FiddlerCore4

Map a local port number to the originating process ID

The local port number The originating process ID

Calls the GetExtendedTcpTable function to map a port to a process ID. This function is (over) optimized for performance.

Client port AF_INET or AF_INET6 PID, if found, or 0

Given a local port number, uses GetExtendedTcpTable to find the originating process ID. First checks the IPv4 connections, then looks at IPv6 connections.

Client applications' port ProcessID, or 0 if not found

Returns a string containing the process listening on a given port

Enumeration of possible queries that can be issued using GetExtendedTcpTable http://msdn2.microsoft.com/en-us/library/aa366386.aspx

Processes listening on Ports

Processes with active TCP/IP connections

This class is used to find and create certificates for use in HTTPS interception. The default implementation (DefaultCertProvider object) uses the Windows Certificate store, but if a plugin ICertificateProvider is provided, it is used instead.

Enables specification of a delegate certificate provider that generates certificates for HTTPS interception.

Lock on this object when TestExistenceOf/Create oCertProvider

Ensures that the Certificate Generator is ready; thread-safe

Load a delegate Certificate Provider

The provider, or null

Removes Fiddler-generated certificates from the Windows certificate store

Indicates whether Root certificates should also be cleaned up

Returns the Root certificate that Fiddler uses to generate per-site certificates used for HTTPS interception.

Returns the root certificate, if present, or null if the root certificate does not exist.

Return the raw byte[]s of the root certificate, or null

Request a certificate with the specified SubjectCN

A string of the form: "www.hostname.com" A certificate or /null/ if the certificate could not be found or created

Pre-cache a Certificate in the Certificate Maker that should be returned in subsequent calls to FindCert

The hostname for which this certificate should be returned. The X509Certificate2 with attached Private Key TRUE if the Certificate Provider succeeded in pre-caching the certificate. FALSE if Provider doesn't support pre-caching. THROWS if supplied Certificate lacks Private Key.

Pre-cache a Certificate in the Certificate Maker that should be returned in subsequent calls to FindCert

The hostname for which this certificate should be returned. The filename of the PFX file containing the certificate and private key The password for the PFX file Throws if the Certificate Provider failed to pre-cache the certificate

Determine if the self-signed root certificate exists

True if the Root certificate returned from GetRootCertificate is non-null, False otherwise.

Is Fiddler's root certificate in the Root store?

TRUE if so

Is Fiddler's root certificate in the Machine Root store?

TRUE if so

Create a self-signed root certificate to use as the trust anchor for HTTPS interception certificate chains

TRUE if successful

Finds the Fiddler root certificate and prompts the user to add it to the TRUSTED store. Note: The system certificate store is used by most applications (IE, Chrome, etc) but not all; for instance, Firefox uses its own certificate store.

True if successful

Dispose of the Certificate Provider, if any.

The ClientChatter object, exposed as the oRequest object on the Session object, represents a single web request.

Size of buffer passed to pipe.Receive when reading from the client.

Tracks the progress of reading the request from the client. Because of the multi-threaded nature of some users of this field, most will make a local copy before accessing its members.

The ClientPipe object which is connected to the client, or null.

Parsed Headers

The Session object which owns this ClientChatter

Create a ClientChatter object initialized with a set of HTTP headers Called primarily when loading session data from a file.

The Session object which will own this request The string containing the request data

Loads a HTTP request body from a file rather than a memory stream.

The file to load TRUE if the file existed. THROWS on most errors other than File-Not-Found

Based on this session's data, determine the expected Transfer-Size of the request body. See RFC2616 Section 4.4 Message Length. Note, there's currently no support for "multipart/byteranges" requests anywhere in Fiddler.

Expected Transfer-Size of the body, in bytes.

Free Request data. Called by TakeEntity or by ReadRequest method on request failure

Extract byte array representing the entity, put any excess bytes back in the pipe, free the RequestReadState, and return the entity.

Byte array containing the entity body

Send a HTTP/XXX Error Message to the Client, calling FiddlerApplication.BeforeReturningError and DoReturningError in FiddlerScript. Note: This method does not poison the Server pipe, so if poisoning is desired, it's the caller's responsibility to do that. Note: Because this method uses Connection: close on the returned response, it has the effect of poisoning the client pipe

Response code Response status text Body of the HTTP Response

Return a HTTP response and signal that the client should close the connection

A Delegate that fires to give one final chance to modify the Session before calling the DoBeforeReturningError and returning the response

Parse the headers from the requestData buffer. Precondition: Call AFTER having set the correct iEntityBodyOffset. Note: This code used to be a lot simpler before, when it used strings instead of byte[]s. Sadly, we've gotta use byte[]s to ensure nothing in the URI gets lost.

TRUE if successful.

This function decides if the request string represents a complete HTTP request

Read a (usually complete) request from pipeClient. If RequestStreamed flag is set, only the headers have been read.

TRUE, if a request could be read. FALSE, otherwise.

Verifies that the Hostname specified in the request line is compatible with the HOST header

Count of body bytes read from the client. If no body bytes have yet been read, returns count of header bytes.

HTTP Headers sent in the client request, or null.

Was this request received from a reused client connection? Looks at SessionFlags.ClientPipeReused flag on owning Session.

Note: This returns the request's HOST header, which may include a trailing port #. If the Host is an IPv6 literal, it will be enclosed in brackets '[' and ']'

Controls whether the request body is streamed to the server as it is read from the client.

Simple indexer into the Request Headers object

Discardable State of Read Operation While it is reading a request from the client, the ClientChatter class uses a RequestReaderState object to track the state of the read. This state is discarded when the request has been completely read.

The Host pulled from the URI

Buffer holds this request's data as it is read from the pipe.

Offset to first byte of body in m_requestData

Optimization: Offset of most recent transfer-encoded chunk

Optimization: tracks how far we've previously looked when determining iEntityBodyOffset

Did the request specify Transfer-Encoding: chunked

The integer value of the Content-Length header, if any

Count of body bytes read from the client. If no body bytes have yet been read, returns count of header bytes.

Scans requestData stream for the \r\n\r\n (or variants) sequence which indicates that the header block is complete. SIDE EFFECTS: iBodySeekProgress is updated and maintained across calls to this function iEntityBodyOffset is updated if the end of headers is found

True, if requestData contains a full set of headers

The CONFIG object is Fiddler's legacy settings object, introduced before the advent of the Preferences system.

Underlying Preferences container whose IFiddlerPreferences interface is exposed by the FiddlerApplication.Prefs property.

Response files larger than this (2^28 = ~262mb) will NOT be loaded into memory when using LoadResponseFromFile

Backing field for the QuietMode property. Controls whether notifications are displayed in a MessageBox. NB: KEEP THIS FIELD DECLARED AT THE TOP OF THE CLASS. We initialize some fields using methods that can check this field.

Cached layout info for columns.

True if this is a "Viewer" instance of Fiddler that will not persist its settings. Exposed as FiddlerApplication.IsViewerMode

TODO: ARCH: This setting shouldn't exist in FiddlerCore, but it's used in a dozen places

TODO: Why is this defaulted to FALSE? Has been since 2009, probably due to some bug. Should keep better records. (Sigh).

Boolean controls whether Fiddler should map inbound connections to their original process using IPHLPAPI

Boolean controls whether Fiddler should attempt to decrypt HTTPS Traffic

Boolean controls whether Fiddler will attempt to use the Server Name Indicator TLS extension to generate the SubjectCN for certificates

Should Audio/Video types automatically stream by default?

Returns 127.0.0.1:{ListenPort} or fiddler.network.proxy.RegistrationHostName:{ListenPort}

Use 128bit AES Encryption when password-protecting .SAZ files. Note that, while this encryption is much stronger than the default encryption algorithm, it is significantly slower to save and load these files, and the Windows Explorer ZIP utility cannot open them.

SSL/TLS Protocols we allow the client to choose from (when we call AuthenticateAsServer) We allow all protocols by default (Ssl2,Ssl3,Tls1) and also 'Bitwise OR' in the constants for TLS1.1 and TLS1.2 in case we happen to be running on .NET4.5.

SSL/TLS Protocols we request the server use (when we call AuthenticateAsClient). By default, SSL3 and TLS1 are accepted; we exclude SSL2 so that TLS Extensions may be sent. We do NOT enable TLS1.1 or TLS1.2 by default because many servers will fail if you offer them and unlike browsers, .NET has no fallback code.

When True, Fiddler will offer the latest TLS protocol version offered by the client in its request

Version information for the Fiddler/FiddlerCore assembly

Will send traffic to an upstream proxy? OBSOLETE -- DO NOT USE. see instead.

The encoding with which HTTP Headers should be parsed. Defaults to UTF8, but may be overridden by specifying a REG_SZ containing the encoding name in the registry key \Fiddler2\HeaderEncoding

Controls whether Fiddler will reuse server connections for multiple sessions

Controls whether Fiddler will reuse client connections for multiple sessions

Controls whether Fiddler should register as the HTTPS proxy

Controls whether Fiddler should register as the FTP proxy

Controls whether Fiddler will try to write exceptions to the System Event log. Note: Usually fails due to ACLs on the Event Log.

Controls whether Fiddler will attempt to log on to the upstream proxy server to download the proxy configuration script

Controls whether Fiddler will attempt to connect to IPv6 addresses

Name of connection to which Fiddler should autoattach if MonitorAllConnections is not set

The username to send to the upstream gateway if the Version Checking webservice request requires authentication

The password to send to the upstream gateway if the Version Checking webservice request requires authentication

Set this flag if m_ListenPort is a "temporary" port (E.g. specified on command-line) and it shouldn't be overridden in the registry

Controls whether Certificate-Generation output will be spewed to the Fiddler Log

Alternative hostname which Fiddler should recognize as an alias for the local machine. The default value of ? will never be usable, as it's the QueryString delimiter

(Lowercase) Machine Name

(Lowercase) Machine Domain Name

List of hostnames for which HTTPS decryption (if enabled) should be skipped

True if Fiddler should be maximized on restart

Return a Special URL.

String constant describing the URL to return. CASE-SENSITIVE! Returns target URL

Get a registry path for a named constant

The path to retrieve [Root, UI, Dynamic, Prefs] The registry path

Return an app path (ending in Path.DirectorySeparatorChar) or a filename

CASE-SENSITIVE The specified filesystem path

Ensure that the per-user folders used by Fiddler are present.

Loads Preferences from the Registry and fills appropriate fields

Generally, callers should use FiddlerApplication.Prefs, but RawPrefs allows use of the PreferenceBag members that are not a part of IFiddlerPreferences

Control which processes have HTTPS traffic decryption enabled

What mechanism, if any, should Fiddler use to find the upstream proxy/gateway?

Port to which Fiddler should forward inbound requests when configured to run as a Reverse Proxy

On attach, will configure WinINET to bypass Fiddler for these hosts.

Boolean indicating whether Fiddler will open the listening port exclusively

Controls whether server certificate errors are ignored when decrypting HTTPS traffic.

Controls whether notification dialogs and prompts should be shown.

The port upon which Fiddler is configured to listen.

Returns the path and filename of the editor used to edit the Rules script file.

Returns true if Fiddler should permit remote connections. Requires restart.

When may requests be resent on a new connection?

The request may always be retried.

The request may never be retried

The request may only be resent if the HTTP Method is idempotent. This SHOULD be the default per HTTP spec, but this appears to break tons of servers.

Type of Upstream Gateway

Traffic should be sent directly to the server

Traffic should be sent to a manually-specified proxy

Traffic should be sent to the System-configured proxy

Proxy should be automatically detected

A simple Process Type enumeration used by various filtering features

Include all Processes

Processes which appear to be Web Browsers

Processes which appear to NOT be Web Browsers

Include only traffic where Process ID isn't known (e.g. remote clients)

Interface for the WebSocket and CONNECT Tunnel classes

The CONNECTTunnel class represents a "blind tunnel" through which a CONNECT request is serviced to shuffle bytes between a client and the server.

See pg 206 in HTTP: The Complete Reference for details on how Tunnels work. When HTTPS Decryption is disabled, Fiddler accepts a CONNECT request from the client. Then, we open a connection to the remote server. We shuttle bytes back and forth between the client and the server in this tunnel, keeping Fiddler itself out of the loop (no tampering, etc).

Number of bytes received from the client

Number of bytes received from the server

TRUE if this is a Blind tunnel, FALSE if decrypting

This "Factory" method creates a new HTTPS Tunnel and executes it on a background (non-pooled) thread.

The Session containing the HTTP CONNECT request

Creates a HTTPS tunnel. External callers instead use the CreateTunnel static method.

The session for which this tunnel was initially created. Client Pipe Server Pipe

This function keeps the thread alive until it is signaled that the traffic is complete

Executes the HTTPS tunnel inside an All-it-can-eat exception handler. Call from a background thread.

Close the HTTPS tunnel and signal the event to let the service thread die. WARNING: This MUST not be allowed to throw any exceptions, because it will do so on threads that don't catch them, and this will kill the application.

Called when we have received data from the local client. Incoming data will immediately be forwarded to the remote host.

The result of the asynchronous operation.

Called when we have sent data to the local client.
When all the data has been sent, we will start receiving again from the remote host.

The result of the asynchronous operation.

Called when we have sent data to the remote host.
When all the data has been sent, we will start receiving again from the local client.

The result of the asynchronous operation.

Called when we have received data from the remote host.
Incoming data will immediately be forwarded to the local client.

The result of the asynchronous operation.

Returns number of bytes sent from the Server to the Client

Returns number of bytes sent from the Client to the Server

To override default certificate handling, your class should implement this interface in an assembly referenced by the fiddler.certmaker.assembly preference; by default, "certmaker.dll" in the application folder is loaded

Implement ICertificateProvider2 instead

Return a certificate to secure this traffic. Generally, it's expected that this method WILL create a new certificate if needed.

Hostname (e.g. "www.example.com") An X509Certificate, or null on error

Return the root certificate to which Host Certificates are chained. Generally, it's expected that this method will NOT create a root certificate.

An X509Certificate, or null on error

When this method is called, your extension should create a Root certificate.

TRUE if the operation was successful

When this method is called, your extension should copy the your Root certificate into the user's (or machines's) Root certificate store.

TRUE if the operation was successful

When this method is called, your extension should discard all certificates and clear any certificates that have been added to the user's certificate store.

TRUE, if all certificates were removed; FALSE if any certificates were preserved

When this method is called, your extension should check to see if the User or Machine Root certificate store contains your Root certificate.

Set to TRUE if StoreLocation.CurrentUser StoreName.Root has the certificate Set to TRUE if StoreLocation.LocalMachine StoreName.Root has the certificate TRUE if either bUserTrusted or bMachineTrusted

When this method is called, your extension should discard all certificates and clear any certificates that have been added to the user's certificate store

TRUE if the root certificate should also be cleared TRUE, if all certificates were removed; FALSE if any certificates were preserved

Call this function to cache a certificate in the Certificate Provider

The hostname to match The certificate that the Provider should later provide when GetCertificateForHost is called True if the request was successful

Return a string describing the current configuration of the Certificate Provider. For instance, list the configured key size, hash algorithms, etc.

