From 5c36e638206d6b8960ef598cfa9c9feed7daf0ce Mon Sep 17 00:00:00 2001 From: Nikolay Iliev Date: Mon, 6 Oct 2025 09:00:45 +0100 Subject: [PATCH 01/18] docs: MCP server installation and usage --- _config.yml | 3 +++ mcp-server/instalation.md | 7 +++++++ 2 files changed, 10 insertions(+) create mode 100644 mcp-server/instalation.md diff --git a/_config.yml b/_config.yml index b0d31832..36e1ace9 100644 --- a/_config.yml +++ b/_config.yml @@ -24,6 +24,9 @@ navigation: modify-and-filter-traffic: title: Modify & Filter Traffic position: 50 + mcp-server: + title: MCP Server + position: 55 compose-api-requests: title: Compose API Requests position: 60 diff --git a/mcp-server/instalation.md b/mcp-server/instalation.md new file mode 100644 index 00000000..efe08ea9 --- /dev/null +++ b/mcp-server/instalation.md @@ -0,0 +1,7 @@ +--- +title: Instalation +description: "Configuring and installing the Fiddler Everywhere MCP server." +slug: mcp-installation +publish: true +position: 1 +--- \ No newline at end of file From a4bc1fff44e4cad3ecec26a634eab6c4c620fef8 Mon Sep 17 00:00:00 2001 From: Nikolay Iliev Date: Mon, 6 Oct 2025 09:30:56 +0100 Subject: [PATCH 02/18] docs MCP install and usage --- .../managed-app-configuration.md | 2 + mcp-server/instalation.md | 7 - mcp-server/installation.md | 136 ++++++++++++++++++ 3 files changed, 138 insertions(+), 7 deletions(-) delete mode 100644 mcp-server/instalation.md create mode 100644 mcp-server/installation.md diff --git a/installation-and-setup/managed-app-configuration.md b/installation-and-setup/managed-app-configuration.md index c1bdcf3f..9ef6222d 100644 --- a/installation-and-setup/managed-app-configuration.md +++ b/installation-and-setup/managed-app-configuration.md @@ -36,6 +36,7 @@ IT teams managing macOS systems can apply app configuration using their preferre | `DisableVpnHostBypass` | Disables Fiddler's automatic VPN bypass. | integer | 1 | | `CustomCACertificate` | DER-encoded base64 string of a custom certificate. | string | `` | | `CustomCACertificatePrivateKey` | DER-encoded base64 string of the private key. | string | `` | +| `DisableMCP` | Enables or disables the Fiddler Everywhere MCP server | integer | 1 | >important Even with **DisableCloud** enabled, users still need access to [required Fiddler Everywhere API endpoints]({%slug first_steps_windows%}#prerequisites). For environments with limited internet access, consider using [Fiddler's offline mode](https://www.telerik.com/blogs/offline-mode-fiddler-everywhere). @@ -106,6 +107,7 @@ HKEY_CURRENT_USER\SOFTWARE\Policies\Progress\Fiddler Everywhere | `DisableVpnHostBypass` | Disables Fiddler's automatic VPN bypass. | DWORD-32 (hexadecimal) | 1 | | `CustomCACertificate` | DER-encoded base64 string of a custom certificate. | String Value | `` | | `CustomCACertificatePrivateKey` | DER-encoded base64 string of the private key. | String Value | `` | +| `DisableMCP` | Enables or disables the Fiddler Everywhere MCP server | DWORD-32 (hexadecimal) | `1` | --- diff --git a/mcp-server/instalation.md b/mcp-server/instalation.md deleted file mode 100644 index efe08ea9..00000000 --- a/mcp-server/instalation.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -title: Instalation -description: "Configuring and installing the Fiddler Everywhere MCP server." -slug: mcp-installation -publish: true -position: 1 ---- \ No newline at end of file diff --git a/mcp-server/installation.md b/mcp-server/installation.md new file mode 100644 index 00000000..66089a81 --- /dev/null +++ b/mcp-server/installation.md @@ -0,0 +1,136 @@ +--- +title: Fiddler MCP Server +description: "Configuring and installing the Fiddler Everywhere MCP server." +slug: mcp-installation +publish: true +position: 1 +--- + +# Fiddler MCP Server + +The Fiddler Everywhere MCP (Model Context Protocol) server lets you interact with LLM models and reach new levels of developer productivity. The MCP server provides proprietary context to AI-powered IDEs, apps, and tools. You can use the Fiddler Everywhere MCP server for comprehensive analysis of captured HTTPS traffic, including web debugging, security highlights, performance reports, data extraction, and general usage. The Fiddler MCP enables you to successfully prompt more complex questions and tasks, and generate tailored code based on the information received from the captured HTTPS traffic. + +## Prerequisites + +To use