Fiddler Ideas

The free web debugging proxy for any browser, system or platform.

Make sure that filters apply to MS telemetry calls (e.g. v10.vortex-win.data.microsoft.com)

Microsoft telemetry calls to v10.vortex-win.data.microsoft.com bypass the filters and add noise. If my filter says only show localhost, I don't expect to see calls to Microsoft.com. 

  • Guest
  • Jan 16 2018
Bug
  • Attach files
  • Eric Lawrence commented
    January 16, 2018 22:47

    Where specifically did you set the filter? If you right-click the Session and choose "Properties", what are the flags on the unexpectedly-visible Session?

    (By default, Fiddler doesn't hide sessions which resulted in HTTP Protocol Violation errors).

  • Dave Carlson commented
    January 25, 2018 20:22

    My host is slightly different: watson.telemetry.microsoft.com.  I tried setting up a "Hide if URL contains" and "hide following hosts", but it still shows up.  I also tried adding a line in the custom rules file, but it still powers through.

    It is a protocol violation: "ProtocolViolationInRequest".

    Is there a special way I can block this specific request?

  • Dave Carlson commented
    January 25, 2018 20:22

    By block, I mean hide from the list.

  • Eric Lawrence commented
    January 29, 2018 16:41

    In the Session's Properties, you can see what exactly the protocol violation in the request is; depending on what the problem is, it reflects either a bug in the client (likely) or something that could be fixed in Fiddler.

    To cause a Session to be hidden regardless of protocol errors, you can add the word "STEALTH" to the UI-HIDE value, e.g.

     

    if (oSession.urlContains("watson.telemetry.microsoft.com")) { oSession["ui-hide"] = "STEALTH-boring boring boring...."; }
  • Rainer Koschnick commented
    February 6, 2018 09:48

    STEALTH doesn't work for me, those requests still show.

  • Eric Lawrence commented
    February 19, 2018 13:16

    Regarding the claim that "Stealth" doesn't work-- the most likely explanation is that you either wrote the rule incorrectly, or put it in the wrong place. Feel free to email me a SAZ capture demonstrating your issue. bayden at gmail dotcom.

  • James Brooks commented
    February 21, 2018 00:34

    I am also having issues with https://v10.vortex-win.data.microsoft.com/collect/v1 in Fiddler. My filter is on and set to "Show only the following Hosts" -- "localhost" yet I see both localhost and v10.vortex-win.data.microsoft.com  I can right click on it and choose "Filter Now --> Hide v10.vort... yet after a few captures, it starts showing v10 again.  Always with 408 request body incomplete.

  • James Brooks commented
    February 21, 2018 00:41

    As a side note. Under "Filters" --> "Hide if URL contains" --> v10.vortex-win.data.microsoft.com  does work in hiding it from Fiddler

  • James Brooks commented
    February 21, 2018 00:53

    Nope, spoke to soon. Adding "Hide if URL contains" did not work. Sorry.

  • Gunnar S commented
    March 8, 2018 16:08

    The problem identified by James Brooks is driving me nuts. There must be a way to stop this from showing up in Fiddler:

    Host: v10.vortex-win.data.microsoft.com

    HTTP/1.1 408 Request body incomplete
    Date: Thu, 08 Mar 2018 16:01:58 GMT

  • Greg Woods commented
    March 15, 2018 10:22

    My sessions list is being filled with Windows 10 telemetry calls, all with 408 errors. Even trying to remove them using fiddler script (a workaround) has failed.

    Quote: "(By default, Fiddler doesn't hide sessions which resulted in HTTP Protocol Violation errors)."

    IT SHOULD.

    if I have filters enabled, nothing should bypass those filters... it's just bad manners.

     

  • Ed Eaglehouse commented
    March 22, 2018 13:00

    I tried adding the ui-hide member on the session in the OnBeforeResponse handler using Eric's STEALTH suggestion. Fiddler threw a compilation error, "Objects of type 'Fiddler.Session' do not have such a member."

    Using automatic syntax completion and comparing other code in CustomRules.js, the urlContains function was apparently renamed uriContains. Fiddler didn't complain after I used the latter function name.

    I agree with Greg Woods' comment about filters actually filtering what you tell them to. Perhaps an additional UI option to show/hide protocol violations would be in order.

  • Ed Eaglehouse commented
    March 22, 2018 14:04

    20 minutes later, STEALTH isn't working for me, either. The telemetry responses are still showing up.

  • Greg Woods commented
    March 22, 2018 15:20

    An example of the amount of crap filling my fiddler sessions

  • Steven Lamport commented
    April 22, 2018 16:04

    I have the same issue and it drives me crazy. I have tried just about everything but these still show.