Show a configuration dialog that allows user to control options related to your Certificate Provider, for instance, the configured key size, hash algorithm, etc.

Owning Window Handle

The underlying Certificate Generator (MakeCert or CertEnroll)

Cache of previously-generated EE certificates. Thread safety managed by _oRWLock

Cache of previously-generated Root certificate

Should Fiddler automatically generate wildcard certificates?

Reader/Writer lock gates access to the certificate cache and generation functions.

We must set the SupportsRecursion flag because there are cases where the thread holds the lock in Write mode and then enters Read mode in a nested call.

Find certificates that have the specified full subject.

The store to search FindBySubject{Distinguished}Name requires a complete match of the SUBJECT, including CN, O, and OU Matching certificates

Find all certificates (in the CurrentUser Personal store) that have the specified issuer.

The store to search FindByIssuer{Distinguished}Name requires a complete match of the SUBJECT, including CN, O, and OU Matching certificates

Interface method: Clear the in-memory caches and Windows certificate stores

TRUE to clear the Root Certificate from the cache and Windows stores TRUE if successful

Interface method: Clear the in-memory caches and Windows certificate stores

Use MakeCert to generate a unique self-signed certificate

TRUE if the Root certificate was generated successfully

Get the root certificate from cache or storage, only IF IT ALREADY EXISTS.

Returns an Interception certificate for the specified hostname

Hostname for the target certificate This method uses a Reader lock when checking the cache and a Writer lock when updating the cache. An Interception Certificate, or NULL

Find a certificate from the certificate store, creating a new certificate if it was not found.

A SubjectCN hostname, of the form www.example.com TRUE if the cert wasn't found in the Windows Certificate store and this function attempted to create it. No locks are acquired by this method itself. A certificate or /null/

Find (but do not create!) a certificate from the CurrentUser certificate store, if present.

No locks are acquired by this method itself. A certificate or /null/

Updates the Server Certificate cache under the Writer lock

The target hostname The certificate to cache

Creates a certificate for ServerAuth. If isRoot is set, designates that this is a self-signed root.

Uses a reader lock when checking for the Root certificate. Uses a Writer lock when creating a certificate. A string of the form: "www.hostname.com" A boolean indicating if this is a request to create the root certificate Newly-created certificate, or Null

CertEnroll is an ActiveX Control available on Windows Vista and later that allows programmatic generation of X509 certificates. We can use it as an alternative to MakeCert.exe; it offers better behavior (e.g. setting AKID) and doesn't require redistributing makecert.exe

Factory method. Returns null if this engine cannot be created

Invoke CertEnroll

Target CN TRUE if the certificate is a root cert TRUE if we should validate that we're running in a MTA thread and switch if not A Cert

Factory method. Returns null if this engine cannot be created

File path pointing to the location of MakeCert.exe

Hash to use when signing certificates. Note: sha1 is required on XP (even w/SP3, using sha256 throws 0x80090008).

Constructor: Simply cache the path to MakeCert

Cache of Hostname->Address mappings

Number of milliseconds that a DNS cache entry may be reused without validation.

Maximum number of A/AAAA records to cache for DNS entries. Beware: Changing this number changes how many IP-failovers Fiddler will perform if fiddler.network.dns.fallback is set, and increasing the number will consume more memory in the cache.

Clear the DNS Cache. Called by the NetworkChange event handler in the oProxy object

Remove all expired DNSCache entries; called by the Janitor

Show the contents of the DNS Resolver cache

Gets first available IP Address from DNS. Throws if address not found!

String containing the host True to use Fiddler's DNS cache. IPAddress of target, if found.

Gets IP Addresses for host from DNS. Throws if address not found!

String containing the host True to use Fiddler's DNS cache. The Timers object to which the DNS lookup time should be stored, or null List of IPAddresses of target, if any found.

Trim an address list, removing the duplicate entries, any IPv6-entries if IPv6 is disabled, and entries beyond the COUNT_MAX_A_RECORDS limit.

The list to filter A filtered address list

A DNSCacheEntry holds a cached resolution from the DNS

TickCount of this record's creation

IPAddresses for this hostname

Construct a new cache entry

The address information to add to the cache

Attribute used to specify the minimum version of Fiddler compatible with this extension assembly.

The minimal version string (e.g. "2.2.8.8")

Getter for the required version string

Attribute allowing developer to specify that a class supports the specified Import/Export Format

Shortname of the Format (e.g. WebText XML) Description of the format

Attribute allowing developer to specify that a class supports the specified Import/Export Format

Shortname of the Format (e.g. WebText XML) Description of the format Semi-colon delimited file extensions (e.g. ".har;.harx")

Returns the Shortname for this format

Returns the Description of this format

This tuple maps a display descriptive string to a Import/Export type. (The parent dictionary contains the shortname string)

Textual description of the Format

Class implementing the format

All metadata about the provider

Create a new Transcoder Tuple

Format description Type implementing this format

ISessionImport allows loading of Session data

Import Sessions from a data source

Shortname of the format Dictionary of options that the Importer class may use Callback event on which progress is reported or the host may cancel Array of Session objects imported from source

ISessionExport allows saving of Session data

Export Sessions to a data store

Shortname of the format Array of Sessions being exported Dictionary of options that the Exporter class may use Callback event on which progress is reported or the host may cancel TRUE if the export was successful

EventArgs class for the ISessionImporter and ISessionExporter interface callbacks

Progress Callback

Float indicating completion ratio, 0.0 to 1.0. Set to 0 if unknown. Short string describing current operation, progress, etc

Set to TRUE to request that Import/Export process be aborted as soon as convenient

The string message of the notification

The percentage completed

Fiddler Transcoders allow import and export of Sessions from Fiddler

Create the FiddlerTranscoders object

List all of the Transcoder objects that are loaded

Add Import/Export encoders to FiddlerApplication.oTranscoders

Assembly to import exporters and importers FALSE on obvious errors

Add Import/Export encoders to FiddlerApplication.oTranscoders

Assembly to scan for transcoders FALSE on obvious errors

Loads any assembly in the specified path that ends with .dll and does not start with "_", checks that a compatible version requirement was specified, and adds the importer and exporters within to the collection.

The path to scan for extensions

Ensures that Import/Export Transcoders have been loaded

Returns a TranscoderTuple willing to handle the specified format

The Format TranscoderTuple, or null

Returns a TranscoderTuple willing to handle the specified format

The Format TranscoderTuple, or null

Gets the format list of the specified type and adds that type to the collection.

TRUE if any formats were found; FALSE otherwise

Clear Importer and Exporter collections

True if one or more classes implementing ISessionImporter are available.

CodeDescription attributes are used to enable the FiddlerScript Editor to describe available methods, properties, fields, and events.

CodeDescription attributes should be constructed by annotating a property, method, or field.

The descriptive string which should be displayed for this this property, method, or field

Flags that can be passed into the Startup method

No options.

Decrypt HTTPS Traffic

Accept requests from remote computers or devices. WARNING: Security Impact

Use caution when allowing Remote Clients to connect. If a hostile computer is able to proxy his traffic through your FiddlerCore instance, he could circumvent IPSec traffic rules, circumvent intranet firewalls, consume memory on your PC, etc.

Set this flag to forward requests to any upstream gateway

Set this flag to set all WinINET connections to use Fiddler, otherwise only the Local LAN is pointed to Fiddler

A simple delegate for functions which accept no parameters. (MethodInvoker is the identical Framework version of this delegate)

An event handling delegate which is called during report calculation with the set of sessions being evaluated.

The sessions in this report.

An event handling delegate which is called as a part of the HTTP pipeline at various stages.

The Web Session in the pipeline.

This class acts as the central point for script/extensions to interact with Fiddler components.

TRUE if Fiddler is currently shutting down. Suspend all work that won't have side-effects.

The default certificate used for client authentication

Fiddler's "Janitor" clears up unneeded resources (e.g. server sockets, DNS entries)

Gets Fiddler* version info

A string indicating the build/flavor of the Fiddler* assembly

Set the DisplayName for the application

1 to 64 character name to be displayed in error messages, etc

Returns Help/About information.

Display string describing the current Fiddler instance.

Fiddler's core proxy object.

Fiddler Import/Export Transcoders

List of "leaked" temporary files to be deleted as Fiddler exits.

Checks if FiddlerCore is running.

TRUE if FiddlerCore is started/listening; FALSE otherwise.

Checks if FiddlerCore is running and registered as the System Proxy.

TRUE if FiddlerCore IsStarted AND registered as the system proxy; FALSE otherwise.

Recommended way to Start FiddlerCore listening on the specified port

The port The FiddlerCoreStartupFlags option you want to set; FiddlerCoreStartupFlags.Default is recommended

Start the FiddlerCore engine; this overload is NOT RECOMMENDED

Port to Listen on. Boolean indicating if FiddlerCore should register as the system proxy. Boolean indicating if FiddlerCore should decrypt secure traffic. If true, requires MakeCert.exe in the Application folder. Boolean indicating if FiddlerCore should accept connections from remote computers. Note: You must ensure Firewall is configured to allow such connections to your program.

Start a new proxy endpoint instance, listening on the specified port

The port to listen on TRUE if remote clients should be permitted to connect to this endpoint A Hostname (e.g. EXAMPLE.com) if this endpoint should be treated as a HTTPS Server A Proxy object, or null if unsuccessful

Start a new proxy endpoint instance, listening on the specified port

The port to listen on TRUE if remote clients should be permitted to connect to this endpoint A certificate to return when clients connect, or null A Proxy object, or null if unsuccessful

Shuts down the FiddlerCore proxy and disposes it. Note: If there's any traffic in progress while you're calling this method, your background threads are likely to blow up with ObjectDisposedExceptions or NullReferenceExceptions. In many cases, you're better off simply calling oProxy.Detach() and letting the garbage collector clean up when your program exits.

Notify a listener that a block of a response was read.

The session for which the response is being read byte buffer (not completely full) bytes set. FALSE if AbortReading was set

Notify a listener that a block of a request was read. Note that this event may fire with overlapping blocks of data but different sessions if the client uses HTTP Pipelining.

The session for which the response is being read byte buffer (not completely full) bytes set. FALSE if AbortReading was set

Export Sessions in the specified format

Shortname of desired format Sessions to export Options to pass to the ISessionExport interface Your callback event handler, or NULL to allow Fiddler to handle TRUE if successful, FALSE if desired format doesn't exist or other error occurs

Calls a Fiddler Session Importer and returns the list of loaded Sessions.

String naming the Import format, e.g. HTTPArchive Should sessions be added to WebSessions list? (Not meaningful for FiddlerCore) Dictionary of Options to pass to the Transcoder Your callback event handler, or NULL to allow Fiddler to handle Loaded Session[], or null on Failure

Reset the SessionID counter to 0. This method can lead to confusing UI, so call sparingly.

Log a notification to the OnNotification handler and, if not in quiet mode, show a MessageBox

Window to which this notification should be parented, or null Text in the Window Title of the Window Icon for the window

Report an exception to the user.

The Exception The Title of the dialog

Report an exception to the user.

The Exception The Title of the dialog The intro text to show. If null or empty, the default "Fiddler has encountered an unexpected... " message is shown.

Show the user a message when an HTTP Error was encountered

Session with error Set to true to prevent pooling/reuse of client connection The SessionFlag which should be set to log this violation Set to true to prevent pooling/reuse of server connection Information about the problem

Process ID of this Fiddler instance

processname:PID of Fiddler

We really don't want this method to get inlined, because that would cause the Xceed DLLs to get loaded in the Main() function instead of when _SetXceedLicenseKeys is called; that, in turn, would delay the SplashScreen.

Used to track errors with addons.

Record that a temporary file was created and handed to an external tool. We'll do our best to delete this file on exit.

The filename of the file to be deleted

Clean up any Temporary files that were created

Does this Fiddler instance support the specified feature?

Feature name (e.g. "bzip2") TRUE if the specified feature is supported; false otherwise

Fiddler's logging system

Fiddler's Preferences collection. Learn more at http://fiddler.wikidot.com/prefs

This event fires each time FiddlerCore reads data from network for the server's response. Note that this data is not formatted in any way, and must be parsed by the recipient.

This event fires each time FiddlerCore reads data from network for the client's request. Note that this data is not formatted in any way, and must be parsed by the recipient.

This event fires when a client request is received by Fiddler

This event fires when a server response is received by Fiddler

This event fires when Request Headers are available

This event fires when Response Headers are available

This event fires when an error response is generated by Fiddler

This event fires when Fiddler captures a WebSocket message

This event fires when a session has been completed

Sync this event to be notified when FiddlerCore has attached as the system proxy.")]

Sync this event to be notified when FiddlerCore has detached as the system proxy.

Fired each time Fiddler successfully establishes a TCP/IP connection

Fired each time Fiddler successfully accepts a TCP/IP connection

The Socket which was just Connected or Accepted

The Session which owns the this new connection

EventArgs class for the OnNotification handler

The string message of the notification

Enumeration of possible responses specified by the ValidateServerCertificateEventArgs as modified by FiddlerApplication's OnValidateServerCertificate event

The certificate will be considered valid if CertificatePolicyErrors == SslPolicyErrors.None, otherwise the certificate will be invalid unless the user manually allows the certificate.

The certificate will be confirmed with the user even if CertificatePolicyErrors == SslPolicyErrors.None. Note: FiddlerCore does not support user-prompting and will always treat this status as ForceInvalid.

Force the certificate to be considered Invalid, regardless of the value of CertificatePolicyErrors.

Force the certificate to be considered Valid, regardless of the value of CertificatePolicyErrors.

These EventArgs are passed to the FiddlerApplication.OnValidateServerCertificate event handler when a server-provided HTTPS certificate is evaluated

EventArgs for the ValidateServerCertificateEvent that allows host to override default certificate handling policy

The session The CN expected for this session The certificate provided by the server The certificate chain of that certificate Errors from default validation

The port to which this request was targeted

The SubjectCN (e.g. Hostname) that should be expected on this HTTPS connection, based on the request's Host property.

The Session for which a HTTPS certificate was received.

The server's certificate chain.

The SslPolicyErrors found during default certificate evaluation.

Set this property to override the certificate validity

The X509Certificate provided by the server to vouch for its authenticity

These EventArgs are constructed when FiddlerApplication.OnClearCache is called.

Constructs the Event Args

Should Cache Files be cleared? Should Cookies be cleared?

True if the user wants cache files to be cleared

True if the user wants cookies to be cleared

When the FiddlerApplication.OnReadResponseBuffer event fires, the raw bytes are available via this object.

Set to TRUE to request that upload or download process be aborted as soon as convenient

Session for which this responseRead is occurring

Byte buffer returned from read. Note: Always of fixed size, check iCountOfBytes to see which bytes were set

Count of latest read from Socket. If less than 1, response was ended.

The frmPrompt class is used to get information from the client. It's primarily used by calling one of the static functions.

Required designer variable.

Get a string value from the user.

The title of the dialog The prompt text The default string value The value entered by the user (or default, if unmodified)

GetUserString prompts the user for a string.

Title of the dialog The prompt text in the dialog The default response If true, will return null if user hits cancel. Else returns sDefault. The user's result, or null if user cancelled and bReturnNullIfCancelled set.

