Fiddler Reporter application. + +1. Click on the **Start Capturing Browser** button. + +1. Capture the targeted traffic in the sandboxed browser instance opened from the Fiddler Reporter tool. + +1. Click on the **Stop Capture** button. + +1. Click the **Save Capture** option, set a password, and choose a location to store your SAZ file. + ### Capturing Everything Option -The **Capturing Everything** option will log all HTTP, HTTPS, WebSocket, SSE, and gRPC traffic between the +The **Start Capturing Everything** option will log all HTTP, HTTPS, WebSocket, SSE, and gRPC traffic between the computer and the Internet. It works by setting the system proxy and capturing all incoming and outgoing traffic from any application that supports a proxy - browsers, desktop applications, CLI tools, etc. This option requires installing and trusting the operating system's Fiddler Root Certificate Authority (CA). +Use the capture everything option as follows: + +1. Start the Fiddler Reporter application. + +1. Click the **Start Capturing Everything** button (available through a drop-down). + + >warning If that is your first time using this mode, then you will need to export and install the Fiddler certificate authority file explicitly while using the **Certificate > Trust Root Certificate** option or by manualy exporting and installing the Fiddler CA. + +1. Capture the targeted traffic from the targeted client application. + +1. Click on the **Stop Capture** button. + +1. Click the **Save Capture** option, set a password, and choose a location to store your SAZ file. + ### Capturing Terminal Option -The **Capturing Terminal** option will launch a new, clean terminal instance and route traffic only from this +The **Start Capturing Terminal** option will launch a new, clean terminal instance and route traffic only from this instance through Fiddler Everywhere Reporter. It will open PowerShell on Windows and the default Terminal on Mac. The option currently supports capturing traffic from cURL, Node.js, and Python out of the box. If you need to capture traffic from .NET applications, it is required to install and trust the Fiddler Root manually Certificate Authority (these options can be found in the Tools menu). The terminal capturing mode allows the proxy to be used in a sandboxed environment without changing the global OS proxy settings. +Use the capturing terminal option as follows: + +1. Start the Fiddler Reporter application. + +1. Click on the **Start Capturing Terminal** button. + +1. Capture the targeted traffic in the sandboxed terminal instance opened from the Fiddler Reporter tool. + +1. Click on the **Stop Capture** button. + +1. Click on the **Save Capture** option, set a password, and choose a location to store your SAZ file. + ### Manual Setup Option When this mode is selected, Fiddler Everywhere Reporter will start listening on the port printed next to the @@ -55,6 +93,36 @@ When this mode is selected, Fiddler Everywhere Reporter will start listening on manually configure it to send incoming and outgoing traffic to Fiddler Everywhere Reporter. In addition, the Fiddler Root Certificate must be trusted from the Tools menu or manually exported and trusted. +Use the manual setup option as follows: + +1. Configure your client application to use the Fiddler proxy address (127.0.0.1), port (8877). + +1. To capture and decrypt secure traffic (HTTPS), export and install the Fiddler CA within your client applicaiton. + +1. Start the Fiddler Reporter application. + +1. Click on the **Manual Setup (Advanced)** button. + +1. Capture the targeted traffic from your client application. Note that at this point, the application should already respect the Fiddler Reporter proxy address, port and certificate. + +1. Click on the **Stop Capture** button. + +1. Click on the **Save Capture** option, set a password, and choose a location to store your SAZ file. + ## Tools -## Configuring the Fiddler Certificate \ No newline at end of file +Use the **Tools** section within the application menu to set the default browser (for the [**Start Capturing Browser**](#capturing-browser-option)option) and to explicitly allow remote devices to connect. + +- **Default Browser** - Allows you to set the default browser which Fiddler Reporter should use to createa a sandboxed browser instance. Currently, the supported browsers are Google Chrome and Microsoft Edge. +- **Allow Remote Devices to Connect** - Controls whether inbound connections to Fiddler Reporter are allowed. Enable this option to capture traffic from remote devices. Behind the scenes, the option opens (or closes) the Fiddler Reporter port for inbound connections on the