官方版

Configure Fiddler to Authenticate to CBT-Protected Server

  1. Click Rules > Customize Rules.
  2. Scroll to the OnPeekAtResponseHeaders function.
  3. Add the following code:
  1. static function OnPeekAtResponseHeaders(oSession: Session) 
  2. {         
  3.     // To avoid problems with Channel-Binding-Tokens, this block allows Fiddler 
  4.     // itself to respond to Authentication challenges from HTTPS Intranet sites. 
  5.     if (oSession.isHTTPS && 
  6.         (oSession.responseCode == 401) && 
  7.         // Only permit auto-auth for local apps (e.g. not devices or remote PCs) 
  8.         (oSession.LocalProcessID > 0) && 
  9.         // Only permit auth to sites we trust 
  10.         (Utilities.isPlainHostName(oSession.hostname) 
  11.       // Replace telerik.com with whatever servers Fiddler should release credentials to.
  12.         || oSession.host.EndsWith("telerik.com"))  
  13.         ) 
  14.     { 
  15.         // To use creds other than your Windows login credentials, 
  16.         // set X-AutoAuth to "domain\\username:password" 
  17.         // Replace default with specific credentials in this format:
  18.       // domain\\username:password. 
  19.         oSession["X-AutoAuth"] = "(default)";    
  20.         oSession["ui-backcolor"] = "pink"; 
  21.     } 
  23. //... function continues
  • Replace “telerik.com” with whatever servers Fiddler should release credentials to. By default, Fiddler will release credentials to any intranet sites (sites without a dot in the hostname).
  • Replace “default” with specific credentials in this format:
    domain\username:password
  • If you specify “(default)”, Fiddler will attempt to use the login credentials of whatever user-account that it is running under.

谷歌翻译版

为CBT认证服务器配置Fiddler

  1. 点击 Rules > Customize Rules.
  2. 滚动到OnPeekAtResponseHeaders函数。
  3. 添加以下代码:
  1. static function OnPeekAtResponseHeaders(oSession: Session) 
  2. {         
  3.     // To avoid problems with Channel-Binding-Tokens, this block allows Fiddler 
  4.     // itself to respond to Authentication challenges from HTTPS Intranet sites. 
  5.     if (oSession.isHTTPS && 
  6.         (oSession.responseCode == 401) && 
  7.         // Only permit auto-auth for local apps (e.g. not devices or remote PCs) 
  8.         (oSession.LocalProcessID > 0) && 
  9.         // Only permit auth to sites we trust 
  10.         (Utilities.isPlainHostName(oSession.hostname) 
  11.       // Replace telerik.com with whatever servers Fiddler should release credentials to.
  12.         || oSession.host.EndsWith("telerik.com"))  
  13.         ) 
  14.     { 
  15.         // To use creds other than your Windows login credentials, 
  16.         // set X-AutoAuth to "domain\\username:password" 
  17.         // Replace default with specific credentials in this format:
  18.       // domain\\username:password. 
  19.         oSession["X-AutoAuth"] = "(default)";    
  20.         oSession["ui-backcolor"] = "pink"; 
  21.     } 
  23. //... function continues
  • Replace “telerik.com” with whatever servers Fiddler should release credentials to. By default, Fiddler will release credentials to any intranet sites (sites without a dot in the hostname).
  • Replace “default” with specific credentials in this format:
    domain\username:password
  • If you specify “(default)”, Fiddler will attempt to use the login credentials of whatever user-account that it is running under.