Clean up any resources being used.

Required method for Designer support - do not modify the contents of this method with the code editor.

This FTP Gateway class is used if Fiddler is configured as the FTP proxy and there's no upstream gateway configured. Fiddler must act as a HTTP->FTP protocol converter, which it does by using the .NET FTP classes.

Make a FTP request using the .NET FTPWebRequest class. WARNING: This method will throw.

Session bearing an FTP request Returns Response body stream Returns generated Response headers

The GenericTunnel class represents a "blind tunnel" to shuffle bytes between a client and the server.

Is streaming started in the downstream direction?

Number of bytes received from the client

Number of bytes received from the server

This "Factory" method creates a new HTTPS Tunnel and executes it on a background (non-pooled) thread.

The Session containing the HTTP CONNECT request

Creates a tunnel. External callers instead use the CreateTunnel static method.

The session for which this tunnel was initially created. Client Pipe Server Pipe

This function keeps the thread alive until it is signaled that the traffic is complete

Executes the HTTPS tunnel inside an All-it-can-eat exception handler. Call from a background thread.

Executes the WebSocket tunnel on a background thread

Instructs the tunnel to take over the server pipe and begin streaming responses to the client

Called when we have received data from the local client. Incoming data will immediately be forwarded to the remote host.

The result of the asynchronous operation.

Called when we have sent data to the local client.
When all the data has been sent, we will start receiving again from the remote host.

The result of the asynchronous operation.

Called when we have sent data to the remote host.
When all the data has been sent, we will start receiving again from the local client.

The result of the asynchronous operation.

Called when we have received data from the remote host.
Incoming data will immediately be forwarded to the local client.

The result of the asynchronous operation.

Returns number of bytes sent from the Server to the Client

Returns number of bytes sent from the Client to the Server

The HostList allows fast determination of whether a given host is in the list. It supports leading wildcards (e.g. *.foo.com), and the special tokens <local> <nonlocal> and <loopback>. Note: List is *not* threadsafe; instead of updating it, construct a new one.

Generate an empty HostList

Create a hostlist and assign it an initial set of sites

List of hostnames, including leading wildcards, and optional port specifier. Special tokens are *, <local>, <nonlocal>, and <loopback>.

Clear the HostList

Clear the List and assign the new string as the contents of the list.

List of hostnames, including leading wildcards, and optional port specifier. Special tokens are *, <local>, <nonlocal>, and <loopback>. TRUE if the list was constructed without errors

Clear the list and assign the new string as the contents of the list.

List of hostnames, including leading wildcards, and optional port specifier. Special tokens are *, <local>, <nonlocal>, and <loopback>. Outparam string containing list of parsing errors TRUE if the list was constructed without errors

Return the current list of rules as a string

String containing current rules, using "; " as a delimiter between entries

Determine if a given Host is in the list

A Host string, potentially including a port TRUE if the Host's hostname matches a rule in the list

Determine if a given Hostname is in the list

A hostname, NOT including a port TRUE if the hostname matches a rule in the list

Determine if a given Host:Port pair matches an entry in the list

A hostname, NOT including the port The port TRUE if the hostname matches a rule in the list

This private tuple allows us to associate a Hostname and a Port

Port specified in the rule

Hostname specified in the rule

Create a new HostPortTuple

HTTP Response headers object

Base class for RequestHeaders and ResponseHeaders

Get the Reader Lock if you plan to enumerate the Storage collection.

Get the Writer Lock if you plan to change the Storage collection. NB: You only need this lock if you plan to change the collection itself; you can party on the items in the collection if you like without locking.

If you get the Writer lock, Free it ASAP or you're going to hang or deadlock the Session

Text encoding to be used when converting this header object to/from a byte array

HTTP version (e.g. HTTP/1.1)

Storage for individual HTTPHeaderItems in this header collection NB: Using a list is important, as order can matter

Get byte count of this HTTP header instance. NOTE: This method should've been abstract.

Byte Count

Number of HTTP headers

Returns all instances of the named header

Header name List of instances of the named header

Copies the Headers to a new array. Prefer this method over the enumerator to avoid cross-thread problems.

An array containing HTTPHeaderItems

Returns all values of the named header in a single string, delimited by commas

Header Each, Header's, Value

Returns the count of instances of the named header

Header name Count of instances of the named header

Enumerator for HTTPHeader storage collection

Enumerator

Adds a new header containing the specified name and value.

Name of the header to add. Value of the header. Returns the newly-created HTTPHeaderItem.

Adds one or more headers

Returns the Value from a token in the header. Correctly handles double-quoted strings. Requires semicolon for delimiting tokens Limitation: FAILS if semicolon is in token's value, even if quoted. FAILS in the case of crazy headers, e.g. Header: Blah="SoughtToken=Blah" SoughtToken=MissedMe We really need a "proper" header parser

Name of the header Name of the token Value of the token if present; otherwise, null

Determines if the Headers collection contains a header of the specified name, with any value.

The name of the header to check. (case insensitive) True, if the header exists.

Determines if the Headers collection contains any header from the specified list, with any value.

list of headers True, if any named header exists.

Determines if the Headers collection contains one or more headers of the specified name, and sHeaderValue is part of one of those Headers' value.

The name of the header to check. (case insensitive) The partial header value. (case insensitive) True if the header is found and the value case-insensitively contains the parameter

Determines if the Headers collection contains a header of the specified name, and sHeaderValue=Header's value. Similar to a case-insensitive version of: headers[sHeaderName]==sHeaderValue, although it checks all instances of the named header.

The name of the header to check. (case insensitive) The full header value. (case insensitive) True if the header is found and the value case-insensitively matches the parameter

Removes all headers from the header collection which have the specified name.

The name of the header to remove. (case insensitive)

Removes all headers from the header collection which have the specified names.

Array of names of headers to remove. (case insensitive)

Removes a HTTPHeader item from the collection

The HTTPHeader item to be removed

Removes all HTTPHeader items from the collection

Renames all headers in the header collection which have the specified name.

The name of the header to rename. (case insensitive) The new name for the header. True if one or more replacements were made.

Gets or sets the value of a header. In the case of Gets, the value of the first header of that name is returned. If the header does not exist, returns null. In the case of Sets, the value of the first header of that name is updated. If the header does not exist, it is added.

Indexer property. Returns HTTPHeaderItem by index. Throws Exception if index out of bounds

Protect your enumeration using GetReaderLock

Clone this HTTPResponseHeaders object and return the result cast to an Object

The new response headers object, cast to an object

Status code from HTTP Response. If setting, also set HTTPResponseStatus too!

Code AND Description of Response Status (e.g. '200 OK').

Update the response status code and text

HTTP Status code (e.g. 401) HTTP Status text (e.g. "Access Denied")

Constructor for HTTP Response headers object

Text encoding to be used for this set of Headers when converting to a byte array

Returns a byte array representing the HTTP headers.

TRUE if the response status line should be included TRUE if there should be a trailing \r\n byte sequence included Byte[] containing the headers

Returns a string containing http headers

TRUE if the response status line should be included TRUE if there should be a trailing CRLF included String containing http headers

Returns a string containing the http headers

Returns a string containing http headers with a status line but no trailing CRLF

Parses a string and assigns the headers parsed to this object

The header string TRUE if the operation succeeded, false otherwise

Gets or sets the text associated with the response code (e.g. "OK", "Not Found", etc)

HTTP Request headers object

Warning: You should protect your enumeration using the GetReaderLock

Clones the HTTP request headers

The new HTTPRequestHeaders object, cast to an object

The HTTP Method (e.g. GET, POST, etc)

Constructor for HTTP Request headers object

Text encoding to be used for this set of Headers when converting to a byte array

Parses a string and assigns the headers parsed to this object

The header string TRUE if the operation succeeded, false otherwise

Returns a byte array representing the HTTP headers.

TRUE if the HTTP REQUEST line (method+path+httpversion) should be included TRUE if there should be a trailing \r\n byte sequence included TRUE if the SCHEME and HOST should be included in the HTTP REQUEST LINE The HTTP headers as a byte[]

Returns a byte array representing the HTTP headers.

Returns a string representing the HTTP headers.

TRUE if the HTTP REQUEST line (method+path+httpversion) should be included TRUE if there should be a trailing CRLF sequence included TRUE if the SCHEME and HOST should be included in the HTTP REQUEST LINE (Automatically set to FALSE for CONNECT requests) The HTTP headers as a string.

Returns a string representing the HTTP headers, without the SCHEME+HOST in the HTTP REQUEST line

TRUE if the HTTP REQUEST line (method+path+httpversion) should be included TRUE if there should be a trailing CRLF sequence included The header string

Returns a string representing the HTTP headers, without the SCHEME+HOST in the HTTP request line, and no trailing CRLF

The header string

The (lowercased) URI scheme for this request (https, http, or ftp)

Username:Password info for FTP URLs. (either null or "user:pass@") (Note: It's silly that this contains a trailing @, but whatever...)

Get or set the request path as a string

Get or set the request path as a byte array

Represents a single HTTP header

Clones a single HTTP header and returns the clone cast to an object

HTTPHeader Name: Value pair, cast to an object

The name of the HTTP header

The value of the HTTP header

Creates a new HTTP Header item. WARNING: Doesn't do any trimming or validation on the name.

Header name Header value

Return a string of the form "NAME: VALUE"

"NAME: VALUE" Header string

Provides simple utility functions common to both ClientHello and ServerHello parsing

Gets a textual string from a TLS extension

Builds a string from an ALPN List of strings

List Sig/Hash pairs from RFC5246

List defined ECC Curves from RFC4492

List defined ECC Point Formats from RFC4492

Converts a HTTPS version to a "Major.Minor (Friendly)" string

The HTTPSClientHello class is used to parse the bytes of a HTTPS ClientHello message.

Map cipher id numbers to names. See http://www.iana.org/assignments/tls-parameters/ Format is PROTOCOL_KEYAGREEMENT_AUTHENTICATIONMECHANISM_CIPHER_MACPRIMITIVE

Parse a single extension using the list from http://tools.ietf.org/html/rfc6066 http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xml https://src.chromium.org/viewvc/chrome/trunk/src/net/third_party/nss/ssl/sslt.h

Parse a single extension using the list from http://tools.ietf.org/html/rfc6066

Did client use ALPN to go to SPDY? http://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-01#section-3.1

Did this ServerHello Handshake specify an upgrade to SPDY?

The Logger object is a simple event log message dispatcher

Queue of Messages that are be logged (usually during application startup) until another object has loaded and registered for notification of such Messages

Creates a Logger object

True if a queue should be created to store messages during Fiddler's startup

Flushes previously-queued messages to the newly attached listener.

Log a string with specified string formatting

The format string The arguments to replace in the string

Log a string

The string to log

The Event to raise when a string is logged

EventArgs class for the LogEvent handler

The String which has been logged

The MockTunnel represents a CONNECT tunnel which was reloaded from a SAZ file.

Flags that indicate what problems, if any, were encountered in parsing HTTP headers

There were no problems parsing the HTTP headers

The HTTP headers ended incorrectly with \n\n

The HTTP headers ended incorrectly with \n\r\n

The HTTP headers were malformed.

The Parser class exposes static methods used to parse strings or byte arrays into HTTP messages.

Given a byte[] representing a request, determines the offsets of the components of the line. WARNING: Input MUST contain a LF or an exception will be thrown

Byte array of the request Returns the index of the byte of the URI in the Request line Returns the length of the URI in the Request line Returns the index of the first byte of the name/value header pairs

Index of final byte of headers, if found, or location that search should resume next time

Parse out HTTP Header lines.

Header collection to *append* headers to Array of Strings Index into array at which parsing should start String containing any errors encountered TRUE if there were no errors, false otherwise

Given a byte array, determines the Headers length

Input array of data Returns the calculated length of the headers. Returns the calculated start of the response body. Any HTTPHeaderParseWarnings discovered during parsing. True, if the parsing was successful.

Given a MemoryStream, attempts to parse a HTTP Request starting at the current position.

TRUE if a request could be parsed, FALSE otherwise

Given a MemoryStream, attempts to parse a HTTP Response starting at the current position

TRUE if the response must not have a body (e.g. because Request method was HEAD) TRUE if a response could be parsed, FALSE otherwise

Parse the HTTP Request into a headers object.

The HTTP Request string, including *at least the headers* with a trailing CRLFCRLF HTTPRequestHeaders parsed from the string.

Break headers off, then convert CRLFs into LFs

Parse the HTTP Response into a headers object.

The HTTP response as a string, including at least the headers. HTTPResponseHeaders parsed from the string.

Class allows finding the end of a body sent using Transfer-Encoding: Chunked

Number of bytes in the body (sans chunk headers, CRLFs, and trailers)

Read the first character of the hexadecimal size

Read the first character of the next Trailer header (if any)

We're in a trailer. Read up to the next \r

We've just read a trailer CR, now read its LF

We read a CR on an "empty" Trailer line, so now we just need the final LF

The chunked body was successfully read with no excess

Completed, but we read too many bytes. Call getOverage to return how many bytes to put back

The body was malformed

Somewhat similar to the Framework's "BackgroundWorker" class, the periodic worker performs a similar function on a periodic schedule. NOTE: the callback occurs on a background thread. The PeriodicWorker class is used by Fiddler to perform "cleanup" style tasks on a timer. Put work in the queue, and it will see that it's done at least as often as the schedule specified until Fiddler begins to close at which point all work stops. The underlying timer's interval is 1 second.

I think a significant part of the reason that this class exists is that I thought the System.Threading.Timer consumed one thread for each timer. In reality, per "CLR via C# 4e" all of the instances share one underlying thread and thus my concern was misplaced. Ah well.

Assigns a "job" to the Periodic worker, on the schedule specified by iMS.

The function to run on the timer specified. Warning: the function is NOT called on the UI thread, so use .Invoke() if needed. The # of milliseconds to wait between runs A taskItem which can be used to revokeWork later

Revokes a previously-assigned task from this worker.

The ScheduledTasks class allows addition of jobs by name. It ensures that ONE instance of the named job will occur at *some* point in the future, between 0 and a specified max delay. If you queue multiple instances of the same-named Task, it's only done once.

Under the lock, we enumerate the schedule to find work to do and remove that work from the schedule. After we release the lock, we then do the queued work.

A jobItem represents a Function+Time tuple. The function will run after the given time.

TickCount at which this job must run.

Method to invoke to complete the job

Abstract base class for the ClientPipe and ServerPipe classes. A Pipe represents a connection to either the client or the server, optionally encrypted using SSL/TLS.

The base socket wrapped in this pipe

The number of times that this Pipe has been used

The HTTPS stream wrapped around the base socket

The display name of this Pipe

Number of milliseconds to delay each 1024 bytes transmitted

Create a new pipe, an enhanced wrapper around a socket

Socket which this pipe wraps Identification string used for debugging purposes

Poll the underlying socket for readable data (or closure/errors)

TRUE if this Pipe requires attention

Call this method when about to reuse a socket. Currently, increments the socket's UseCount and resets its transmit delay to 0.