the Fiddler Everywhere MCP server, you need: + +- The latest version of Fiddler Everywhere. +- An active internet connection. +- A unique API Key for the Fiddler Everywhere MCP server (generated within the application). +- A compatible MCP client (IDE, code editor, or app) that supports MCP tools. + +## Installation + +The generic settings for the Fiddler Everywhere MCP server are: + +* **Server name handle**: `#fiddler` (default value - can be customized through **Settings > MCP Server**) +* **Server type**: `http` +* **Server URL**: `http://localhost:8868/mcp` (default value - the port can be customized through **Settings > MCP Server**) +* **Authorization**: A generated unique API key to be placed as an `Authorization` header. + +### Visual Studio Code + +To enable the Fiddler Everywhere MCP server in Visual Studio Code, follow these steps: + +1. Start the Fiddler Everywhere application. +2. Go to **Settings > MCP Server** and complete the following: + * Set the MCP server port (default value is `8868`). + * Generate a unique API Key. + * Copy the generated JSON configuration from the **VSCode** tab. +3. Open your Visual Studio Code workspace and complete the following: + * Create a `.vscode/mcp.json` file in your workspace. + * Paste the copied Fiddler Everywhere MCP configuration. Ensure that the JSON is properly formatted and that the Fiddler MCP server is within the `servers` property. + + _example mcp.json file in VSCode with Fiddler Evereywhere MCP server_ + ```JSON + { + "servers": { + "fiddler": { + "type": "http", + "url": "http://localhost:8868/mcp", + "headers": { + "Authorization": "ApiKey FIDDLER_API_KEY_HERE" + } + } + } + } + ``` +4. Start the Fiddler Everywhere MCP server in Visual Studio Code. + +Alternatively, use the **Add Server** option in Visual Studio Code and manually add the Fiddler Everywhere MCP server. + +### Cursor + +To enable the Fiddler Everywhere MCP server in Cursor, follow these steps: + +1. Start the Fiddler Everywhere application. +2. Go to **Settings > MCP Server** and complete the following: + * Set the MCP server port (default value is `8868`). + * Generate a unique API Key. + * Copy the generated JSON configuration from the **Cursor** tab. +3. Open your Cursor workspace and complete the following: + * Create a `.cursor/mcp.json` file in your workspace. + * Paste the copied Fiddler Everywhere MCP configuration. Ensure that the JSON is properly formatted and that the Fiddler MCP server is within the `mcpServers` property. + + _example mcp.json file in Cursor with Fiddler Evereywhere MCP server_ + ```JSON + { + "mcpServers": { + "fiddler": { + "url": "http://localhost:8868/mcp", + "headers": { + "Authorization": "ApiKey FIDDLER_API_KEY_HERE" + } + } + } + } + ``` +4. Start the Fiddler Everywhere MCP server in Cursor. + +## Usage + +To use the Fiddler Everywhere MCP server: + +1. Start the Fiddler Everywhere application. +2. Configure the MCP server in your IDE: + * [Visual Studio Code](#visual-studio-code) + * [Cursor](#cursor) + * Or any other compatible IDE that supports MCP servers with tools. +3. Enable the **agent mode** in your IDE. +4. Start your prompt with `#fiddler` (or with `#` followed by your custom server name, if configured). + +The MCP server will provide context from your captured HTTPS traffic to enhance your MCP-assisted development workflow. + +## MCP Output Sanitization + +The Fiddler Everywhere application provides a sanitization tool that automatically removes sensitive data from the output passed to the MCP server. The data sanitization feature enables users to minimize the risk of disclosing specific information. + +>important Even with the feature enabled, Fiddler will attempt to sanitize the captured traffic, but complete removal of sensitive data is not guaranteed. The user is responsible for verifying the output and preventing unintended disclosure. + +By default, the sanitization is enabled for all data passing through the MCP server. You can control what type of data to sanitize or add more strict rules through the **Settings > Sanitization** section. + +## MCP Access Policies + +The Fiddler Everywhere application provides managed application policies through its Fiddler Everywhere Enterprise tier. The `DisableMCP` policy enables license administrators to completely restrict access to the Fiddler Everywhere MCP server for licensed