host machine. + +## Configuring the Fiddler Certificate + +Use the **Certificate** section within the application menu to generate trust, export, reset, and remove the Fiddler certificate authority (CA) or ignore server certificate errors. The options are as follows: + +- **Trust Root Certificate** - Installs and trusts the Fiddler root certificate authority (CA) in the **user store** of the operating system certificate manager. +- **Export Root Certificate** - Exports the Fiddler Reporter CA on your `Desktop` folder. The format varies depending on the operating system. +- **Remove Certificate** - Removes the currently trusted CA from the OS certificate store. +- **Reset Root Certificate** - Removes the currently trusted CA, generates a new one, and trusts it. +- **Ignore Server Certificate Errors (unsafe)** - Configure Fiddler Reporter to ignore all server certificate errors automatically. + diff --git a/fiddler-reporter/overview.md b/fiddler-reporter/overview.md index 7c4a8c0f..b850b91a 100644 --- a/fiddler-reporter/overview.md +++ b/fiddler-reporter/overview.md @@ -1,6 +1,6 @@ --- -title: Fiddler Reporter Overview -description: "Try the free Fiddler Reporter standalone cross-platform desktop tool HTTP-request proxy and use it to capture and export HTTP(S) traffic from any browser, system, or platform ." +title: Overview +description: "Try the free Fiddler Reporter standalone cross-platform desktop tool HTTP-request proxy and use it to capture and export HTTP(S) traffic from any browser, system, or platform." slug: fiddler-reporter-overview publish: true position: 0 @@ -10,11 +10,11 @@ position: 0 Progress® Telerik® Fiddler Reporter is a cross-platform desktop tool that monitors and logs all HTTPS traffic and issues requests between a computer and the Internet. It lets you quickly capture, save, and export HTTPS traffic on any machine without explicit installation. It's free to use and doesn't require a Fiddler Everywhere license. As such, it can be used on any computer, including third-party devices, test devices, servers, and any other compatible Windows or macOS device. The primary purpose of the Fiddler Everywhere Reporter is to serve as an extension tool of the Fiddler Everywhere application that aims to capture traffic on the end user (remote) and share it with a user holding an active license for Fiddler Everywhere. - ## Download Fiddler Reporter +## Download Fiddler Reporter - The latest version of the Fiddler Reporter can be downloaded from the official download link. The tool is free to use and doesn't require a Fiddler Everywhere license. +The latest version of the Fiddler Reporter can be downloaded from the official download link. The tool is free to use and doesn't require a Fiddler Everywhere license. - ## Prerequisites +## Prerequisites - A device with Windows 10 x64 (version 22H2 or newer patch version), Windows 11 x64, Windows Server 2016 (or newer), or macOS version 11 (or newer). @@ -28,21 +28,20 @@ The Fiddler Reporter is a free tool that requires no login or licenses. Any user can download Fiddler Reporter and start it immediately without an explicit installation. After the tool loads, you can choose and start the preferred [capturing mode]({%slug reporter-features%}) to log the targeted HTTPS traffic. Once the capture is complete, the Fiddler Reporter tool presents the option to save the captured traffic as an SAZ file (also known as a Fiddler archive). The SAZ archive will contain a snapshot of all captured HTTPS sessions, which, at any point, can be loaded in Fiddler Everywhere. - Basic usage of the Fiddler Reporter tool: +Example for basic usage of the Fiddler Reporter application: - - Download the Fiddler Reporter. +1. Download the Fiddler Reporter. - - Start the application by clicking on the downloaded artifact. +1. Start the application by clicking on the downloaded artifact. - - Click on the **Start Capturing Browser** button. +1. Click on the **Start Capturing Browser** button. - >tip The **Start Capturing Browser** is the default option that captures HTTPS traffic from a sandboxed browser instance. Fiddler -Everywhere, the reporter starts an independent browser instance (Google Chrome or MS Edge) that is preconfigured to respect the Fiddler proxy and trust its certificate authority (CA). If you aim to capture traffic from another client, you can use other [capturing modes]({%slug reporter-features%}). + >tip The **Start Capturing Browser** is the default option that captures HTTPS traffic from a sandboxed browser instance. The reporter starts an independent browser instance (Google Chrome or MS Edge) that is preconfigured to respect the Fiddler proxy and trust