The session identifier of the new session, or zero

Sends a byte array through this pipe

The bytes

Sends the data specified in oBytes (between iOffset and iOffset+iCount-1 inclusive) down the pipe.

Receive bytes from the pipe into the DATA buffer.

Throws IO exceptions from the socket/stream Array of data read Bytes read

Return the raw socket this pipe wraps. Avoid calling this method if at all possible.

The Socket object this Pipe wraps.

Shutdown and close the socket inside this pipe. Eats exceptions.

Abruptly closes the socket by sending a RST packet

Return the Connected status of the base socket. WARNING: This doesn't work as you might expect; you can see Connected == false when a READ timed out but a WRITE will succeed.

Returns a bool indicating if the socket in this Pipe is CURRENTLY connected and wrapped in a SecureStream

Returns the SSL/TLS protocol securing this connection

Return the Remote Port to which this socket is attached.

Return the Local Port to which the base socket is attached. Note: May return a misleading port if the ISA Firewall Client is in use.

Returns the remote address to which this Pipe is connected, or 0.0.0.0 on error.

Gets or sets the transmission delay on this Pipe, used for performance simulation purposes.

A ClientPipe wraps a socket connection to a client application.

By default, we now test for loopbackness before lookup of PID https://github.com/telerik/fiddler/issues/83

Timeout to wait for the *first* data from the client

Timeout to wait for the ongoing reads from the client (as headers and body are read)

Timeout before which an idle connection is closed (e.g. for HTTP Keep-Alive)

Client process name (e.g. "iexplore")

Client process ProcessID

Data which was previously "over-read" from the client. Populated when HTTP-pipelining is attempted

Does this Pipe have data (or closure/errors) to read?

TRUE if this Pipe requires attention

If you previously read more bytes than you needed from this client socket, you can put some back.

Array of bytes to put back; now owned by this object

Sets the socket's timeout based on whether we're waiting for our first read or for an ongoing read-loop

Returns a semicolon-delimited string describing this ClientPipe

A semicolon-delimited string

Perform a HTTPS Server handshake to the client. Swallows exception and returns false on failure.

This function sends the client socket a CONNECT ESTABLISHED, and then performs a HTTPS authentication handshake, with Fiddler acting as the server.

Hostname Fiddler is pretending to be (NO PORT!) The set of headers to be returned to the client in response to the client's CONNECT tunneling request true if the handshake succeeds

ID of the process that opened this socket, assuming that Port Mapping is enabled, and the connection is from the local machine

Name of the Process referred to by LocalProcessID, or String.Empty if unknown

Timestamp of either 1> The underlying socket's creation from a .Accept() call, or 2> when this ClientPipe was created.

The PipePool maintains a collection of connected ServerPipes for reuse

Minimum idle time of pipes to be expired from the pool. Note, we don't check the pipe's ulLastPooled value when extracting a pipe, so its age could exceed the allowed lifetime by up to MSEC_POOL_CLEANUP_INTERVAL WARNING: Don't change the timeout >2 minutes casually. Server bugs apparently exist: https://bugzilla.mozilla.org/show_bug.cgi?id=491541

The Pool itself.

Time at which a "Clear before" operation was conducted. We store this so that we don't accidentally put any pipes that were in use back into the pool after a clear operation

Remove any pipes from Stacks if they exceed the age threshold Remove any Stacks from pool if they are empty

Clear all pooled Pipes, calling .End() on each.

Return a string representing the Pipes in the Pool

A string representing the pipes in the pool

Get a Server connection for reuse, or null if a suitable connection is not in the pool.

The key which identifies the connection to search for. The ProcessID of the client requesting the Pipe HACK to be removed; the SessionID# of the request for logging A Pipe to reuse, or NULL

Store a pipe for later use, if reuse is allowed by settings and state of the pipe.

The Pipe to place in the pool

This class holds a specialized memory stream with growth characteristics more suitable for reading from a HTTP Stream. The default MemoryStream's Capacity will always grow to 256 bytes, then at least ~2x current capacity up to 1gb (2gb on .NET 4.6), then to the exact length after that. That has three problems: The capacity may unnecessarily grow to >85kb, putting the object on the LargeObjectHeap even if we didn't really need 85kb. On 32bit, we may hit a Address Space exhaustion ("Out of memory" exception) prematurely and unnecessarily due to size-doubling After the capacity reaches 1gb in length, the capacity growth never exceeds the length, leading to huge reallocations and copies on every write (fixed in .NET 4.6) This class addresses those issues. http://textslashplain.com/2015/08/06/tuning-memorystream/

A client may submit a "hint" of the expected size. We use that if present.

Used by the caller to supply a hint on the expected total size of reads from the pipe. We cannot blindly trust this value because sometimes the client or server will lie and provide a huge value that it will never use. This is common for RPC-over-HTTPS tunnels like that used by Outlook, for instance. The Content-Length can also lie by underreporting the size.

Suggested total buffer size in bytes

The policy which describes how this pipe may be reused by a later request. Ordered by least restrictive to most.

The ServerPipe may be freely reused by any subsequent request

The ServerPipe may be reused only by a subsequent request from the same client process

The ServerPipe may be reused only by a subsequent request from the same client pipe

The ServerPipe may not be reused for a subsequent request

A ServerPipe wraps a socket connection to a server.

DateTime of the completion of the TCP/IP Connection

TickCount when this Pipe was last placed in a PipePool

Returns TRUE if this ServerPipe is connected to a Gateway

Returns TRUE if this ServerPipe is connected to a SOCKS gateway

The Pooling key used for reusing a previously pooled ServerPipe. See sPoolKey property.

This field, if set, tracks the process ID to which this Pipe is permanently bound; set by MarkAsAuthenticated. NOTE: This isn't actually checked by anyone; instead the PID is added to the POOL Key

Backing field for the isAuthenticated property

String containing representation of the server's certificate chain

Server's certificate

Wraps a socket in a Pipe

The Socket Pipe's human-readable name True if the Pipe is attached to a gateway The Pooling key used for socket reuse

Marks this Pipe as having been authenticated. Depending on the preference "fiddler.network.auth.reusemode" this may impact the reuse policy for this pipe

The client's process ID, if known.

Sets the receiveTimeout based on whether this is a freshly opened server socket or a reused one.

Returns a semicolon-delimited string describing this ServerPipe

A semicolon-delimited string

Returns the Server's certificate Subject CN (used by "x-UseCertCNFromServer")

The *FIRST* CN field from the Subject of the certificate used to secure this HTTPS connection, or null if the connection is unsecure

Return a string describing the HTTPS connection security, if this socket is secured

A string describing the HTTPS connection's security.

Returns a string describing how this connection is secured.

Get the Transport Context for the underlying HTTPS connection so that Channel-Binding Tokens work correctly

Get the user's default client cert for authentication; caching if if possible and permitted.

This method is called by the HTTPS Connection establishment to optionally attach a client certificate to the request. Test Page: https://tower.dartmouth.edu/doip/OracleDatabases.jspx or ClientCertificate.ms in Test folder should request on initial connection In contrast, this one: https://roaming.officeapps.live.com/rs/roamingsoapservice.svc appears to try twice (renego)

This function secures an existing connection and authenticates as client. This is primarily useful when the socket is connected to a Gateway/Proxy and we had to send a CONNECT and get a HTTP/200 Connected back before we actually secure the socket. http://msdn.microsoft.com/en-us/library/system.net.security.sslstream.aspx

The Session (a CONNECT) this tunnel wraps The CN to use in the certificate Path to client certificate file The HTTPS protocol version of the Client Pipe; can influence which SslProtocols we offer the server Reference-passed integer which returns the time spent securing the connection TRUE if the connection can be secued

Return a Certificate Collection containing certificate from the specified file.

Path to the certificate. Relative Paths will be absolutified automatically The Certificate collection, or null

Policy for reuse of this pipe

Returns TRUE if there is an underlying, mutually-authenticated HTTPS stream. WARNING: Results are a bit of a lie. System.NET IsMutuallyAuthenticated == true if a client certificate is AVAILABLE even if that certificate was never SENT to the server.

Returns TRUE if this PIPE is marked as having been authenticated using a Connection-Oriented Auth protocol: NTLM, Kerberos, or HTTPS Client Certificate.

Indicates if this pipe is connected to an upstream (non-SOCKS) Proxy.

Indicates if this pipe is connected to a SOCKS gateway

Gets and sets the pooling key for this server pipe.

direct->{http|https}/{serverhostname}:{serverport} gw:{gatewayaddr:port}->* gw:{gatewayaddr:port}->{http|https}/{serverhostname}:{serverport} socks:{gatewayaddr:port}->{http|https}/{serverhostname}:{serverport}

Returns the IPEndPoint to which this socket is connected, or null

EventArgs for preference-change events. See http://msdn.microsoft.com/en-us/library/ms229011.aspx.

The name of the preference being added, changed, or removed

The string value of the preference, or null if the preference is being removed

Returns TRUE if ValueString=="true", case-insensitively

The IFiddlerPreferences Interface is exposed by the FiddlerApplication.Prefs object, and enables callers to Add, Update, and Remove preferences, as well as observe changes to the preferences.

Store a boolean value for a preference

The named preference The boolean value to store

Store an Int32 value for a preference

The named preference The int32 value to store

Store a string value for a preference

The named preference The string value to store

Get a preference's value as a boolean

The Preference Name The default value for missing or invalid preferences A Boolean

Gets a preference's value as a string

The Preference Name The default value for missing preferences A string

Gets a preference's value as a 32-bit integer

The Preference Name The default value for missing or invalid preferences An integer

Removes a named preference from storage

The name of the preference to remove

Add a Watcher that will be notified when a value has changed within the specified prefix.

The prefix of preferences for which changes are interesting The Event handler to notify Returns the Watcher object added to the notification list

Removes a previously-created preference Watcher from the notification queue

The Watcher to remove

Indexer. Returns the value of the preference as a string

The Preference Name The Preference value as a string, or null

The PreferenceBag is used to maintain a threadsafe Key/Value list of preferences, persisted in the registry, and with appropriate eventing when a value changes.

Load the existing preferences from the Registry into the Preferences bag. Note: Does not fire any events.

Serialize the existing preferences to the Registry (unless in Viewer mode).

Get a string array of the preference names

string[] of preference names

Gets a preference's value as a string

The Preference Name The default value if the preference is missing A string

Return a bool preference.

The Preference name The default value to return if the specified preference does not exist The boolean value of the Preference, or the default value

Return an Int32 Preference.

The Preference name The default value to return if the specified preference does not exist The Int32 value of the Preference, or the default value

Update or create a string preference.

The name of the Preference The value to assign to the Preference

Update or create a Int32 Preference

The name of the Preference The value to assign to the Preference

Update or create a Boolean preference.

The name of the Preference The value to assign to the Preference

Delete a Preference from the collection.

The name of the Preference to be removed.

Remove all Watchers

Remove all watchers and write the registry.

Return a description of the contents of the preference bag

Multi-line string

Return a string-based serialization of the Preferences settings.

TRUE for a multi-line format with all preferences String

Returns a CRLF-delimited string containing all Preferences whose Name case-insensitively contains the specified filter string.

Partial string to match A string

Add a watcher for changes to the specified preference or preference branch.

Preference branch to monitor, or String.Empty to watch all The EventHandler accepting PrefChangeEventArgs to notify Returns the PrefWatcher object which has been added, store to pass to RemoveWatcher later.

Remove a previously attached Watcher

The previously-specified Watcher

This function executes on a single background thread and notifies any registered Watchers of changes in preferences they care about.

A string containing the name of the Branch that changed

Spawn a background thread to notify any interested Watchers of changes to the Target preference branch.

The arguments to pass to the interested Watchers

Returns a string naming the current profile

Indexer into the Preference collection.

The name of the Preference to update/create or return. The string value of the preference, or null.

A simple struct which contains a Branch identifier and EventHandler

This class allows fast-lookup of a ProcessName from a ProcessID.

Static constructor which registers for cleanup

Prune the cache of expiring PIDs

Map a Process ID (PID) to a Process Name

The PID A Process Name (e.g. IEXPLORE.EXE) or String.Empty

Structure mapping a Process ID (PID) to a ProcessName

The TickCount when this entry was created

The ProcessName (e.g. IEXPLORE.EXE)

Create a PID->ProcessName mapping

The ProcessName (e.g. IEXPLORE.EXE)

The core proxy object which accepts connections from clients and creates session objects from those connections

The RegistryWatcher is used to monitor changes in the WinINET Proxy registry keys to detect premature detaches.

Hostname if this Proxy Endpoint is terminating HTTPS connections

Certificate if this Proxy Endpoint is terminating HTTPS connections

Per-connectoid information about each WinINET connectoid

The default WinINET proxy as determined upon Fiddler startup.

The WinHTTP AutoProxy object, created if we're using WPAD or a PAC Script as a gateway

Allow binding to a specific egress adapter: "fiddler.network.egress.ip"

Watcher for Notification of Preference changes

Server connections may be pooled for performance reasons.

The Socket Endpoint on which this proxy receives requests

Flag indicating that Fiddler is in the process of detaching...

List of hosts which should bypass the upstream gateway

Returns a string of information about this instance and the ServerPipe reuse pool

A multiline string

Change the outbound IP address used to send traffic

Watch for relevent changes on the Preferences object

Called whenever Windows reports that the system's NetworkAddress has changed

Called by Windows whenever network availability goes up or down.

Directly inject a session into the Fiddler pipeline, returning a reference to it. NOTE: This method will THROW any exceptions to its caller.

String representing the HTTP request. If headers only, be sure to end with CRLFCRLF StringDictionary of Session Flags (or null) The new session

[DEPRECATED] Directly inject a session into the Fiddler pipeline. NOTE: This method will THROW any exceptions to its caller.

HTTP Request Headers HTTP Request body (or null) StringDictionary of Session Flags (or null)

[DEPRECATED] Directly inject a session into the Fiddler pipeline. NOTE: This method will THROW any exceptions to its caller.

String representing the HTTP request. If headers only, be sure to end with CRLFCRLF StringDictionary of Session Flags (or null)

[DEPRECATED]: This version does no validation of the request data, and doesn't set SessionFlags.RequestGeneratedByFiddler Send a custom HTTP request to Fiddler's listening endpoint (127.0.0.1:8888 by default). NOTE: This method will THROW any exceptions to its caller and blocks the current thread.

String representing the HTTP request. If headers only, be sure to end with CRLFCRLF

This function, when given a scheme host[:port], returns the gateway information of the proxy to forward requests to.

URIScheme: use http, https, or ftp Host for which to return gateway information IPEndPoint of gateway to use, or NULL

Accept the connection and pass it off to a handler thread

True if the proxy registration was successful

If we get a notice that the proxy registry key has changed, wait 50ms and then check to see if the key is pointed at us. If not, raise the alarm.

If we are supposed to be "attached", we re-verify the registry keys, and if they are corrupt, notify our host of the discrepency.

This method sets up the connectoid list and updates gateway information. Called by the Attach() method, or called on startup if Fiddler isn't configured to attach automatically.

Given an address list, walks the list until it's able to successfully make a connection. Used for finding an available Gateway when we have a list to choose from

A string, e.g. PROXY1:80 The IP:Port of the first alive endpoint for the specified host/port

Set internal fields pointing at upstream proxies.

