Visual Studio 2012, IIS Express, and Fiddler

From the mail bag… Q:When I use IE10 on Windows 8 to visit an IIS Express instance using the following URL http://ipv4.fiddler:2468/, I get an unexpected error message. HTTP/1.1 400 Bad RequestContent-Type: text/html;charset=us-asciiServer: Microsoft-HTTPAPI/2.0Date: Wed, 22 Aug 2012 19:59:52 GMTConnection: closeContent-Length: 334 <!DOCTYPE HTML PUBLIC “-//W3C//DTD HTML 4.01//EN””http://www.w3.org/TR/html4/strict.dtd”><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV=”Content-Type” Content=”text/html; charset=us-ascii”></HEAD><BODY><h2>Bad Request – Invalid Hostname</h2><hr><p>HTTP Error 400….


.NET HTTPS connections timeout on SNI TLS Warning

Recently, a handful of folks have emailed me complaining that some HTTPS sites cannot be reached by their .NET programs or from any program when Fiddler is configured to decrypt traffic. Notably, these users only have problems when running on Windows Vista or later. So, what’s going on? When I need to troubleshoot issues that…


.NET HttpWebRequests and Expect: 100-continue

Recently, a colleague asked me to look at a network capture in which a .NET client application’s communication with a web service was not meeting their performance goals. In particular, he noted that this was primarily a problem on high-latency networks; each of the dozens of requests took hundreds of milliseconds, even when existing connections…


Fiddler and Channel Binding Tokens Revisited

Just under a year ago, I wrote a blog post about how the new “Extended Protection” feature (also known as Channel Binding Tokens or CBT) prevented seamless decryption of certain authenticated HTTPS traffic when Fiddler is running. The quick recap is that CBT binds a set of NTLM or Kerberos authentication credentials to the “channel”…


Fiddler and IPv6-only environments

I recently got a bug report from a user who was attempting to use Fiddler in a pure-IPv6 environment, where IPv4 is entirely disabled. On startup, he saw the following message: The problem here is an obscure one, which makes it somewhat interesting. What’s happening is that Fiddler is trying to create an IPv4 listener…


Fiddler and the IE9 Release Candidate

I’m delighted to announce that the now-available IE9 RC includes three significant enhancements for users of proxy-based debuggers like Fiddler. These improvements are: The default Connections-Per-Proxy limit has been raised from 6 to 12, improving performance and in some cases reducing Observer Effect. Debugging of traffic sent to Localhost / 127.0.0.1 now “just works”—configuration changes…


Debugging Windows Phone 7 device traffic with Fiddler

Back in October, I showed how to debug Windows Phone emulator traffic with Fiddler . Since then, I’ve acquired the LG Quantum phone, and naturally, one of my first goals was to start looking at the traffic from mobile Internet Explorer and some of my WP7 applications. The process for capturing traffic from a phone…


Fiddler and Channel-Binding-Tokens

Note: Please see this post for an update. Some users of Fiddler who have HTTPS Decryption enabled have found that some of their internal HTTPS sites that used to work properly with Fiddler now endlessly prompt for credentials while Fiddler is running. Even typing the correct credentials into the authentication prompt won’t fix the problem….


Fiddler and the Windows Phone 7 Emulator

Note: This post is part of a larger set on using Fiddler with Windows Phone 7. This post covers the Windows Phone Emulator only. Recently, some developers have asked me why Fiddler no longer works with the Windows Phone 7 emulator. Fiddler properly captured traffic from the CTP version of the emulator, but not from…


Fiddler’s New Import and Export Architecture

All versions of Fiddler support a rich extensibility model that enables developers to enhance Fiddler with new functionality useful for traffic inspection, analysis, and sharing. However, writing extensions that import traffic captured by other tools was difficult, and extensions that offered traffic export often extended the UI in confusing ways or failed to implement basic…