ericlaw

Book-Writing: Just Do It!

Sadly, you’re unlikely to get wealthy by writing a book. You should definitely write one anyway. My Background People I respect suggest you shouldn’t write (or buy) books on specific technologies, going so far as to say that writing a book was on their top-10 lists of life regrets. Top-10… whoa! As a consequence, whenContinue reading “Book-Writing: Just Do It!”

Repairing Corrupt ZIP Files

Fiddler’s default file format is the SAZ Format, which is just a ZIP file with a particular structure (I’ve written a lot about ZIPs). Unfortunately, sometimes users’ SAZ files get corrupted due to failing disks or incomplete downloads, and when this happens, Fiddler can no longer open them. Because Fiddler uses a standard ZIP file,Continue reading “Repairing Corrupt ZIP Files”

Hashes and Code-Signing

I’ve written a few articles about using Authenticode to sign your code to help prevent attacks, increase user confidence, and reduce interference from security software like Windows SmartScreen. You can read the overview, discussion of code-signing tokens, and “tricks” you can use to shoot yourself in the foot by adding data to a file withoutContinue reading “Hashes and Code-Signing”

Understanding CONNECT Tunnels

When a browser needs to send a HTTPS request through a proxy (like Fiddler), there’s a bit of a problem. The proxy needs to know where to send the client’s request, but the whole point of protecting traffic with HTTPS is that the content is encrypted and cannot be read by anyone else on theContinue reading “Understanding CONNECT Tunnels”

The Sad State of HAR

Spring 2017 Update: Some of these issues have been fixed. The HTTP Archive Format (HAR) was designed to allow tools to exchange network traffic using a standard format; this format is akin to Fiddler’s Session Archive Zip format but is supported natively by browser developer tools. Unlike SAZ files, it is not compressed by default,Continue reading “The Sad State of HAR”

Reset Fiddler’s HTTPS certificates

I’ve made changes to the latest versions of Fiddler to improve the performance of certificate creation, and to avoid problems with new certificate validation logic coming to Chrome and Firefox. The biggest of the Fiddler changes is that CertEnroll is now the default certificate generator on Windows 7 and later. Unfortunately, this change can causeContinue reading “Reset Fiddler’s HTTPS certificates”

DotNet Makes Me Sad, In Pictures

.NET Framework KB 3088956: Ouch, that sounds pretty severe. I guess I’d better go manually install a hotfix? Seriously? An email address and a CAPTCHA? Fine. Oh, an email delivered HTTP URL pointed at an executable file? That seems totes legit. Yup, definitely legit, it says “Microsoft” right there at the top! Sure, let’s putContinue reading “DotNet Makes Me Sad, In Pictures”

The Budget

“Don’t tell me what you value, show me your budget, and I’ll tell you what you value.” – Joe Biden Across the political spectrum, Americans have thoughts on how the government should spend the money we send its way. That’s great (and it’d be better if more of us voted), but many arguments about spendingContinue reading “The Budget”

What’s New in Fiddler 4.6.0.7

TLDR? – Get the newest Fiddler here. We’re performing a staged rollout of this build; it won’t be on autoupdate until next week. Under the Hood As mentioned in our notes about the Fiddler 4.6 release, we’ve started taking a very close look at Fiddler’s performance. Fiddler’s use of the CPU, system memory, and theContinue reading “What’s New in Fiddler 4.6.0.7”

Viewing HTTPS Handshakes in Fiddler

You can easily use Fiddler to evaluate what algorithms a client is using to connect to a HTTPS server in Fiddler. First, adjust Fiddler’s configuration using Tools > Fiddler Options to enable capture of CONNECT tunnels but disable decryption: Disabling decryption is necessary because Fiddler decrypts traffic using a HTTPS man-in-the-middle technique, which means thatContinue reading “Viewing HTTPS Handshakes in Fiddler”