View FilterByProcessName.js
//Hide Traffic based on Process Name
//The following script creates a ShowOnly submenu on the Rules menu that allows you to easily display captured
//traffic from only a single executable:
RulesString("ShowOnly", true)
RulesStringValue(0,"Chrome", "chrome")
RulesStringValue(1,"FireFox", "firefox")
RulesStringValue(2,"IE", "iexplore")
RulesStringValue(3,"&Custom...", "%CUSTOM%")
public static var sOnlyProc: String = null;
View OverwriteBOM.js
public static void OnBeforeResponse(Session oSession) {
// If the response body starts with a Utf-8 signature, overwrite it with spaces
if (oSession.ResponseBody.Length > 3 &&
oSession.ResponseBody[0] == 0xEF &&
oSession.ResponseBody[1] == 0xBB &&
oSession.ResponseBody[2] == 0xBF)
oSession.ResponseBody[0] = 0x20;
oSession.ResponseBody[1] = 0x20;
View Request URLs from Clipboard.js
public static ToolsAction("Request URLs from Clipboard")
function doClipboard()
var s: String = Clipboard.GetText();
var arr: String[] = s.Split(['\n']);
for (var i: int=0; i<arr.Length; i++)
var sUri = arr[i].Trim();
View NoCertPrompt.cs
// Click Rules, Customize Rules.
// Inside static function Main() {, add the following line:
FiddlerApplication.Prefs.SetBoolPref("", false);
// Then save the script
View HashSample.js
public static ContextAction("Show Hashes")
function doHash(arrSess: Session[])
for (var i: int=0; i<arrSess.Length; i++)
"_MD5_\n"+arrSess[i].GetResponseBodyHash("md5") + "\n\n" +
"_SHA1_\n"+arrSess[i].GetResponseBodyHash("sha1") + "\n\n" +
"_SHA256_\n"+arrSess[i].GetResponseBodyHash("sha256") + "\n"
View CertSH.js
// Click Rules > Customize Rules. Inside the HANDLERS class, add the following block:
public BindUITab("CertInfo", "<html>")
static function CRTSHReport(arrSess: Session[]):String {
if ((arrSess.Length != 1) ||
( !arrSess[0].isTunnel &&
!(arrSess[0].bHasResponse &&
(arrSess[0].responseBodyBytes.Length > 2) &&
(arrSess[0].responseBodyBytes[0] == 0x4d) &&
View FlagUnsecureRequests
// Inside the block:
static function OnBeforeRequest(oSession: Session) {
// Add the following lines:
if (!oSession.isHTTPS && !oSession.HTTPMethodIs("CONNECT")) {
oSession["ui-backcolor"] = "#FADC93";
View WarningBeforeCertExpires.js
// Inside Rules > Customize Rules > OnBoot, add the following line:
// Just before that function, add the following new function:
static function onEvalCert(o: Object, e: ValidateServerCertificateEventArgs)
var X2: System.Security.Cryptography.X509Certificates.X509Certificate2 =
new System.Security.Cryptography.X509Certificates.X509Certificate2(e.ServerCertificate);
View FiddlerCore4.6.2.txt
The last thing I did at Telerik was release FiddlerCore 4.6.2, available from
(includes demo app) and
There are three major areas of change:
1> v4.6.2 now goes async (unblocking the thread) for DNS lookups and for connection reuse. This should generally improve
performance for Fiddler[Core], in some cases dramatically, as the .NET thread pool growth algorithm is pretty conservative.
While I didn't have the opportunity to finish async'ing everything I wanted to, this was a pretty solid start.
2> Certificate generation has changed pretty significantly, to improve performance and to accommodate changes in Certificate
View AutoSizeSessionList.js
// Click Rules > Customize Rules
// Inside your existing onboot handler, add two lines:
static function OnBoot() {
// Just before that method in the Handlers class, add:
public static