Sets a registry key which indicates that Fiddler is in "Connected" mode. Used by the FiddlerHook Add-on

TRUE if fiddler is Connected

Detach the proxy by setting the registry keys and sending a Windows Message

True if the proxy settings were successfully detached

Detach the proxy by setting the registry keys and sending a Windows Message

True if the proxy settings were successfully detached

Stop the proxy by closing the socket.

Start the proxy by binding to the local port and accepting connections

Port to listen on TRUE to allow remote connections

Dispose Fiddler's listening socket

Clear the pool of Server Pipes. May be called by extensions.

Assign HTTPS Certificate for this endpoint

Certificate to return to clients who connect

Sets the upstream gateway to match the specified ProxyInfo

Generate or find a certificate for this endpoint

Subject FQDN TRUE if the certificate could be found/generated, false otherwise

Return a simple string indicating what upstream proxy/gateway is in use.

Show a message box indicating what upstream gateway/proxy is in use

The port on which this instance is listening

Returns true if Fiddler believes it is currently registered as the Local System proxy

This event handler fires when Fiddler detects that it is (unexpectedly) no longer the system's registered proxy

This class maintains the Proxy Bypass List for the upstream gateway. In the constructor, pass the desired proxy bypass string, as retrieved from WinINET for the Fiddler Options screen. Then, call the IsBypass(sTarget) method to determine if the Gateway should be bypassed

List of regular expressions for matching against request Scheme://HostPort. NB: This list is either null or contains at least one item.

Boolean flag indicating whether the bypass list contained a <local> token.

Pass the desired proxy bypass string retrieved from WinINET.

Given the rules for this bypasslist, should this target bypass the proxy?

The URI Scheme The Host and PORT True if this request should not be sent to the gateway proxy

Convert the string representing the bypass list into an array of rules escaped and ready to be turned into regular expressions

Does the bypassList contain any rules at all?

The DisplayName for this Connection

Is this Connectoid expected to be pointed at Fiddler?

The proxy settings collected from this connection before Fiddler was attached.

The WinINET Connectoids class contains the RAS/WinINET "connectoids" seen inside IE's Tools > Internet Options > Connections. This class exposes methods to retrieve and update the proxy information for each connectoid in the list.

TODO: The methods of the class are not thread-safe and probably should be. TODO: Need to refactor visibility here. Right now, _oConnectoids is (internal) instead of (private) because the Options dialog iterates the list. And about:connectoids wants access too. Eventually ought to wrap as a ReadOnlyCollection getter

Dictionary of all Connectoids, indexed by the Connectoid's Name

Expensive Call. Enumerates all Connectoids using the RAS APIs, then determines the proxy information for each connectoid.

Return the configured default connectoid's proxy information.

Either proxy information from "DefaultLAN" or the user-specified connectoid

Called when direct Registry groveling determines that the Default LAN connection's proxy was changed but InternetQueryOption hasn't yet noticed.

Enumerates all of the connectoids and determines if the bIsHooked field is incorrect. If so, correct the value and return TRUE to indicate that work was done.

The Proxy:Port string to look for (e.g. Config.FiddlerListenHostPort) TRUE if any of the connectoids' Hook state was inaccurate.

Updates all (or CONFIG.sHookConnectionNamed-specified) connectoids to point at the argument-provided proxy information.

The proxy info to set into the Connectoid TRUE if updating at least one connectoid was successful

Restore original proxy settings for any connectoid we changed.

FALSE if any connectoids failed to unhook

Watch a registry key for changes to its values.

The Registry Hive in which the key lives The key, e.g. \Software\Microsoft\Fiddler2\ The Event Handler to invoke when a change occurs. A new RegistryWatcher object.

Start monitoring.

Stops the monitoring thread.

Fires when the specified registry key has changed.

The ServerChatter object is responsible for transmitting the Request to the destination server and retrieving its Response.

This class maintains its own PipeReadBuffer that it fills from the created or reused ServerPipe. After it determines that a complete response is present, it allows the caller to grab that array using the TakeEntity method. If unsatisfied with the result (e.g. a network error), the caller can call Initialize() and SendRequest() again.

Size of buffer passed to pipe.Receive when reading from the server

PERF: Currently, I use [32768]; but I'd assume bigger buffers are faster. Does ReceiveBufferSize/SO_RCVBUF figure in here? Anecdotal data suggests that current reads rarely fill the full 32k buffer.

Interval, in milliseconds, after which Fiddler will check to see whether a response should continue to be read. Otherwise, a never-ending network stream can accumulate ever larger amounts of data that will never be seen by the garbage collector.

The pipeServer represents Fiddler's connection to the server.

The session to which this ServerChatter belongs

The inbound headers on this response

Indicates whether this request was sent to a (non-SOCKS) Gateway, which influences whether the protocol and host are mentioned in the Request line When True, the session should have SessionFlags.SentToGateway set.

Buffer holds this response's data as it is read from the pipe.

Pointer to first byte of Entity body (or to the start of the next set of headers in the case where there's a HTTP/1xx intermediate header) Note: This gets reset to 0 if we're streaming and dropping the response body.

Optimization: tracks how far we've looked into the Request when determining iEntityBodyOffset

True if final (non-1xx) HTTP Response headers have been returned to the client.

Indicates how much of _responseData buffer has already been streamed to the client

Position in responseData of the start of the latest parsed chunk size information

Locals used by the Connect-to-Host state machine

Create a ServerChatter object and initialize its headers from the specified string

Reset the response-reading fields on the object. Also used on a retry.

If TRUE, allocates a buffer (m_responseData) to read from a pipe. If FALSE, nulls m_responseData.

Peek at the current response body and return it as an array

The response body as an array, or byte[0]

Get the response body byte array from the PipeReadBuffer, then dispose of it. WARNING: This eats all of the bytes in the Pipe, even if that includes bytes of a future, as-yet-unrequested response. Fiddler does not pipeline requests, so that works okay for now. For now, the caller should validate that the returned entity is of the expected size (e.g. based on Content-Length)

Scans responseData stream for the \r\n\r\n (or variants) sequence which indicates that the header block is complete. SIDE EFFECTS: iBodySeekProgress is updated and maintained across calls to this function iEntityBodyOffset is updated if the end of headers is found

True, if responseData contains a full set of headers

Parse the HTTP Response into Headers and Body.

Attempt to pull the final (non-1xx) Headers from the stream. If HTTP/100 messages are found, the method will recurse into itself to find the next set of headers.

Deletes a single HTTP/1xx header block from the Response stream and adjusts all header-reading state to start over from the top of the stream. Note: If 'fiddler.network.leakhttp1xx' is TRUE, then the 1xx message will have been leaked before calling this method.

Adjusts PipeServer's ReusePolicy if response headers require closure. Then calls _detachServerPipe()

Queues or End()s the ServerPipe, depending on its ReusePolicy

Determines whether a given PIPE is suitable for a given Session, based on that Session's SID

The Client Process ID, if any The base (no PID) PoolKey expected by the session The pipe's pool key TRUE if the connection should be used, FALSE otherwise

If a Connection cannot be established, we need to report the failure to our caller

Given an address list and port, attempts to create a socket to the first responding host in the list (retrying via DNS Failover if needed).

IPEndpoints to attempt to reach Session object to annotate with timings and errors Connected Socket. Throws Exceptions on errors.

If the Session was configured to stream the request body, we need to read from the client and send it to the server here.

FALSE on transfer error, TRUE otherwise.

Sends (or resends) the Request to the server or upstream proxy. If the request is a CONNECT and there's no gateway, this method ~only~ establishes the connection to the target, but does NOT send a request. Note: THROWS on failures

May request be resent on a different connection because the .Send() of the request did not complete?

TRUE if the request may be resent

Performs a SOCKSv4A handshake on the socket

Build the SOCKS4 outbound connection handshake as a byte array. http://en.wikipedia.org/wiki/SOCKS#SOCKS4a

Replaces body with an error message

Error to send if client was remote Error to send if cilent was local

The Session object will call this method if it wishes to stream a file from disk instead of loading it into memory. This method sets default headers.

Loads a HTTP response from a file

The name of the file from which a response should be loaded False if the file wasn't found. Throws on other errors.

Reads the response from the ServerPipe.

TRUE if a response was read

When the headers first arrive, update bBufferResponse based on their contents.

Detects whether this is an direct FTP request and if so executes it and returns true.

FALSE if the request wasn't FTP or wasn't direct.

Remove from memory the response data that we have already returned to the client.

Remove from memory the response data that we have already returned to the client, up to the last chunk size indicator, which we need to keep around for chunk-integrity purposes.

Leak the current bytes of the response to client. We wait for the full header set before starting to stream for a variety of impossible-to-change reasons.

Returns TRUE if response bytes were leaked, false otherwise (e.g. write error). THROWS if "fiddler.network.streaming.abortifclientaborts" is TRUE

Mark this connection as non-reusable

Peek at number of bytes downloaded thus far.

Get the MIME type (sans Character set or other attributes) from the HTTP Content-Type response header, or String.Empty if missing.

DEPRECATED: You should use the Timers object on the Session object instead. The number of milliseconds between the start of sending the request to the server to the first byte of the server's response

DEPRECATED: You should use the Timers object on the Session object instead. The number of milliseconds between the start of sending the request to the server to the last byte of the server's response.

Was this request forwarded to a gateway?

Was this request serviced from a reused server connection?

The HTTP headers of the server's response

Simple indexer into the Response Headers object

The ExecutionState object holds information that is used by the Connect-to-Host state machine

The Session object manages the complete HTTP session including the UI listitem, the ServerChatter, and the ClientChatter.

Should we try to use the SPNToken type? Cached for performance reasons. ISSUE: It's technically possible to use FiddlerCorev2/v3 on .NET/4.5 but we won't set this field if you do that.

Sorta hacky, we may use a .NET WebRequest object to generate a valid NTLM/Kerberos response if the server demands authentication and the Session is configured to automatically respond.

Used if the Session is bound to a WebSocket or CONNECTTunnel

File to stream if responseBodyBytes is null

DO NOT USE. TEMPORARY WHILE REFACTORING VISIBILITY OF MEMBERS

Sets or unsets the specified SessionFlag(s)

SessionFlags Desired set value

Test the session's BitFlags

One or more (OR'd) SessionFlags TRUE if ALL specified flag(s) are set

Test the session's BitFlags

One or more (OR'd) SessionFlags TRUE if ANY of specified flag(s) are set

When a client socket is reused, this field holds the next Session until its execution begins

Should response be buffered for tampering.

ARCH: This should have been a property instead of a field, so we could throw an InvalidStateException if code tries to manipulate this value after the response has begun

Timers stored as this Session progresses

Field is set to False if socket is poisoned due to HTTP errors.

Object representing the HTTP Response.

Object representing the HTTP Request.

Fiddler-internal flags set on the Session.

TODO: ARCH: This shouldn't be exposed directly; it should be wrapped by a ReaderWriterLockSlim to prevent exceptions while enumerating the flags for storage, etc

Contains the bytes of the request body.

Contains the bytes of the response body.

IP Address of the client for this session.

Client port attached to Fiddler.

IP Address of the server for this session.

Event object used for pausing and resuming the thread servicing this session

Returns TRUE if the Session's HTTP Method is available and matches the target method.

The target HTTP Method being compared. true, if the method is specified and matches sTestFor (case-insensitive); otherwise false.

Returns TRUE if the Session's target hostname (no port) matches sTestHost (case-insensitively).

The host to which this session's host should be compared. True if this session is targeted to the specified host.

Replaces any characters in a filename that are unsafe with safe equivalents, and trim to 160 characters.

Examines the MIME type, and if ambiguous, returns sniffs the body.

Notify extensions if this Session naturally led to another (e.g. due to redirect chasing or Automatic Authentication)

The original session The new session created

Returns HTML representing the Session. Call Utilities.StringToCF_HTML on the result of this function before placing it on the clipboard.

TRUE if only the headers should be copied. A HTML-formatted fragment representing the current session.

Store this session's request and response to a string.

If true, return only the request and response headers String representing this session

Store this session's request and response to a string.

A string containing the content of the request and response.

This method resumes the Session's thread in response to "Continue" commands from the UI

Set the SessionFlags.Ignore bit for this Session, also configuring it to stream, drop read data, and bypass event handlers. For a CONNECT Tunnel, traffic will be blindly shuffled back and forth. Session will be hidden.

Called by an AcceptConnection-spawned background thread, create a new session object from a client socket and execute the session

Parameter object defining client socket and endpoint's HTTPS certificate, if present

Call this method to AuthenticateAsServer on the client pipe (e.g. Fiddler itself is acting as a HTTPS server). If configured, the pipe will first sniff the request's TLS ClientHello ServerNameIndicator extension.

The default certificate to use TRUE if a HTTPS handshake was achieved; FALSE for any exceptions or other errors.

Call this function while in the "reading response" state to update the responseBodyBytes array with the partially read response.

TRUE if the peek succeeded; FALSE if not in the ReadingResponse state

Prevents the server pipe from this session from being pooled for reuse

Ensures that, after the response is complete, the client socket is closed and not reused. Does NOT (and must not) close the pipe.

Immediately close client and server sockets. Call in the event of errors-- doesn't queue server pipes for future reuse.

Closes both client and server pipes and moves state to Aborted; unpauses thread if paused.

Save HTTP response body to Fiddler Captures folder. You likely want to call utilDecodeResponse first.

True if the response body was successfully saved

Save HTTP response body to specified location. You likely want to call utilDecodeResponse first.

The name of the file to which the response body should be saved. True if the file was successfully written.

Save the request body to a file. You likely want to call utilDecodeRequest first.

The name of the file to which the request body should be saved. True if the file was successfully written.

Save the request and response to a single file.

The filename to which the session should be saved. TRUE if only the headers should be written.

Save the request to a file. The headers' Request Line will not contain the scheme or host, which is probably not what you want.

The name of the file to which the request should be saved. TRUE to save only the headers

Save the request to a file. Throws if file cannot be written.

The name of the file to which the request should be saved. TRUE to save only the headers. TRUE to include the Scheme and Host in the Request Line.

Read metadata about this session from a stream. NB: Closes the Stream when done.

The stream of XML text from which session metadata will be loaded. True if the Metadata was successfully loaded; False if any exceptions were trapped.

Writes this session's metadata to a file.

The name of the file to which the metadata should be saved in XML format. True if the file was successfully written.

Saves the response (headers and body) to a file

The File to write TRUE if only heaers should be written

Write the metadata about this Session to a stream. The Stream is left open!

The Stream to write to

Write the session's Request to the specified stream

TRUE if only the headers should be be written TRUE if the Scheme and Host should be written in the Request Line The Stream to which the request should be written True if the request was written to the stream. False if the request headers do not exist. Throws on other stream errors.

Write the session's Request to the specified stream

TRUE if only the headers should be be written TRUE if the Scheme and Host should be written in the Request Line TRUE if binary bodies should be encoded in base64 for text-safe transport (e.g. used by Composer drag/drop) The Stream to which the request should be written True if the request was written to the stream. False if the request headers do not exist. Throws on other stream errors.