users. + +### Windows + +IT teams managing Windows systems can apply app configuration keys using their preferred administrative tooling by setting values in the following registry path: + +``` +HKEY_CURRENT_USER\SOFTWARE\Policies\Progress\Fiddler Everywhere +``` + +| Key Name | Description | Value Type | Value Example | +|:---------|:------------|:-----------|:--------------| +| `DisableMCP` | Enables or disables the Fiddler Everywhere MCP server | DWORD-32 (hexadecimal) | `1` | + +### macOS + +IT teams managing macOS systems can apply app configuration using their preferred device management solution (such as Jamf, Intune, or similar) by setting the following keys: + +| Key Name | Description | Value Type | Value Example | +|:---------|:------------|:-----------|:--------------| +| `DisableMCP` | Enables or disables the Fiddler Everywhere MCP server | integer | `1` | + +For more information on using managed application configurations, refer to the [Managed Application Policies]({%slug fe-restrict-policies%}) article. From e98396c93c321adf698b8c6bf2f2c1a3902e56ee Mon Sep 17 00:00:00 2001 From: Nick Iliev Date: Tue, 7 Oct 2025 12:00:18 +0300 Subject: [PATCH 03/18] prompt library' --- mcp-server/installation.md | 18 ++++- mcp-server/prompt-library.md | 135 +++++++++++++++++++++++++++++++++++ 2 files changed, 150 insertions(+), 3 deletions(-) create mode 100644 mcp-server/prompt-library.md diff --git a/mcp-server/installation.md b/mcp-server/installation.md index 66089a81..d7db798c 100644 --- a/mcp-server/installation.md +++ b/mcp-server/installation.md @@ -1,7 +1,8 @@ --- title: Fiddler MCP Server -description: "Configuring and installing the Fiddler Everywhere MCP server." -slug: mcp-installation +page_title: Fiddler MCP Server +description: "Installing and using the Fiddler Everywhere MCP server to interact with AI tools." +slug: fiddler-mcp-server publish: true position: 1 --- @@ -101,6 +102,17 @@ To use the Fiddler Everywhere MCP server: The MCP server will provide context from your captured HTTPS traffic to enhance your MCP-assisted development workflow. +>tip You can jump start your MCP journey by exploring our [prompt library](slug://fiddler_ai_prompt_library) + + +### Supported Capturing Modes + +The Fiddler Everywhere MCP server supports the following capturing modes: + +- [Browser capturing mode](slug://capture-browser-traffic) +- [Terminal capturing mode](slug://capture-terminal-traffic) +- [Reverse proxy](slug://fiddler-reverse-proxy) + ## MCP Output Sanitization The Fiddler Everywhere application provides a sanitization tool that automatically removes sensitive data from the output passed to the MCP server. The data sanitization feature enables users to minimize the risk of disclosing specific information. @@ -133,4 +145,4 @@ IT teams managing macOS systems can apply app configuration using their preferre |:---------|:------------|:-----------|:--------------| | `DisableMCP` | Enables or disables the Fiddler Everywhere MCP server | integer | `1` | -For more information on using managed application configurations, refer to the [Managed Application Policies]({%slug fe-restrict-policies%}) article. +For more information on using managed application configurations, refer to the [Managed Application Policies](slug://fe-restrict-policies) article. diff --git a/mcp-server/prompt-library.md b/mcp-server/prompt-library.md new file mode 100644 index 00000000..5ab8ee36 --- /dev/null +++ b/mcp-server/prompt-library.md @@ -0,0 +1,135 @@ +--- +title: Prompt Library +page_title: Fiddler Everywhere AI Prompt Library +description: Explore a sample collection of prompts that you can use with the Fiddler Everywhere MCP server +slug: fiddler_ai_prompt_library +position: 10 +--- + +# Fiddler Everywhere Prompt Library + +Welcome to the Fiddler Everywhere Prompt Library. + +The prompts provided here are intended and optimized for use with the Fiddler Everywhere [MCP Server](slug://fiddler-mcp-server). They can help you kick start and empower your HTTP traffic inspection, debugging, and even coding processes. + +>tip [Go straight to the prompts ⬇️](#general-prompts) + +## How to Use the Prompts + +All prompts in this library target the [MCP Server](slug://fiddler-mcp-server) via the `#fiddler` handle. Ensure that you have [installed and enabled the MCP Server](slug://fiddler-mcp-server#installation) before attempting to run the prompts. + +1. Browse the prompt library to find a prompt that suits your needs. +2. Copy the prompt text (including the `#fiddler` handle). +3. (Optional) Customize the prompt as needed for your specific use case but keep the `#fiddler` handle. +4. Run the prompt against the [MCP Server](slug://fiddler-mcp-server). + +>warning Always double-check the code and solutions proposed by any AI-powered tool before applying them to your project. + +## General Prompts + +This section provides examples of general questions related to Kendo UI for Angular. + +
