View OverwriteBOM.js
public static void OnBeforeResponse(Session oSession) {
// If the response body starts with a Utf-8 signature, overwrite it with spaces
if (oSession.ResponseBody.Length > 3 &&
oSession.ResponseBody[0] == 0xEF &&
oSession.ResponseBody[1] == 0xBB &&
oSession.ResponseBody[2] == 0xBF)
oSession.ResponseBody[0] = 0x20;
oSession.ResponseBody[1] = 0x20;
View Request URLs from Clipboard.js
public static ToolsAction("Request URLs from Clipboard")
function doClipboard()
var s: String = Clipboard.GetText();
var arr: String[] = s.Split(['\n']);
for (var i: int=0; i<arr.Length; i++)
var sUri = arr[i].Trim();
View NoCertPrompt.cs
// Click Rules, Customize Rules.
// Inside static function Main() {, add the following line:
FiddlerApplication.Prefs.SetBoolPref("", false);
// Then save the script
View HashSample.js
public static ContextAction("Show Hashes")
function doHash(arrSess: Session[])
for (var i: int=0; i<arrSess.Length; i++)
"_MD5_\n"+arrSess[i].GetResponseBodyHash("md5") + "\n\n" +
"_SHA1_\n"+arrSess[i].GetResponseBodyHash("sha1") + "\n\n" +
"_SHA256_\n"+arrSess[i].GetResponseBodyHash("sha256") + "\n"
View CertSH.js
// Click Rules > Customize Rules. Inside the HANDLERS class, add the following block:
public BindUITab("CertInfo", "<html>")
static function CRTSHReport(arrSess: Session[]):String {
if ((arrSess.Length != 1) ||
( !arrSess[0].isTunnel &&
!(arrSess[0].bHasResponse &&
(arrSess[0].responseBodyBytes.Length > 2) &&
(arrSess[0].responseBodyBytes[0] == 0x4d) &&
View FlagUnsecureRequests
// Inside the block:
static function OnBeforeRequest(oSession: Session) {
// Add the following lines:
if (!oSession.isHTTPS && !oSession.HTTPMethodIs("CONNECT")) {
oSession["ui-backcolor"] = "#FADC93";
View WarningBeforeCertExpires.js
// Inside Rules > Customize Rules > OnBoot, add the following line:
// Just before that function, add the following new function:
static function onEvalCert(o: Object, e: ValidateServerCertificateEventArgs)
var X2: System.Security.Cryptography.X509Certificates.X509Certificate2 =
new System.Security.Cryptography.X509Certificates.X509Certificate2(e.ServerCertificate);
View FiddlerCore4.6.2.txt
The last thing I did at Telerik was release FiddlerCore 4.6.2, available from
(includes demo app) and
There are three major areas of change:
1> v4.6.2 now goes async (unblocking the thread) for DNS lookups and for connection reuse. This should generally improve
performance for Fiddler[Core], in some cases dramatically, as the .NET thread pool growth algorithm is pretty conservative.
While I didn't have the opportunity to finish async'ing everything I wanted to, this was a pretty solid start.
2> Certificate generation has changed pretty significantly, to improve performance and to accommodate changes in Certificate
View AutoSizeSessionList.js
// Click Rules > Customize Rules
// Inside your existing onboot handler, add two lines:
static function OnBoot() {
// Just before that method in the Handlers class, add:
public static
View ComodoPhishCert
Encrypted HTTPS traffic flows through this CONNECT tunnel. HTTPS Decryption is enabled in Fiddler, so decrypted sessions running in this tunnel will be shown in the Web Sessions list.
Secure Protocol: Tls
Cipher: Aes256 256bits
Hash Algorithm: Sha1 160bits
Key Exchange: RsaKeyX 2048bits
== Server Certificate ==========
[Subject], OU=PositiveSSL, OU=Domain Control Validated