Write the session's Response to the specified stream

The stream to which the response should be written TRUE if only the headers should be written TRUE if the response was written to the stream. False if the response headers do not exist. Throws on other stream errors.

Write the session to the specified stream

The stream to which the session should be written TRUE if only the request and response headers should be written False on any exceptions; True otherwise

Replace HTTP request body using the specified file.

The file containing the request True if the file was successfully loaded as the request body

Replace HTTP response headers and body using the specified stream.

The stream containing the response. True if the Stream was successfully loaded.

Replace HTTP response headers and body using the specified file.

The file containing the response. True if the file was successfully loaded.

Return a string generated from the request body, decoding it and converting from a codepage if needed. Throws on errors.

A string containing the request body.

Return a string generated from the response body, decoding it and converting from a codepage if needed. Throws on errors.

A string containing the response body.

Find the text encoding of the request WARNING: Will not decompress body to scan for indications of the character set

Returns the Encoding of the requestBodyBytes

Find the text encoding of the response WARNING: Will not decompress body to scan for indications of the character set

The Encoding of the responseBodyBytes

Returns true if the absolute request URI contains the specified string. Case-insensitive.

Case-insensitive string to find TRUE if the URI contains the string

Removes chunking and HTTP Compression from the Response. Adds or updates Content-Length header.

Returns TRUE if the response was decoded; returns FALSE on failure, or if response didn't have headers that showed encoding.

Removes chunking and HTTP Compression from the Response. Adds or updates Content-Length header.

TRUE if error messages should be suppressed. False otherwise. TRUE if the decoding was successsful.

Removes chunking and HTTP Compression from the Request. Adds or updates Content-Length header.

Returns TRUE if the request was decoded; returns FALSE on failure, or if request didn't have headers that showed encoding.

Use GZIP to compress the request body. Throws exceptions to caller.

TRUE if compression succeeded

Use GZIP to compress the response body. Throws exceptions to caller.

TRUE if compression succeeded

Use DEFLATE to compress the response body. Throws exceptions to caller.

TRUE if compression succeeded

Use BZIP2 to compress the response body. Throws exceptions to caller.

TRUE if compression succeeded

Introduces HTTP Chunked encoding on the response body

The number of chunks to try to create TRUE if the chunking could be performed.

Perform a string replacement on the request body. Adjusts the Content-Length header if needed.

The case-sensitive string to search for. The text to replace. TRUE if one or more replacements occurred.

Call inside OnBeforeRequest to create a response object and bypass the server.

Perform a regex-based string replacement on the response body. Adjusts the Content-Length header if needed.

The regular expression used to search the body. Specify RegEx Options via leading Inline Flags, e.g. (?im) for case-Insensitive Multi-line. The text or expression used to replace TRUE if replacements occured

Perform a string replacement on the response body (potentially multiple times). Adjust the Content-Length header if needed.

String to find (case-sensitive) String to use to replace TRUE if replacements occurred

Perform a one-time string replacement on the response body. Adjust the Content-Length header if needed.

String to find (case-sensitive) String to use to replace TRUE for Case-Sensitive TRUE if a replacement occurred

Replaces the request body with sString. Sets Content-Length header and removes Transfer-Encoding/Content-Encoding.

The desired request Body as a string

Replaces the response body with sString. Sets Content-Length header and removes Transfer-Encoding/Content-Encoding

The desired response Body as a string

Add a string to the top of the response body, updating Content-Length. (Call utilDecodeResponse first!)

The string to prepend

Find a string in the request body. Return its index, or -1.

Term to search for Require case-sensitive match? Location of sSearchFor,or -1

Find a string in the response body. Return its index, or -1.

Term to search for Require case-sensitive match? Location of sSearchFor,or -1

Reset the SessionID counter to 0. This method can lead to confusing UI, so use sparingly.

Create a Session object from two byte[] representing request and response.

The client data bytes The server data bytes

Create a Session object from a (serializable) SessionData object

Create a Session object from two byte[] representing request and response. This is used when loading a Session Archive Zip.

The client data bytes The server data bytes SessionFlags for this session

Creates a new session and attaches it to the pipes passed as arguments

The client pipe from which the request is read and to which the response is written. The server pipe to which the request is sent and from which the response is read. May be null.

Initialize a new session from a given request headers and body request builder data. Note: No Session ID is assigned here.

NB: If you're copying an existing request, use oRequestHeaders.Clone() The bytes of the request's body

Copy Constructor.

Session to clone into a new Session instance

Factory constructor

Called when the Session is ready to begin processing. Eats exceptions to prevent unhandled exceptions on background threads from killing the application.

Unused parameter (required by ThreadPool)

Current step in the SessionProcessing State Machine

InnerExecute() implements Fiddler's HTTP Pipeline

Initiate bi-directional streaming on the RPC connection

Ensure that the Session's state is >= ss, updating state if necessary

TargetState

May this Session be resent on a different connection because reading of the response did not succeed?

TRUE if the entire session may be resent on a new connection

If the response demands credentials and the Session is configured to have Fiddler provide those credentials, try to do so now.

TRUE if Fiddler has generated a response to an Auth challenge; FALSE otherwise.

This method will perform obtain authentication credentials from System.NET using a reflection trick to grab the internal value. It's needed to cope with Channel-Binding-Tokens (CBT). This MUST live within its own non-inlined method such that when it's run on an outdated version of the .NET Framework, the outdated version of the target object triggers a TypeLoadException in such a way that the caller can catch it and warn the user without killing Fiddler.exe.

TRUE if we didn't hit any exceptions

Copies process-owner information from a source session to a destination session. Used during handling of AutoRedirects and auto-Authentications

Returns a Kerberos-usable SPN for the target http://dev.chromium.org/developers/design-documents/http-authentication "HttpAuthHandlerNegotiate::CreateSPN" http://blog.michelbarneveld.nl/michel/archive/2009/11/14/the-reason-why-kb911149-and-kb908209-are-not-the-soluton.aspx

Returns the fully-qualified URL to which this Session's response points, or null. This method is needed because many servers (illegally) return a relative url in HTTP/3xx Location response headers.

null, or Target URL. Note, you may want to call Utilities.TrimAfter(sTarget, '#'); on the response

Gets a redirect-target from a base URI and a Location header

null, or Target URL. Note, you may want to call Utilities.TrimAfter(sTarget, '#');

Fiddler can only auto-follow redirects to HTTP/HTTPS/FTP.

The BASE URL to which a relative redirection should be applied Response "Location" header TRUE if the auto-redirect target is allowed

Handles a Response's Redirect if the Session is configured to do so.

TRUE if a redirect was handled, FALSE otherwise

Check for common mistakes in HTTP Responses and notify the user if they are found. Called only if Linting is enabled.

Assign a Session ID. Called by ClientChatter when headers are available

Called only by InnerExecute, this method reads a request from the client and performs tampering/manipulation on it.

TRUE if there's a Request object and we should continue processing. FALSE if reading the request failed *OR* if script or an extension changed the session's State to DONE or ABORTED.

If the executeObtainRequest called failed, we perform cleanup

Returns TRUE if response is a NTLM or NEGO challenge

True for HTTP/401,407 with NEGO or NTLM demand

Returns TRUE if response is a Digest, NTLM, or Nego challenge

True for HTTP/401,407 with Digest, NEGO, NTLM demand

Replace the "ipv*.fiddler "fake" hostnames with the IP-literal equvalents.

Determines if request host is pointing directly at Fiddler.

Echo the client's request back as a HTTP Response, encoding to prevent XSS.

Send a Proxy Configuration script back to the client.

Send a Proxy Configuration script back to WinHTTP, so that Fiddler can use an upstream proxy specified by a script on a fileshare. (WinHTTP only allows HTTP/HTTPS-hosted script files)

Send the Fiddler Root certificate back to the client

This method indicates to the client that a secure tunnel was created, without actually talking to an upstream server. If Fiddler's AutoResponder is enabled, and that autoresponder denies passthrough, then Fiddler itself will always indicate "200 Connection Established" and wait for another request from the client. That subsequent request can then potentially be handled by the AutoResponder engine. BUG BUG: This occurs even if Fiddler isn't configured for HTTPS Decryption

The hostname to use in the Certificate returned to the client

This method adds a Proxy-Support: Session-Based-Authentication header and indicates whether the response is Nego:Type2.

Returns TRUE if server returned a credible Type2 NTLM Message

This helper evaluates the conditions for client socket reuse.

Sends the Response that Fiddler received from the server back to the client socket.

Should the client and server pipes be tightly-bound together? True, if the response was successfully sent to the client

Sets up the next Session on these pipes, binding this Session's pipes to that new Session, as appropriate. When this method is called, the nextSession variable is populated with the new Session, and that object is executed at the appropriate time.

TRUE if both the client and server pipes should be bound regardless of the serverPipe's ReusePolicy

Bitflags of commonly-queried session attributes

Returns True if this is a HTTP CONNECT tunnel.

A common use for the Tag property is to store data that is closely associated with the Session. It is NOT marshalled during drag/drop and is NOT serialized to a SAZ file.

This event fires at any time the session's State changes. Use with caution due to the potential for performance impact.

This event fires if this Session automatically yields a new one, for instance, if Fiddler is configured to automatically follow redirects or perform multi-leg authentication (X-AutoAuth).

If this session is a Tunnel, and the tunnel's IsOpen property is TRUE, returns TRUE. Otherwise returns FALSE.

If this session is a Tunnel, returns number of bytes sent from the Server to the Client

If this session is a Tunnel, returns number of bytes sent from the Client to the Server

Gets or Sets the HTTP Request body bytes. Setter adjusts Content-Length header, and removes Transfer-Encoding and Content-Encoding headers. Setter DOES NOT CLONE the passed array. Setter will throw if the Request object does not exist for some reason. Use utilSetRequestBody(sStr) to ensure proper character encoding if you need to use a string.

Gets or Sets the HTTP Response body bytes. Setter adjusts Content-Length header, and removes Transfer-Encoding and Content-Encoding headers. Setter DOES NOT CLONE the passed array. Setter will throw if the Response object has not yet been created. (See utilCreateResponseAndBypassServer) Use utilSetResponseBody(sStr) to ensure proper character encoding if you need to use a string.

When true, this session was conducted using the HTTPS protocol.

When true, this session was conducted using the FTP protocol.

Get the process ID of the application which made this request, or 0 if it cannot be determined.

Get the Process Info of the application which made this request, or String.Empty if it is not known

Gets a path-less filename suitable for saving the Response entity. Uses Content-Disposition if available.

Set to true in OnBeforeRequest if this request should bypass the gateway

Returns the port used by the client to communicate to Fiddler.

State of session. Note Side-Effects: If setting to .Aborted, calls FinishUISession. If setting to/from a Tamper state, calls RefreshMyInspectors

Returns the path and query part of the URL. (For a CONNECT request, returns the host:port to be connected.)

Retrieves the complete URI, including protocol/scheme, in the form http://www.host.com/filepath?query. Or sets the complete URI, adjusting the UriScheme and/or Host.

Gets or sets the URL (without protocol) being requested from the server, in the form www.host.com/filepath?query.

DNS Name of the host server targeted by this request. May include IPv6 literal brackets. NB: a port# may be included.

DNS Name of the host server (no port) targeted by this request. Will include IPv6-literal brackets for IPv6-literal addresses

Returns the server port to which this request is targeted.

Returns the sequential number of this session. Note, by default numbering is restarted at zero when the session list is cleared.

Returns the Address used by the client to communicate to Fiddler.

Gets or Sets the HTTP Status code of the server's response

Checks whether this is a WebSocket, and if so, whether it has logged any parsed messages.

Returns TRUE if this session's State > ReadingResponse, and oResponse, oResponse.headers, and responseBodyBytes are all non-null. Note that bHasResponse returns FALSE if the session is currently reading, even if a body was copied using the COMETPeek feature

Indexer property into SESSION flags, REQUEST headers, and RESPONSE headers. e.g. oSession["Request", "Host"] returns string value for the Request host header. If null, returns String.Empty

SESSION, REQUEST or RESPONSE The name of the flag or header String value or String.Empty

Simple indexer into the Session's oFlags object; returns null if flag is not present.

Returns the string value if the specified flag is present, or null if it is not.

This object holds Session information as a set of four easily-marshalled byte arrays. It is serializable, which enables cross-process transfer of this data (as in a drag/drop operation). (Internally, data is serialized as if it were being stored in a SAZ file)

Create a SessionData object. Note: Method must run as cheaply as possible, since it runs on all Drag/Dropped sessions within Fiddler itself.

Parameters passed into the AcceptConnection method.

The Socket which represents the newly-accepted Connection

The Certificate to pass to SecureClientPipeDirect immediately after accepting the connection. Normally null, this will be set if the proxy endpoint is configured as a "Secure" endpoint by AssignEndpointCertificate / ActAsHTTPSEndpointForHostname.

The DateTime of Creation of this connection

Unknown

The new Session is needed to respond to an Authentication Challenge

The new Session is needed to follow a Redirection

The new Session is needed to generate a CONNECT tunnel

Event arguments constructed for the OnStateChanged event raised when a Session's state property changed

The prior state of this session

The new state of this session

Constructor for the change in state

The old state The new state

States for the (future) Session-processing State Machine. Fun Idea: We can omit irrelevant states from FiddlerCore and thus not have to litter our state machine itself with a bunch of #if FIDDLERCORE checks... ... except no, that doesn't work because compiler still cares. Rats.

State of the current session

Object created but nothing's happening yet

Thread is reading the HTTP Request

AutoTamperRequest pass 1 (IAutoTamper, OnBeforeRequest script method)

User can tamper using Fiddler Inspectors

AutoTamperRequest pass 2 (Only used by IAutoTamper)

Thread is sending the Request to the server

Thread is reading the HTTP Response

AutoTamperResponse pass 1 (Only used by IAutoTamper)

User can tamper using Fiddler Inspectors

AutoTamperResponse pass 2 (Only used by IAutoTamper)

Sending response to client application

Session complete

Session was aborted (client didn't want response, fatal error, etc)

This enumeration provides the values for the Session object's BitFlags field

No flags are set

The request originally arrived with a URL specifying the HTTPS protocol.

The request originally arrived with a URL specifying the FTP protocol.

Ignore this traffic; do not buffer, store, or call event handlers

The client pipe was reused

The server pipe was reused

The request was transmitted to the server when its headers were complete

The response was streamed

The request was generated by Fiddler itself (e.g. the Composer tab)

The response was generated by Fiddler itself (e.g. AutoResponder or utilCreateResponseAndBypassServer)

This session was loaded from a .SAZ File

This session was loaded from some other tool

This request was sent to an upstream (CERN) gateway proxy

This is a "blind" CONNECT tunnel for HTTPS traffic

This is a CONNECT tunnel which decrypts HTTPS traffic as it flows through

This response was served from a client cache, bypassing Fiddler. Fiddler only "sees" this session because other software reported it to Fiddler

There was a HTTP Protocol violation in the client's request

There was a HTTP Protocol violation in the server's response

Response body was dropped, e.g due to fiddler.network.streaming.ForgetStreamedData or log-drop-response-body flag

This is a CONNECT tunnel for WebSocket traffic

This request was sent using the SOCKS protocol

Request body was dropped, e.g due to log-drop-request-body flag

The request was to create a RPC tunnel (e.g. on an RPC_OUT_DATA request)

A SessionTimers object holds timing information about a single Session.