its certificate authority (CA). If you aim to capture traffic from another client, you can use other [capturing modes]({%slug reporter-features%}). -- Capture the targeted traffic in the sandboxed browser instance opened from the Fiddler Reporter tool. +1. Capture the targeted traffic in the sandboxed browser instance opened from the Fiddler Reporter tool. -- Click on the **Stop Capture** button. +1. Click on the **Stop Capture** button. -Click on the **Save Capture** option, set a password, and choose a location to store your SAZ file. +1. Click on the **Save Capture** option, set a password, and choose a location to store your SAZ file. That's it! You have now captured, saved, and exported the web traffic as a Fiddler archive (SAZ). As a next step, a licensed Fiddler user can load the SAZ archive in the Fiddler Everywhere desktop application, where the traffic can be inspected, analyzed, replayed, and modified according to your needs. \ No newline at end of file From 585b78bd0c7984655ad8fb285bf1bfe146c10d28 Mon Sep 17 00:00:00 2001 From: NickIliev Date: Thu, 26 Dec 2024 14:20:16 +0200 Subject: [PATCH 11/12] docs: add slug' --- fiddler-reporter/features.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fiddler-reporter/features.md b/fiddler-reporter/features.md index 14994fd6..669b81fc 100644 --- a/fiddler-reporter/features.md +++ b/fiddler-reporter/features.md @@ -57,7 +57,7 @@ Use the capture everything option as follows: 1. Click the **Start Capturing Everything** button (available through a drop-down). - >warning If that is your first time using this mode, then you will need to export and install the Fiddler certificate authority file explicitly while using the **Certificate > Trust Root Certificate** option or by manualy exporting and installing the Fiddler CA. + >warning If that is your first time using this mode, then you will need to export and install the Fiddler certificate authority file explicitly while using [the **Certificate > Trust Root Certificate** option](#configuring-the-fiddler-certificate) or by manualy exporting and installing the Fiddler CA. 1. Capture the targeted traffic from the targeted client application. From a050ad77f6581330a5cd6efc5b6dc5f9fedcd58e Mon Sep 17 00:00:00 2001 From: Nikolay Iliev Date: Thu, 16 Jan 2025 09:58:10 +0200 Subject: [PATCH 12/12] docs: address review comments --- fiddler-reporter/features.md | 17 +++++++---------- fiddler-reporter/overview.md | 4 ++-- .../conditions-and-actions.md | 4 +--- 3 files changed, 10 insertions(+), 15 deletions(-) diff --git a/fiddler-reporter/features.md b/fiddler-reporter/features.md index 669b81fc..9466cdd7 100644 --- a/fiddler-reporter/features.md +++ b/fiddler-reporter/features.md @@ -16,9 +16,9 @@ The Fiddler Reporter has four different capturing modes, which you can use depen - [**Start Capturing Browser**](#capturing-browser-option) - this option in Reporter corresponds to the browser capturing mode in Fiddler Everywhere. It captures traffic from a sandboxed browser instance. -- [**Start Capturing Everything**](#capturing-everything-option) - this option corresponds to the terminal capturing mode. It captures traffic from a sandboxed terminal instance. +- [**Start Capturing Everything**](#capturing-everything-option) - this option corresponds to the system capturing mode. It sets the Fiddler Reporter proxy as the operating system upstream proxy. This option requires the explicit instalation and trust of the Fiddler certificate authroity file. -- [**Start Capturing Terminal**](#capturing-terminal-option) - this option corresponds to the system capturing mode. It sets the Fiddler Reporter proxy as the operating system upstream proxy. This option requires the explicit instalation and trust of the Fiddler certificate authroity file. +- [**Start Capturing Terminal**](#capturing-terminal-option) - this option corresponds to the terminal capturing mode. It captures traffic from a sandboxed terminal instance. - [**Manual Setup (Advanced)**](#manual-setup-option) - this option corresponds to the explicit capturing mode. You can use this option to configure a specific client application alongside the Fiddler Reporter proxy address and port. This option requires the explicit installation and trust of the Fiddler certificate authority file. @@ -27,10 +27,7 @@ The Fiddler Reporter has four different capturing modes, which you can use depen The **Start Browser Capturing** is the default option that allows traffic to be captured from a sandboxed browser instance. As a result, Fiddler Reporter starts an independent browser instance preconfigured to respect the Fiddler proxy and to trust its Root Certificate Authority (CA). The HTTPS traffic generated will appear in Fiddler Everywhere Reporter. Currently, the tool supports independent browser capturing only for Chrome and Edge browsers. If -both exist on the machine, Chrome will be opened by default. Currently, there is no way to configure the -launch of Edge if both are on the machine. If the user has not installed Chrome or Edge, -the tool will display an error message that the browser option can’t be started. -Note - users on Mac need to manually quit the browser instance from the dock even after the Fiddler Reporter tool is closed. +both exist on the machine, Chrome will be opened by default. MacOS users need to manually quit the browser instance from the dock even after the Fiddler Reporter tool is closed. Use the browser option as follows: @@ -70,8 +67,8 @@ Use the capture everything option as follows: The **Start Capturing Terminal** option will launch a new, clean terminal instance and route traffic only from this instance through Fiddler Everywhere Reporter. It will open PowerShell on Windows and the default Terminal on Mac. The option currently supports capturing traffic from cURL, Node.js, and Python out of the box. If you -need to capture traffic from .NET applications, it is required to install and trust the Fiddler Root manually -Certificate Authority (these options can be found in the Tools menu). The terminal capturing mode allows +need to capture traffic from .NET applications, it is required to install and trust the Fiddler Root +Certificate Authority manually (these options can be found in the Tools menu). The terminal capturing mode allows the proxy to be used in a sandboxed environment without changing the global OS proxy settings. Use the capturing terminal option as follows: @@ -111,14 +108,14 @@ Use the manual setup option as follows: ## Tools -Use the **Tools** section within the application menu to set the default browser (for the [**Start Capturing Browser**](#capturing-browser-option)option) and to explicitly allow remote devices to connect. +Use the **Tools** section within the application menu to set the default browser (for the [**Start Capturing Browser**](#capturing-browser-option) option) and to explicitly allow remote devices to connect. - **Default Browser** - Allows you to set the default browser which Fiddler Reporter should use to createa a sandboxed browser instance. Currently, the supported browsers are Google Chrome and Microsoft Edge. - **Allow Remote Devices to Connect** - Controls whether inbound connections to Fiddler Reporter are allowed. Enable this option to capture traffic from remote devices. Behind the scenes, the option opens (or closes) the Fiddler Reporter port for inbound connections on the host machine. ## Configuring the Fiddler Certificate -Use the **Certificate** section within the application menu to generate trust, export, reset, and remove the Fiddler certificate authority (CA) or ignore server certificate errors. The options are as follows: +Use the **Certificate** section within the application menu to trust, export, reset, and remove the Fiddler certificate authority (CA) or ignore server certificate errors. The options are as follows: - **Trust Root Certificate** - Installs and trusts the Fiddler root certificate authority (CA) in the **user store** of the operating system certificate manager. - **Export Root Certificate** - Exports the Fiddler Reporter CA on your `Desktop` folder. The format varies depending on the operating system. diff --git a/fiddler-reporter/overview.md b/fiddler-reporter/overview.md index b850b91a..4898de5d 100644 --- a/fiddler-reporter/overview.md +++ b/fiddler-reporter/overview.md @@ -12,13 +12,13 @@ Progress® Telerik® Fiddler Reporter is a cross-platform desktop tool that moni ## Download Fiddler Reporter -The latest version of the Fiddler Reporter can be downloaded from the official download link. The tool is free to use and doesn't require a Fiddler Everywhere license. +The latest version of the Fiddler Reporter can be downloaded from the [official download link](https://www.telerik.com/download/fiddler-everywhere-reporter). The tool is free to use and doesn't require a Fiddler Everywhere license. ## Prerequisites - A device with Windows 10 x64 (version 22H2 or newer patch version), Windows 11 x64, Windows Server 2016 (or newer), or macOS version 11 (or newer). -- An account with administrative rights to install the Fiddler certificate authority (CA) and to set/unset system proxy. +- To use the **Start Capturing Everything**, the app must start from an account with administrative rights to install the Fiddler certificate authority (CA) and set/unset the operating