+ +```prompt Use Browser Capturing Mode +#fiddler Start capturing HTTP traffic in Fiddler using Chrome +``` +```ts +``` + +```prompt Use Terminal Capturing Mode +#fiddler Start capturing HTTP traffic in Fiddler using a Terminal +``` +```ts +``` + +```prompt Set Reverse Proxy +#fiddler Аdd a reverse proxy, listening on {clientPort} and forwarding traffic to {remoteHost} +``` +```ts +``` + +```prompt Unset Reverse Proxy +#fiddler Disable the reverse proxy +``` +```ts +``` + +```prompt Add a localhost filter +#fiddler apply a filter to capture traffic that contains localhost +``` +```ts +``` + +```prompt Add a specific filter +#fiddler apply a filter to capture traffic that contains {keyword} +``` +```ts +``` + +```prompt Add a specific filter +#fiddler apply a filter to capture traffic that contains {keyword} +``` +```ts +``` + +```prompt Show filtered sessions +#fiddler show filtered sessions +``` +```ts +``` + +```prompt Clear All Filters +#fiddler clear all filters +``` +```ts +``` + +
+ +## Common Usage Prompts + + +
+ +```prompt Analyze the Captured Traffic +#fiddler Analyze the captured HTTP traffic +``` +```ts +``` + +```prompt Analyze Specific Session +#fiddler Analyze session with ID 188 +``` +```ts +``` + +```prompt Check for Sanitization +#fiddler Does the filtered sessions contain sanitized data +``` +```ts +``` + +```prompt Snapshot Security Analysis +#fiddler Analyze the captured sessions for leaked sensitive data +``` +```ts +``` + +```prompt Snapshot Security Analysis (2) +#fiddler analyze the captured sessions and suggest security optimizations +``` +```ts +``` + +```prompt Snapshot Performance Analysis +#fiddler analyze the captured sessions and suggest performance optimizations +``` +```ts +``` + +
+ +## See Also + +* [Fiddler Everywhere MCP Server Overview](slug://fiddler-mcp-server) \ No newline at end of file From 63d527221785aa1c72b822af5a382f4f75ad3b11 Mon Sep 17 00:00:00 2001 From: Nick Iliev Date: Tue, 7 Oct 2025 12:14:55 +0300 Subject: [PATCH 04/18] revert md styles --- mcp-server/installation.md | 10 +-- mcp-server/prompt-library.md | 134 ++++++++++++++++++++++++++++++++--- 2 files changed, 130 insertions(+), 14 deletions(-) diff --git a/mcp-server/installation.md b/mcp-server/installation.md index d7db798c..794b4b93 100644 --- a/mcp-server/installation.md +++ b/mcp-server/installation.md @@ -102,16 +102,16 @@ To use the Fiddler Everywhere MCP server: The MCP server will provide context from your captured HTTPS traffic to enhance your MCP-assisted development workflow. ->tip You can jump start your MCP journey by exploring our [prompt library](slug://fiddler_ai_prompt_library) +>tip You can jump start your MCP journey by exploring our [prompt library]({%slug fiddler_ai_prompt_library%}) ### Supported Capturing Modes The Fiddler Everywhere MCP server supports the following capturing modes: -- [Browser capturing mode](slug://capture-browser-traffic) -- [Terminal capturing mode](slug://capture-terminal-traffic) -- [Reverse proxy](slug://fiddler-reverse-proxy) +- [Browser capturing mode]({%slug capture-browser-traffic%}) +- [Terminal capturing mode]({%slug capture-terminal-traffic%}) +- [Reverse proxy]({%slug fiddler-reverse-proxy%}) ## MCP Output Sanitization @@ -145,4 +145,4 @@ IT teams managing macOS systems can apply app configuration using their preferre |:---------|:------------|:-----------|:--------------| | `DisableMCP` | Enables or disables the Fiddler Everywhere MCP server | integer | `1` | -For more information on using managed application configurations, refer to the [Managed Application Policies](slug://fe-restrict-policies) article. +For more information on using managed application configurations, refer to the [Managed Application Policies]({%slug fe-restrict-policies%}) article. diff --git a/mcp-server/prompt-library.md