The time at which the client's HTTP connection to Fiddler was established

The time at which the request's first Send() to Fiddler completes

The time at which the request headers were received

The time at which the request to Fiddler completes (aka RequestLastWrite)

The time at which the server connection has been established

The time at which Fiddler begins sending the HTTP request to the server (FiddlerRequestFirstSend)

The time at which Fiddler has completed sending the HTTP request to the server (FiddlerRequestLastSend). BUG: Should be named "FiddlerEndRequest". NOTE: Value here is often misleading due to buffering inside WinSock's send() call.

The time at which Fiddler receives the first byte of the server's response (ServerResponseFirstRead)

The time at which Fiddler received the server's headers

The time at which Fiddler has completed receipt of the server's response (ServerResponseLastRead)

The time at which Fiddler has begun sending the Response to the client (ClientResponseFirstSend)

The time at which Fiddler has completed sending the Response to the client (ClientResponseLastSend)

The number of milliseconds spent determining which gateway should be used to handle this request (Should be mutually exclusive to DNSTime!=0)

The number of milliseconds spent waiting for DNS

The number of milliseconds spent waiting for the server TCP/IP connection establishment

The number of milliseconds elapsed while performing the HTTPS handshake with the server

Override of ToString shows timer info in a fancy format

Timing information as a string

Override of ToString shows timer info in a fancy format

TRUE if the result can contain linebreaks; false if comma-delimited format preferred Timing information as a string

Enables High-Resolution timers, which are bad for battery-life but good for the accuracy of timestamps. See http://technet.microsoft.com/en-us/sysinternals/bb897568 for the ClockRes utility that shows current clock resolution. NB: Exiting Fiddler reverts this to the default value.

Log a Read's size and timestamp

Number of milliseconds since first calling .Read() Number of bytes returned in this read

Return the ReadTimings as an array. Only one read is counted per millisecond

Create a new List and append to it

URLMon Interop Class

Set the user-agent string for the current process

New UA string

Query WinINET for the current process' proxy settings. Oddly, there's no way to UrlMkGetSessionOption for the current proxy.

String of hex suitable for display

Configures the current process to use the system proxy for URLMon/WinINET traffic.

Configures the current process to use no Proxy for URLMon/WinINET traffic.

Sets the proxy for the current process to the specified list. See http://msdn.microsoft.com/en-us/library/aa383996(VS.85).aspx

e.g. "127.0.0.1:8888" or "http=insecProxy:80;https=secProxy:444" Semi-colon delimted list of hosts to bypass proxy; use <local> to bypass for Intranet

Holds a variety of useful functions used in Fiddler and its addons.

Create a Session Archive Zip file containing the specified sessions

The filename of the SAZ file to store Array of sessions to store Password to encrypt the file with, or null TRUE if verbose error dialogs should be shown.

This is a refactored helper function which writes a single session to an open SAZ file.

The session to write to the file The ZIP File The number of this file The format string (e.g. "D3") to use when formatting the file number The HTML String builder to write index information TRUE to show verbose error dialog information

Reads a Session Archive Zip file into an array of Session objects

Filename to load Loaded array of sessions or null, in case of failure

Reads a Session Archive Zip file into an array of Session objects

Filename to load Loaded array of sessions or null, in case of failure

Ensures a value is within a specified range.

Type of the value Current value Min value Max value Returns the provided value, unless it is outside of the specified range, in which case the nearest "fencepost" is returned.

A static byte array containing 0 elements. Use to avoid having many copies of an empty byte[] floating around.

Queries the user for a filename

Dialog title String representing file dialog filter Filename or null

Queries the user for a filename

Dialog title String representing file dialog filter Initial directory or null Filename or null

Adds a place to a FileDialog's "Places" collection. Includes error handling for internal .NET Framework bug. Note: CustomPlaces requires SP2 of .NET Framework v2. Attempting to call this method will throw System.MissingMethodException if the required service pack is not installed.

Queries the user for an OPEN filename

Dialog title String representing file dialog filter (e.g. "All files (*.*)|*.*") Filename or null

Queries the user for an OPEN filename

Dialog title String representing file dialog filter Initial directory or null Filename or null

Check to see that the target assembly defines a RequiredVersionAttribute and that the current Fiddler instance meets that requirement

The assembly to test The "type" of extension for display in error message TRUE if the assembly includes a requirement and Fiddler meets it.

Typically, a version number is displayed as "major number.minor number.build number.private part number".

Version required Version of the binary being tested Returns 0 if exact match, else greater than 0 if Required version greater than verTest

Shrinks a path string to fit within a certain number of characters, replacing segments with ellipses if needed.

The Path to compact Number of characters to shrink to The compacted string, or the original string if compaction wasn't needed or failed

Convert a full path into one that uses environment variables

e.g. C:\windows\system32\foo.dll %WINDIR%\System32\foo.dll

Address the problem where the target "PATH" calls for a directoryname is already a filename

Ensure that the target file does not yet exist. If it does, generates a new filename with an embedded identifier, e.g. out[1].txt instead. Attempts to ensure filename is creatable; e.g. if a path component needs to be a directory but is a file already, injects [#] into that path component.

Candidate filename New filename which does not yet exist

Ensure that the target path exists and if a file exists there, it is not readonly or hidden. WARNING: Can throw if target "Filename" calls for a parent directoryname that is already used as a filename by a non-directory. E.g. EnsureOverwriteable(C:\io.sys\filename.txt); would throw.

The candidate filename

Writes arrBytes to a file, creating the target directory and overwriting if the file exists.

Path to File to write. Bytes to write.

Fills an array completely using the provided stream. Unlike a normal .Read(), this one will always fully fill the array unless the Stream throws.

The stream from which to read. The byte array into which the data should be stored. The count of bytes read.

Create a new byte[] containing the contents of two other byte arrays.

Returns the Value from a (case-insensitive) token in the header string. Correctly handles double-quoted strings. Allows comma and semicolon as delimiter. Trailing whitespace may be present.

Name of the header Name of the token Value of the token if present; otherwise, null

Ensures that the target string is iMaxLength or fewer characters

The string to trim from The maximum number of characters to return Up to iMaxLength characters from the "Head" of the string.

Ensures that the target string is iMaxLength or fewer characters, appending ... if truncation occurred

The string to trim from The maximum number of characters to return The string, or up to iMaxLength-1 characters from the "Head" of the string, with \u2026 appeneded.

Returns the "Head" of a string, before and not including a specified search string.

The string to trim from The delimiting string at which the trim should end. Part of a string up to (but not including) sDelim, or the full string if sDelim was not found.

Returns the "Head" of a string, before and not including the first instance of specified delimiter.

The string to trim from. The delimiting character at which the trim should end. Part of a string up to (but not including) chDelim, or the full string if chDelim was not found.

[Deprecated] Ensures that the target string is iMaxLength or fewer characters

The string to trim from The maximum number of characters to return Identical to the method. Up to iMaxLength characters from the "Head" of the string.

Returns the "Tail" of a string, after (but NOT including) the First instance of specified delimiter. See also

The string to trim from. The delimiting character after which the text should be returned. Part of a string after (but not including) chDelim, or the full string if chDelim was not found.

Returns the "Tail" of a string, after (but NOT including) the First instance of specified search string.

The string to trim from. The delimiting string after which the text should be returned. Part of a string after (but not including) sDelim, or the full string if sDelim was not found.

Returns the "Tail" of a string, after (and including) the first instance of specified search string.

The string to trim from. The delimiting string at which the text should be returned. Part of the string starting with sDelim, or the entire string if sDelim not found.

Returns the "Tail" of a string, after (but not including) the Last instance of specified delimiter.

The string to trim from. The delimiting character after which text should be returned. Part of a string after (but not including) the final chDelim, or the full string if chDelim was not found.

Returns the "Tail" of a string, after (but not including) the Last instance of specified substring.

The string to trim from. The delimiting string after which text should be returned. Part of a string after (but not including) the final sDelim, or the full string if sDelim was not found.

Strip any IPv6-Literal brackets, needed when creating a Certificate

Determines true if a request with the specified HTTP Method/Verb MUST contain a entity body

The Method/Verb TRUE if the HTTP Method MUST contain a request body.

http://tools.ietf.org/html/draft-ietf-httpbis-p2-semantics-26#section-4.2.2

HTTPMethod TRUE if the method is deemed idempotent

Returns true if a request with the specified HTTP Method/Verb may contain a entity body

The Method/Verb TRUE if the HTTP Method MAY contain a request body.

Detects whether string ends in a file extension generally recognized as an image file extension. Pass lowercase into this function.

*Lowercase* string TRUE if string ends with common image file extension

Determines if the specified MIME type is "binary" in nature.

The MIME type TRUE if the MIME type is likely binary in nature

Gets a string from a byte-array, stripping a Byte Order Marker preamble if present.

This function really shouldn't need to exist. Why doesn't calling .GetString on a string with a preamble remove the preamble??? The byte array The encoding to convert from *if* there's no Byte-order-marker The string

WARNING: May throw. Gets an encoding, with proper respect for "utf8" as an alias for "utf-8"; Microsoft products don't support this prior to 2015-era, but it turns out to be common. We do have a linter elsewhere that reports a warning if it sees the dashless form. https://github.com/telerik/fiddler/issues/38

Textual name of the encoding

WARNING: Potentially slow. WARNING: Does not decode the HTTP Response body; if compressed, embedded META or _charset_ will not be checked Gets (via Headers or Sniff) the provided body's text Encoding. If not found, returns CONFIG.oHeaderEncoding (usually UTF-8).

HTTP Headers, ideally containing a Content-Type header with a charset attribute. byte[] containing the entity body. A character encoding, if one could be determined

Gets (via Headers or Sniff) the Response Text Encoding. Returns CONFIG.oHeaderEncoding (usually UTF-8) if unknown. Perf: May be quite slow; cache the response

The session The encoding of the response body

Set of encodings for which we'll attempt to sniff. (List order matters, I think)

HtmlEncode a string. In Fiddler itself, this is a simple wrapper for the System.Web.HtmlEncode function. The .NET3.5/4.0 Client Profile doesn't include System.Web, so we must provide our own implementation of HtmlEncode for FiddlerCore's use.

String to encode String encoded according to the rules of HTML Encoding, or null.

This function accepts a string and an offset into the string. It reads one or more %XX sequences from the string converting them into a UTF-8 string based on the input text

Convert the %-encoded string into a string, interpreting %-escape sequences as UTF-8 characters

%-encoded string Unencoded string

Replaces System.Web.HttpUtility.UrlPathEncode(str).

String to encode as a URL Path Encoded string

Tokenize a string into tokens. Delimits on unquoted whitespace ; quote marks are dropped unless preceded by \ characters. Some special hackery to allow trailing slash not escape the final character of the entire input, so that: prefs set fiddler.config.path.vsplugins "F:\users\ericlaw\VSWebTest\" ...doesn't end up with a trailing quote.

The string to tokenize Are single-quotes allowed to as escapes? An array of strings

Pretty-print a Hex view of a byte array. Slow.

The byte array Number of bytes per line String containing a pretty-printed array

Pretty-print a Hex view of a byte array. Slow.

The byte array Number of bytes per line The maximum number of bytes to pretty-print String containing a pretty-printed array

Pretty-print a Hex view of a byte array. Slow.

The byte array Number of bytes per line The maximum number of bytes to pretty-print Show ASCII text at the end of each line String containing a pretty-printed array

Print an byte array to a hex string. Slow.

Byte array String of hex bytes, or "null"/"empty" if no bytes provided

Create a string in CF_HTML format

The HTML string The HTML string wrapped with a CF_HTML prelude

Returns an integer from the registry, or a default.

The Registry key in which to find the value. The registry value name. Default to return if the registry key is missing or cannot be used as an integer The retrieved integer, or the default.

Save a string to the registry. Correctly handles null Value, saving as String.Empty

The registry key into which the value will be written. The name of the value. The value to write.

Returns an Float from the registry, or a default.

Registry key in which to find the value. The value name. The default float value if the registry key is missing or cannot be used as a float. Float representing the value, or the default.

Get a bool from the registry

The RegistryKey The Value name The default value Returns an bool from the registry, or bDefault if the registry key is missing or cannot be used as an bool.

Maps a MIMEType to a file extension. Note: May hit the registry, so consider the performance implications. Pass only the TYPE (e.g. use oResponse.MIMEType), to ensure no charset info in the string.

The MIME Type A file extension for the type, or .TXT

Return the content type of a target file, or application/octet-stream if unknown.

A filename, including the extension

Use the system registry to find the proper MIME-Type for a given file extension. WARNING: Calling Path.GetExtension may throw on bad input. Use to guard against that.

Dot-prefixed file extension (e.g. ".js") Content-Type, or null if one cannot be determined

Determines if we have a complete chunked response body (RFC2616 Section 3.6.1)

The session object, used for error reporting The response data stream. Note: We do not touch the POSITION property. The start of the HTTP body to scan for chunk size info Returns the start of the final received/partial chunk End of byte data in stream representing this chunked content, or -1 if error True, if we've found the complete last chunk, false otherwise.

Takes a byte array and applies HTTP Chunked Transfer Encoding to it

The byte array to convert The number of chunks to try to create The byte array with Chunked Transfer Encoding applied

Removes HTTP chunked encoding from the data in writeData and returns the resulting array.

Some chunked data Unchunked data. Throws InvalidDataException on data format errors.

Removes HTTP chunked encoding from the data in writeData and returns the resulting array.

Array to unchunk Optional Session (for UI error messages) TRUE to suppress error messages, FALSE to show alert boxes Unchunked data. Throws InvalidDataException on data format errors.

Returns TRUE if the Array contains nulls. TODO: Extend to check for other chars which are clearly non-Unicode

Implements a BlockList for "unknown" encodings that the utilDecode* functions cannot handle

Transfer-Encoding Content-Encoding TRUE if any encoding is known to be unsupported

Removes one or more encodings in the proper order to reconstruct the unencoded body. If removing Transfer-Encoding and Content-Encoding, ALWAYS remove Transfer-Encoding first.

The list of encodings in the order that they were applied RFC2616: If multiple encodings have been applied to an entity, the content codings MUST be listed in the order in which they were applied. Should unchunking be permitted (TRUE for Transfer-Encoding, FALSE for Content-Encoding) The bytes of the body

Content-Encodings

Remove all encodings from arrBody, based on those specified in the supplied HTTP headers; DOES NOT MODIFY HEADERS. Throws on errors.

*Readonly* headers specifying what encodings are applied In/Out array to be modified

Remove all encodings from arrBody, based on those specified in the supplied HTTP headers; DOES NOT MODIFY HEADERS. DOES NOT HANDLE UNSUPPORTED ENCODINGS WELL. Throws on errors.

