Fiddler Ideas

The free web debugging proxy for any browser, system or platform.

Add option to sanitize trace of credentials

Often in troubleshooting issues with websites a repro using Fiddler may be gathered. But customers may not know that any credentials posted in a web form are captured.

It would be easier if the Fiddler trace has an option added to offer to sanitize all occurrences of a string (especially in post body) which looks like a credential been sent.

This helps customer ensure no sensitive information is shared. The support engineer can rest assured that he has what he needs minus the password to review troubleshoot the trace.

  • Guest
  • Feb 15 2017
  • Under review
  • Attach files
  • Eric Lawrence commented
    15 Feb, 2017 02:36pm

    There are scripts to do this, and it might make sense to try to offer a built-in option to do it.

    The problem is that it leads to a false sense of privacy, insofar as it's entirely possible for credentials to be masked in such a way (e.g. base64-encoding, rot-13, what have you) such that a cleaner script doesn't recognize them but an attacker would not.