b/mcp-server/prompt-library.md index 5ab8ee36..9b15d9af 100644 --- a/mcp-server/prompt-library.md +++ b/mcp-server/prompt-library.md @@ -10,27 +10,138 @@ position: 10 Welcome to the Fiddler Everywhere Prompt Library. -The prompts provided here are intended and optimized for use with the Fiddler Everywhere [MCP Server](slug://fiddler-mcp-server). They can help you kick start and empower your HTTP traffic inspection, debugging, and even coding processes. +The prompts provided here are intended and optimized for use with the Fiddler Everywhere [MCP Server]({%slug fiddler-mcp-server%}). They can help you kick start and empower your HTTP traffic inspection, debugging, and even coding processes. >tip [Go straight to the prompts ⬇️](#general-prompts) ## How to Use the Prompts -All prompts in this library target the [MCP Server](slug://fiddler-mcp-server) via the `#fiddler` handle. Ensure that you have [installed and enabled the MCP Server](slug://fiddler-mcp-server#installation) before attempting to run the prompts. +All prompts in this library target the [MCP Server]({%slug fiddler-mcp-server%}) via the `#fiddler` handle. Ensure that you have [installed and enabled the MCP Server]({%slug fiddler-mcp-server%}#installation) before attempting to run the prompts. 1. Browse the prompt library to find a prompt that suits your needs. 2. Copy the prompt text (including the `#fiddler` handle). 3. (Optional) Customize the prompt as needed for your specific use case but keep the `#fiddler` handle. -4. Run the prompt against the [MCP Server](slug://fiddler-mcp-server). +4. Run the prompt against the [MCP Server]({%slug fiddler-mcp-server%}). >warning Always double-check the code and solutions proposed by any AI-powered tool before applying them to your project. + ## General Prompts This section provides examples of general questions related to Kendo UI for Angular.
+```prompt +#fiddler Start capturing HTTP traffic in Fiddler using Chrome +``` +```ts +``` + +```prompt +#fiddler Start capturing HTTP traffic in Fiddler using a Terminal +``` +```ts +``` + +```prompt +#fiddler Аdd a reverse proxy, listening on {clientPort} and forwarding traffic to {remoteHost} +``` +```ts +``` + +```prompt +#fiddler Disable the reverse proxy +``` +```ts +``` + +```prompt +#fiddler apply a filter to capture traffic that contains localhost +``` +```ts +``` + +```prompt +#fiddler apply a filter to capture traffic that contains {keyword} +``` +```ts +``` + +```prompt +#fiddler apply a filter to capture traffic that contains {keyword} +``` +```ts +``` + +```prompt +#fiddler show filtered sessions +``` +```ts +``` + +```prompt +#fiddler clear all filters +``` +```ts +``` + +
+ +## Common Usage Prompts + +
+ +```prompt +#fiddler Analyze the captured HTTP traffic +``` +```ts +``` + +```prompt +#fiddler Analyze session with ID 188 +``` +```ts +``` + +```prompt +#fiddler Does the filtered sessions contain sanitized data +``` +```ts +``` + +```prompt +#fiddler Analyze the captured sessions for leaked sensitive data +``` +```ts +``` + +```prompt +#fiddler analyze the captured sessions and suggest security optimizations +``` +```ts +``` + +```prompt +#fiddler analyze the captured sessions and suggest performance optimizations +``` +```ts +``` + +```prompt +#fiddler extract statistical data and timings from the traffic related to docs.telerik.com +``` +```ts +``` + +
+ + ## See Also -* [Fiddler Everywhere MCP Server Overview](slug://fiddler-mcp-server) \ No newline at end of file +* [Fiddler Everywhere MCP Server Overview]({%slug fiddler-mcp-server%}) \ No newline at end of file From 244afe19c8f57ed082a2106037e829f91a9bda57 Mon Sep 17 00:00:00 2001 From: Nick Iliev Date: Tue, 7 Oct 2025 12:21:42 +0300 Subject: [PATCH 05/18] fix prompts --- mcp-server/prompt-library.md | 187 ++++++----------------------------- 1 file changed, 30 insertions(+), 157 deletions(-) diff --git a/mcp-server/prompt-library.md b/mcp-server/prompt-library.md index 9b15d9af..a069188d 100644 --- a/mcp-server/prompt-library.md +++ b/mcp-server/prompt-library.md @@ -25,176 +25,56 @@ All prompts in this library target the [MCP Server]({%slug fiddler-mcp-server%}) >warning Always double-check the code and solutions proposed by any AI-powered tool before applying them to your project. - ## General Prompts This section provides examples of general questions related to Kendo UI for Angular.