*Readonly* headers specifying what encodings are applied In/Out array to be modified FALSE to show dialog boxes on errors, TRUE to remain silent

Attempts to remove all Content-Encodings from a HTTP body. May throw if content is malformed. MODIFIES HEADERS.

Headers for the body; Content-Encoding and Content-Length will be modified Reference to the body array FALSE if error dialog boxes should be shown TRUE if the body was decoded completely.

Decompress an array compressed using an Zlib DEFLATE stream. Not a HTTP Encoding; it's used internally in the PNG format.

The array to expand byte[] of decompressed data

GZIPs a byte-array

Input byte array byte[] containing a gzip-compressed copy of writeData[]

Requires Win8+ Decompress Xpress|Raw blocks used by WSUS, etc. Introduction to the API is at http://msdn.microsoft.com/en-us/library/windows/desktop/hh920921(v=vs.85).aspx

GZIP-Expand function which shows no UI and will throw on error

TRUE if you want to use Xceed to decompress; false if you want to use System.IO byte[] to decompress A decompressed byte array, or byte[0]. Throws on errors.

Expands a GZIP-compressed byte array

The array to decompress byte[] containing an un-gzipped copy of compressedData[]

Compress a byte array using RFC1951 DEFLATE

Array to compress byte[] containing a DEFLATE'd copy of writeData[]

UnDeflate function which shows no UI and will throw on error

TRUE if you want to use Xceed to decompress; false if you want to use System.IO byte[] to decompress A decompressed byte array, or byte[0]. Throws on errors.

Decompress a byte array that was compressed using Microsoft's Xpress Raw format. Available only on Windows 8+

Array to decompress byte[] of decompressed data

Decompress a byte array that was compressed using RFC1951 DEFLATE

Array to decompress byte[] of decompressed data

Compress a byte[] using the bzip2 algorithm

Array to compress byte[] of data compressed using bzip2

Decompress an array compressed using bzip2

The array to expand byte[] of decompressed data

Decompress an array compressed using bzip2

The array to expand byte[] of decompressed data

Try parsing the string for a Hex-formatted int. If it fails, return false and 0 in iOutput.

The hex number The int value TRUE if the parsing succeeded

Returns TRUE if two ORIGIN (scheme+host+port) values are functionally equivalent.

The first ORIGIN The second ORIGIN The default port, if a port is not specified TRUE if the two origins are equivalent

This function cracks a sHostPort string to determine if the address refers to a "local" site

The string to evaluate, potentially containing a port True if the address is local

This function cracks a sHostPort string to determine if the address refers to the local computer

The string to evaluate, potentially containing a port True if the address is 127.0.0.1, 'localhost', or ::1

Determines if the specified Hostname is a either 'localhost' or an IPv4 or IPv6 loopback literal

Hostname (no port) TRUE if the hostname is equivalent to localhost

This function cracks the Hostname/Port combo, removing IPV6 brackets if needed

Hostname/port combo, like www.foo.com or www.example.com:8888 or [::1]:80 The hostname, minus any IPv6 literal brackets, if present Port #, 80 if not specified, -1 if corrupt

Given a string/list in the form HOSTNAME:PORT#;HOSTNAME2:PORT2#, this function returns the FIRST IPEndPoint. Defaults to port 80 if not specified. Warning: DNS resolution is slow, so use this function wisely.

HOSTNAME:PORT#;OPTHOST2:PORT2# An IPEndPoint or null

Given a string/list in the form HOSTNAME:PORT#;HOSTNAME2:PORT2#, this function returns all IPEndPoints for ALL listed hosts. Defaults to port 80 if not specified. Warning: DNS resolution is slow, so use this function wisely.

HOSTNAME:PORT#;OPTHOST2:PORT2# An array of IPEndPoints or null if no results were obtained

This function attempts to be a ~fast~ way to return an IP from a hoststring that contains an IPv4/6-Literal.

Hostname IPAddress, or null, if the sHost wasn't an IP-Literal

Launch the user's browser to a hyperlink. This function traps exceptions and notifies the user via UI dialog.

The URL to ShellExecute. TRUE if the ShellExecute call succeeded.

Wrapper for Process.Start that shows error messages in the event of failure.

Fully-qualified filename to execute. Command line parameters to pass. TRUE if the execution succeeded. FALSE if the execution failed. An error message will be shown for any error except the user declining UAC.

Run an executable and wait for it to exit, notifying the user of any exceptions.

Fully-qualified filename of file to execute. Command-line parameters to pass. TRUE if the execution succeeded. FALSE if the error message was shown.

Run an executable, wait for it to exit, and return its output as a string. NOTE: Uses CreateProcess, so you cannot launch applications which require Elevation.

Fully-qualified filename of file to Execute Command-line parameters to pass Exit code returned by the executable String containing the standard-output of the executable

Copy a string to the clipboard, notifying the user of any exceptions

The text to copy TRUE if the copy succeeded

Copy an object to the clipboard, notifying the user of any exceptions

The object to copy True if successful

This method prepares a string to be converted into a regular expression by escaping special characters and CONVERTING WILDCARDS. This method was originally meant for parsing WPAD proxy script strings. You typically should use the Static RegEx.Escape method for most purposes, as it doesn't convert "*" into ".*"

Determines whether the arrData array STARTS WITH with the supplied arrMagics bytes. Used for Content-Type sniffing.

The data, or null The MagicBytes to look for TRUE if arrData begins with arrMagics

Determines whether the arrData array begins with the supplied sMagics ASCII text. Used for Content-Type sniffing.

The data, or null The ASCII text to look for TRUE if arrData begins with sMagics (encoded as ASCII octets)

Is this HTTPMethod used for RPC-over-HTTPS?

Determine if a given byte array has the start of a HTTP/1.* 200 response. Useful primarily to determine if a CONNECT request to a proxy returned success.

Determine if a given byte array has the start of a HTTP/1.* 407 response. Useful primarily to determine if a CONNECT request to a proxy returned an auth challenge

For a given process name, returns a bool indicating whether this is a known browser process name.

The Process name (e.g. "abrowser.exe") Returns true if the process name starts with a common browser process name (e.g. ie, firefox, etc)

Ensure that a given path is absolute, if not, applying the root path. WARNING: This function only works as well as Path.IsPathRooted, which returns "True" for things like "/NoDriveSpecified/fuzzle.txt" A better approach would be to look at the internal Path.IsRelative method

If sFilename is absolute, returns it, otherwise, combines the leaf filename with local response folders hunting for a match. Trims at the first ? character, if any

Either a fully-qualified path, or a leaf filename File path

Format an Exception message, including InnerException message if present.

Get a TickCount (milliseconds since system start) as an unsigned 64bit value. On Vista+, uses the GetTickCount64 API that won't rollover, but on XP, this unsigned wrapper moves the rollover point to 49 days of uptime.

Number of ms since Windows started

Returns TRUE if the user is running Elevated. Requires WinXP to Win8

TRUE if the user is an Admin and the process is Elevated

Returns a succinct version of Environment.OSVersion.VersionString

Returns TRUE on *Windows* (not Mono) when OS Version is Win8+ (NT6.2+)

Duplicate a byte array, replacing null with byte[0]. Doing this instead of .Clone() because it better handles nulls and it may be faster.

The array to copy The new array.

Warning: This will throw if FIPS mode is enabled

Returns TRUE if the array is null or contains 0 bytes

byte[] to test

Returns TRUE if the string is non-empty and not of the pattern "[#123]" Necessary because SAZ-saving logic autogenerates comments of that form

True if ClientChatter is non-null and its headers are non-null

Return a multi-line string describing the NetworkInterfaces[]

Checks a DLL's filename for signals that it doesn't contain extensions. This hack is only needed because I wasn't smart enough to require that the assembly be named something like Fiddler.* in the original design.

DLL filename TRUE if we should skip this assembly during enumeration

Garbage collect and, if possible, compact the Large Object heap

Common functions we'll want to use on Strings. Fiddler makes extensive use of strings which should be interpreted in a case-insensitive manner. WARNING: Methods assume that the calling object is not null, which is lame for reliability but arguably good for performance.

The WebSocket class represents a "tunnel" through which WebSocket messages flow. The class' messages may be deserialized from a SAZ file.

Should this WebSocket Tunnel parse the WS traffic within into individual messages?

Writes all of the messages stored in this WebSocket to a stream.

Approximate size of the data of the stored messages, used for memory tracking

Read headers from the stream.

The Stream from which WebSocketSerializationHeaders should be read The Array of headers, or String[0]

Number of bytes received from the client

Number of bytes received from the server

Creates a "detached" WebSocket which contains messages loaded from the specified stream

Session to which the WebSocket messages belong The Stream containing messages, which will be closed upon completion

This factory method creates a new WebSocket Tunnel and executes it on a background (non-pooled) thread.

The Session containing the HTTP CONNECT request

Creates a WebSocket tunnel. External callers instead use the CreateTunnel static method.

The session for which this tunnel was initially created. The client pipe The server pipe

This function keeps the Tunnel/Thread alive until it is signaled that the traffic is complete

Performs cleanup of the WebSocket instance. Call this after the WebSocket closes normally or after abort/exceptions.

Executes the WebSocket tunnel on a background thread

Interface Method Close the WebSocket and signal the event to let its service thread die. Also called by oSession.Abort() WARNING: This should not be allowed to throw any exceptions, because it will do so on threads that don't catch them, and this will kill the application.

When we get a buffer from the client, we push it into the memory stream

When we get a buffer from the server, we push it into the memory stream

This method parses the data in strmClientBytes to extact one or more WebSocket messages. It then sends each message through the pipeline.

This method parses the data in strmServerBytes to extact one or more WebSocket messages. It then sends each message through the pipeline to the client.

Called when we have received data from the local client.

The result of the asynchronous operation.

Called when we have received data from the remote host. Incoming data will immediately be forwarded to the local client.

The result of the asynchronous operation.

Is this WebSocket open/connected?

Boolean that determines whether the WebSocket tunnel tracks messages.

Returns number of bytes sent from the Server to the Client on this WebSocket

Returns number of bytes sent from the Client to the Server on this WebSocket

This enumeration provides the values for the WebSocketMessage object's BitFlags field

No flags are set

Message was eaten ("dropped") by Fiddler

Message was generated ("injected") by Fiddler itself

Fragmented Message was reassembled by Fiddler

Breakpointed

A WebSocketMessage stores a single frame of a single WebSocket message http://tools.ietf.org/html/rfc6455

3 bits frame-rsv1,frame-rsv2,frame-rsv3

Unmasks the first array into the third, using the second as a masking key.

Masks the first array's data using the key in the second

The data to be masked A 4-byte obfuscation key, or null.

Replaces the WebSocketMessage's payload with the specified string, masking if needed.

Copies the provided byte array over the WebSocketMessage's payload, masking if needed.

Masks the provided array (if necessary) and assigns it to the WebSocketMessage's payload.

New array of data

Return the WebSocketMessage's payload as a string.

Copy the WebSocketMessage's payload into a new Byte Array.

A new byte array containing the (unmasked) payload.

Is this a Request message?

The WebSocketTimers collection tracks the timestamps for this message

The raw payload data, which may be masked.

The four-byte payload masking key, if any

The type of the WebSocket Message's frame

Serialize this message to a stream

Add the content of the subequent continuation to me.

Timers

When was this message read from the sender

When did transmission of this message to the recipient begin

When did transmission of this message to the recipient end

Return the timers formatted to be placed in pseudo-headers used in saving the WebSocketMessage to a stream (SAZ). NOTE: TRAILING \r\n is critical.

The WinHTTPAutoProxy class is used to handle upstream gateways when the client was configured to use WPAD or an Proxy AutoConfig (PAC) script.

Indication as to whether AutoProxy information is valid. 0=Unknown/Enabled; 1=Valid/Enabled; -1=Invalid/Disabled

Get the text of the file located at a specified file URI, or null if the URI is non-file or the file is not found.

Returns a string containing the currently selected autoproxy options

Get WPAD-discovered URL for display purposes (e.g. Help> About); note that we don't actually use this when determining the gateway, instead relying on the WinHTTPGetProxyForUrl function to do this work for us.

A WPAD url, if found, or String.Empty

Return gateway endpoint for requested Url. TODO: Add caching layer on our side? TODO: Support multiple results?

The URL for which the gateway should be determined The Endpoint of the Gateway, or null TRUE if WinHttpGetProxyForUrl succeeded

Close the WinHTTP Session handle

Note: Be sure to use the same hSession to prevent redownload of the proxy script

Set to true to send Negotiate creds when challenged to download the script

Wrapper for WinINET cache APIs.

Clear all HTTP Cookies from the WinINET Cache

Clear all files from the WinINET Cache

Delete all permanent WinINET cookies for sHost; won't clear memory-only session cookies. Supports hostnames with an optional leading wildcard, e.g. *example.com. NOTE: Will not work on VistaIE Protected Mode cookies.

The hostname whose cookies should be cleared

Clear the Cache items. Note: May be synchronous, may be asynchronous.

TRUE if cache files should be cleared TRUE if cookies should be cleared

For PInvoke: Contains information about an entry in the Internet cache

Wrapper for WinINET proxy configuration APIs

Hostnames of sites to bypass proxy. <local> is common.

Allow direct connection to host

Attempt WPAD autoproxy detection

Ignore WinINET "no autoproxy unticks box" optimization

Use user-supplied URL to get FindProxyForURL script

Use user-supplied manual/fixed proxy address list

WPAD script url that may be used if _bUseScript true

Gathers proxy information from a named connection.

Pass DefaultLAN to look for the "null" connection Proxy info, or null

Get a string describing the proxy settings

Returns a multi-line string representing the proxy settings

Calculate a string suitable for passing into WinINET APIs.

Returns a string containing proxy information, or NULL. NB: I've seen WinINET blow up when passed String.Empty rather than null.

Given a proxy string, we crack out the proxy gateways for each protocol

e.g. HTTP=itgproxy:80;FTP=ftpprox:21; false on error

Fills this WinINETProxyInfo instance with settings from specified WinINET connection.

Name of the connection. Pass NULL for LAN connection. TRUE if the settings were successfully retrieved.

Sets WinINET proxy settings for specified connection to those specified in this WinINETProxy instance.

Name of the connection. Pass NULL for LAN connection.

Semi-colon delimited list of hostnames that should bypass the fixed proxy

TRUE if manually-specified proxy should be used.

TRUE if a direct HTTP connection may be made if AutoProxy/PAC is unreachable or corrupt

True if the proxy should be bypassed for dotless hostnames. NOTE: Simply looks at the bypassList string to see if it contains a LOCAL rule.

String representing the endpoint of the proxy for HTTP-traffic, if configured

String representing the endpoint of the proxy for HTTPS-traffic, if configured

String representing the endpoint of the proxy for FTP-traffic, if configured

String representing the endpoint of the proxy for SOCKS-traffic, if configured

Bool indicating whether this connection is set to autodetect the proxy

Returns a string pointing to the ProxyAutoConfig script, or null if there is no such URL or it is not enabled

The RASInfo class is used to enumerate Network Connectoids so Fiddler can adjust proxy configuration for all connectoids, not just the DefaultLAN

Ask RAS for the list of network connectoids. We'll always add "DefaultLAN" to this list as well.