Analyzing Network Traffic Logs (NetLog json)

Previously, I’ve described how to capture a network traffic log from Microsoft Edge, Google Chrome, and applications based on Chromium or Electron. In this post, I aim to catalog some guidance for looking at these logs to help find the root cause of captured problems and otherwise make sense of the data collected. Last Update:Continue reading “Analyzing Network Traffic Logs (NetLog json)”

Capture Network Logs from Edge and Chrome (and Electron)

Problems in accessing websites can often be found and fixed if the network traffic between the browser and the website is captured as the problem occurs. This short post explains how to capture such logs. Capturing Network Traffic Logs If someone asked you to read this post, chances are good that you were asked toContinue reading “Capture Network Logs from Edge and Chrome (and Electron)”

Firefox and Fiddler – Easier than Ever

In a world where software and systems seem to march inexorably toward complexity, I love it when things get simpler. Years ago, Firefox required non-obvious configuration changes to even send traffic to Fiddler. Eventually, Mozilla changed their default behavior on Windows to adopt the system’s proxy, meaning that Firefox would automatically use Fiddler when it was attached,Continue reading “Firefox and Fiddler – Easier than Ever”

Chrome Deprecates Subject CN Matching

If you’re using a Self-Signed certificate for your HTTPS server, a deprecation coming to Chrome may affect your workflow. Chrome 58 will require that certificates specify the hostname(s) to which they apply in the SubjectAltName field; values in the Subject field will be ignored. This follows a similar change in Firefox 48. If impacted, you’llContinue reading “Chrome Deprecates Subject CN Matching”

Using Fiddler With iOS 10 and Android 7

If you’ve tried to use Fiddler with iOS10 beta or Android 7 Nougat, you have probably found that HTTPS decryption isn’t working, even if you use the latest Fiddler and the Fiddler Certificate Maker add-on. Unfortunately, at the moment both platforms are broken, but for different reasons. In both cases, the client will fail toContinue reading “Using Fiddler With iOS 10 and Android 7”

Silliness – Fiddler Blocks Malware

Enough malware researchers now depend upon Fiddler that some bad guys won’t even try to infect your system if you have Fiddler installed. The Malware Bytes blog post has the details, but the gist of it is that the attackers use JavaScript to probe the would-be victim’s PC for a variety of software. Beyond Kaspersky,Continue reading “Silliness – Fiddler Blocks Malware”

On Daylight Savings Time

In Fiddler, the Caching tab will attempt to calculate the cache freshness lifetime for responses that lack an explicit Expires or Cache-Control: max-age directive. The standard suggests clients use (0.1 * (DateTime.Now – Last-Modified)) as a heuristic freshness lifetime. An alert Fiddler user noticed that the values he was seeing were slightly off what he expected: sometimes the valuesContinue reading “On Daylight Savings Time”

Automatically Evaluating Compressibility

Fiddler’s Transformer tab has long been a simple way to examine the use of HTTP compression of web assets, especially as new compression engines (like Zopfli) and compression formats (like Brotli) arose. However, the one-Session-at-a-time design of the Transformer tab means it is cumbersome to use to evaluate the compressibility of an entire page orContinue reading “Automatically Evaluating Compressibility”

What’s New in Fiddler 4.6.2

TLDR? – Get the newest Fiddler here. It’s been just over two months since the last significant release, and Fiddler 4.6.2.0 (and v2.6.2.0) are now available. As always, the latest build includes a slew of bugfixes and minor tweaks, as well as a number of features described in this post. Default Certificate Generator Changed ChangesContinue reading “What’s New in Fiddler 4.6.2”