-```prompt +``` Use Browser Capturing Mode #fiddler Start capturing HTTP traffic in Fiddler using Chrome ``` -```ts -``` -```prompt + +``` Use Terminal Capturing Mode #fiddler Start capturing HTTP traffic in Fiddler using a Terminal ``` -```ts -``` -```prompt + +``` Set Reverse Proxy #fiddler Аdd a reverse proxy, listening on {clientPort} and forwarding traffic to {remoteHost} ``` -```ts -``` -```prompt + +``` Unset Reverse Proxy #fiddler Disable the reverse proxy ``` -```ts -``` -```prompt + +``` Add a localhost filter #fiddler apply a filter to capture traffic that contains localhost ``` -```ts -``` -```prompt -#fiddler apply a filter to capture traffic that contains {keyword} -``` -```ts -``` -```prompt +``` Add a specific filter #fiddler apply a filter to capture traffic that contains {keyword} ``` -```ts -``` -```prompt -#fiddler show filtered sessions -``` -```ts -``` - -```prompt -#fiddler clear all filters -``` -```ts -``` - -
- -## Common Usage Prompts - -
-```prompt -#fiddler Analyze the captured HTTP traffic -``` -```ts -``` - -```prompt -#fiddler Analyze session with ID 188 -``` -```ts -``` - -```prompt -#fiddler Does the filtered sessions contain sanitized data -``` -```ts -``` - -```prompt -#fiddler Analyze the captured sessions for leaked sensitive data -``` -```ts -``` - -```prompt -#fiddler analyze the captured sessions and suggest security optimizations -``` -```ts -``` - -```prompt -#fiddler analyze the captured sessions and suggest performance optimizations -``` -```ts -``` - -```prompt -#fiddler extract statistical data and timings from the traffic related to docs.telerik.com -``` -```ts -``` - -
- - + + ## See Also From cfa53e1a798942895b03ca2beebbe566faa83c7a Mon Sep 17 00:00:00 2001 From: Nick Iliev Date: Tue, 7 Oct 2025 13:23:49 +0300 Subject: [PATCH 06/18] prompt libary md --- mcp-server/prompt-library.md | 49 ++++++++++++------------------------ 1 file changed, 16 insertions(+), 33 deletions(-) diff --git a/mcp-server/prompt-library.md b/mcp-server/prompt-library.md index a069188d..b78b4ce3 100644 --- a/mcp-server/prompt-library.md +++ b/mcp-server/prompt-library.md @@ -31,92 +31,75 @@ This section provides examples of general questions related to Kendo UI for Angu
-``` Use Browser Capturing Mode +``` #fiddler Start capturing HTTP traffic in Fiddler using Chrome ``` - -``` Use Terminal Capturing Mode +``` #fiddler Start capturing HTTP traffic in Fiddler using a Terminal ``` - -``` Set Reverse Proxy +``` #fiddler Аdd a reverse proxy, listening on {clientPort} and forwarding traffic to {remoteHost} ``` - -``` Unset Reverse Proxy +``` #fiddler Disable the reverse proxy ``` - -``` Add a localhost filter +``` #fiddler apply a filter to capture traffic that contains localhost ``` - -``` Add a specific filter +``` #fiddler apply a filter to capture traffic that contains {keyword} ``` - -``` Add a specific filter +``` #fiddler apply a filter to capture traffic that contains {keyword} ``` - -``` Show filtered sessions +``` #fiddler show filtered sessions ``` - -``` Clear All Filters +``` #fiddler clear all filters ``` - -