system proxy. ## Login and License diff --git a/modify-and-filter-traffic/conditions-and-actions.md b/modify-and-filter-traffic/conditions-and-actions.md index 8637d62a..bd844472 100644 --- a/modify-and-filter-traffic/conditions-and-actions.md +++ b/modify-and-filter-traffic/conditions-and-actions.md @@ -452,8 +452,6 @@ When you work with final and non-final actions, take into consideration the foll * Final actions prevent the execution of any other rule with lower priority (placed lower in the Rules list). -* Final actions prevent the execution of any other rule with lower priority (placed lower in the Rules list). - * Final actions are valid (as final) only when the rule matches an HTTP(S) session. * If a session matches with conditions that depend on its response (for example, a response body contains "HTML"), then any final action in any rule that matches the session will be ignored. The reason for this behavior is that final actions replace the response. By design, Fiddler is not intended to replace a response that was already received and matched conditions in a rule. @@ -488,7 +486,7 @@ When creating a matching condition in Fiddler Everywhere, you should consider th - All rules and their matching conditions are tested in order of appearance from top to bottom. -- If a rule contains a matching condition related to a response but contains actions related to the request, then the specific action will be executed after the server receives the request, and all changes will be visible in Fiddler Everywhere only. The user receive a warning wihtin the UI about the above behavior. +- If a rule contains a matching condition related to a response but contains actions related to the request, then the specific action will be executed after the server receives the request, and all changes will be visible in Fiddler Everywhere only. The user receives a warning within the UI about the above behavior. - Each rule's matching conditions are tested on the applied changes from the previous rule's executed actions.
Field name String modifiers Search valueMatches sessions with specific keyword in the explicitly mentioned certificate field.Matches HTTP responses with specific keyword in the explicitly mentioned certificate field.
TLS VersionValue modifiers New value n/aUses the selected value modifier and the new value to update the current URL.Uses the selected value modifier and the new value to update the current URL. Does not work for CONNECT requests Non-final
Non-final
Set BreakpointBefore Sending a Request or Before Sending a ResponseSet Request BreakpointBefore Sending a Request> n/a n/aPauses the session before the sending request (to the server) or response (to the client). The action works only for newly established connections.Pauses the session before the sending request from Fiddler to the targeted server. The action works only for newly established connections.Non-final.
Set Response BreakpointBefore Sending a Requestn/an/aPauses the session before the sending the response from Fiddler to the client application. The action works only for newly established connections. Non-final.
n/a n/a Returns the picked response file.Non-finalFinal
Return Manual Responsen/a n/a Returns the manually created response.Non-finalFinal
Return Predefined Responsen/a n/a Returns the selected predefined response.Non-finalFinal
Return CONNECT Tunnel n/a n/a n/aThis action should be used when you wish to test a URL, which will not be resolved by your DNS Server. The option is also reffered as "Accept all CONNECTs"This action should be used when you wish to test a URL, which will not be resolved by your DNS Server. The option is also reffered as "Accept all CONNECTs". Incompatible with sessions snapshots (saved traffic). Final
n/a n/a n/aSkips decryption for a matched session and shows only CONNECT tunnels. Only conditions for Host, URL, Process, Client IP, HTTP Version, and Remote IP can be used. The action works only for newly established connections.Skips decryption for a matched session and shows only CONNECT tunnels. Compatible with the following conditions: All Sessions, URL, Host, Scheme, Client IP, Process. The action works only for newly established connections. Final
n/a n/a n/aThis action should be used when you wish to test a URL, which will not be resolved by your DNS Server. The option is also reffered as "Accept all CONNECTs". Incompatible with sessions snapshots (saved traffic).This action should be used when you wish to test a URL, which will not be resolved by your DNS Server. The option is also reffered as "Accept all CONNECTs". This action is incompatible with sessions snapshots (saved traffic). Final