I am running Windows 11 Home addition and a friend of mine is running Windows 10 Pro. When I installed Fiddler Classic on my computer I was able to start monitoring API traffic with a couple setting changes. Once I did that, everything worked fine including being able to go to various websites.
My friend installed the same version of Fiddler on his computer and immediately had issues going to websites. I gave him all of my settings and he never could see the API traffic. He did get a message indicating that "Do_Not_Trust Certificate was the cause of this.
Why would Fiddler work on my computer and not his? I did not think that installing a certificate would cause this issue. I would really appreciate any information that would help get Fiddler working for him
Thanks
Charles
1 Answer, 1 is accepted
Hi Charles,
There are several reasons why Fiddler might not be capturing traffic on a specific device. Some potential factors include:
- Being blocked by a firewall or other security tools, such as antivirus software or zero-trust tools.
- Restrictions imposed by administrative policies.
- Incompatibility with the VPN tool being used.
- Failure to install the Fiddler certificate authority (CA) correctly; this is the CA file referred to as "DO_NOT_TRUST_FiddlerRoot."
- Incorrect proxy configuration.
To better diagnose the issue, it would be helpful for your friend to share a screenshot of their Fiddler settings and provide more details about his network configuration (by addressing the points above). He can also elaborate more about the received message regarding the Fiddler certificate. Specifically, it would be useful to know which application prompted that message in the first place and what exactly the message warning about.
Your friend can also try the new Fiddler Everywhere, which supports newer protocols, has an improved UI, and has easier configuration steps. It also supports more capturing modes than the Fiddler Classic application.
Regards,
Nick Iliev
Progress Telerik
Love the Telerik and Kendo UI products and believe more people should try them? Invite a fellow developer to become a Progress customer and each of you can get a $50 Amazon gift voucher.
Rank 1
Nick,
I know that you do not provide support for Classic but I'm hoping you will help me. The reason I am using Fiddler is to monitor API calls from an application called RootsMagic 10. This is a genealogy software that allows you to have a private ancestry tree while sharing it with trees online. The issue I have been having is that synchronization does not always work 100% and I am trying to understand what is going on. For that reason, I am running Fiddler every time I use RootsMagic.
Here is what I know, but don't understand:
1. I need to start Fiddler before I launch RootsMagic, otherwise I don't see the traffic. In order to sync my tree, I need to login to Ancestry.com and Family Search.
2. As long as I keep Fiddler open, I have no issues but if I close Fiddler I am denied access to the sites.
3. When I go to other secured sites, I am asked to verify I am human. There are some sites that I cannot access.
I have figured a lot out with Fiddler and find it very useful. It would be appreciated if you could help me understand the 3 items as I would like to know if this is typical or if I need to do some additional configurations. I am a network engineer with an understanding of certificates, API calls and diagnostic software. When I first saw Fiddler I thought it was just a passive tool, but it seems to be much more than that.
Thanks
Charles
Hi Charles,
Fiddler sets up a system proxy on the machine when you enable traffic capture in the application. In order for Fiddler to capture traffic from other applications, they need to read and respect the proxy settings. Browsers do this constantly so the moment you start Fiddler, browser traffic should appear in the sessions list. Some applications do not respect the system proxy settings at all or need special configuration to be done manually in order to set these proxy settings. Other applications just read the proxy settings on startup and do not monitor for changes later. In these cases you must ensure that Fiddler is running with capturing enabled before you open the other applications. I am not sure what the case is specifically with the application you mentioned, but as a safe bet always try to start Fiddler capturing before opening it. There is nothing that can be changed in the application, because the limitation is on the server side.
For the questions why you are denied access to some sites with/without Fiddler running - this might be related to browser fingerprinting. When Fiddler is running as a system proxy, it sits between your application (e.g. browser) and the internet. This means that the application is only communicating with Fiddler, which in turn forwards the traffic. The web servers are only communicating with Fiddler as well, but they receive traffic that claims to be coming from another place like the Google Chrome browser. This can trigger a security check for some websites that will flag the traffic as a bot or other unwanted source trying to impersonate a browser. Other web servers will store a cookie with the browser fingerprint they collect and compare it in subsequent requests so if the fingerprint changes a security flag might be raised as well. What all this means is that some websites might not work when you are using Fiddler Classic to capture traffic or might stop working temporary when you start/stop capturing.