## Common Usage Prompts
-``` Analyze the Captured Traffic +``` #fiddler Analyze the captured HTTP traffic ``` - -``` Analyze Specific Session +``` #fiddler Analyze session with ID 188 ``` - -``` Check for Sanitization +``` #fiddler Does the filtered sessions contain sanitized data ``` - -``` Conduct Security Analysis +``` #fiddler Analyze the captured sessions for leaked sensitive data ``` - -``` Conduct Security Analysis (2) +``` #fiddler analyze the captured sessions and suggest security optimizations ``` - -``` Conduct Performance Analysis +``` #fiddler analyze the captured sessions and suggest performance optimizations ``` - -``` Generate Statistical Report +``` #fiddler extract statistical data and timings from the traffic related to docs.telerik.com ``` -
## See Also From ad2996dab1369c6fc3f1619d9d2899b4beb20662 Mon Sep 17 00:00:00 2001 From: Nick Iliev Date: Tue, 7 Oct 2025 13:30:18 +0300 Subject: [PATCH 07/18] md fix --- mcp-server/prompt-library.md | 70 +++++++++++++++++++++++++----------- 1 file changed, 49 insertions(+), 21 deletions(-) diff --git a/mcp-server/prompt-library.md b/mcp-server/prompt-library.md index b78b4ce3..3b95e065 100644 --- a/mcp-server/prompt-library.md +++ b/mcp-server/prompt-library.md @@ -29,78 +29,106 @@ All prompts in this library target the [MCP Server]({%slug fiddler-mcp-server%}) This section provides examples of general questions related to Kendo UI for Angular. -
-``` +``` Use Browser Capturing Mode #fiddler Start capturing HTTP traffic in Fiddler using Chrome ``` - +```ts ``` + +``` Use Terminal Capturing Mode #fiddler Start capturing HTTP traffic in Fiddler using a Terminal ``` - +```ts ``` + +``` Set Reverse Proxy #fiddler Аdd a reverse proxy, listening on {clientPort} and forwarding traffic to {remoteHost} ``` - +```ts ``` + +``` Unset Reverse Proxy #fiddler Disable the reverse proxy ``` - +```ts ``` + +``` Add a localhost filter #fiddler apply a filter to capture traffic that contains localhost ``` - +```ts ``` + +``` Add a specific filter #fiddler apply a filter to capture traffic that contains {keyword} ``` - +```ts ``` + +``` Add a specific filter #fiddler apply a filter to capture traffic that contains {keyword} ``` - +```ts ``` + +``` Show filtered sessions #fiddler show filtered sessions ``` - +```ts ``` + +``` Clear All Filters #fiddler clear all filters ``` -
+```ts +``` + ## Common Usage Prompts -
-``` +``` Analyze the Captured Traffic #fiddler Analyze the captured HTTP traffic ``` - +```ts ``` + +``` Analyze Specific Session #fiddler Analyze session with ID 188 ``` - +```ts ``` + +``` Check for Sanitization #fiddler Does the filtered sessions contain sanitized data ``` - +```ts ``` + +``` Conduct Security Analysis #fiddler Analyze the captured sessions for leaked sensitive data ``` - +```ts ``` + +``` Conduct Security Analysis (2) #fiddler analyze the captured sessions and suggest security optimizations ``` - +```ts ``` + +``` Conduct Performance Analysis #fiddler analyze the captured sessions and suggest performance optimizations ``` - +```ts ``` + +``` Generate Statistical Report #fiddler extract statistical data and timings from the traffic related to docs.telerik.com ``` - -
+```ts +``` ## See Also From 39d62f1336c989e9c843e02f99adf416f8522aa2 Mon Sep 17 00:00:00 2001 From: Nick Iliev Date: Tue, 7 Oct 2025 13:44:23 +0300 Subject: [PATCH 08/18] md fix' --- mcp-server/prompt-library.md | 80 +++++++++++++++--------------------- 1 file changed, 32 insertions(+), 48 deletions(-) diff --git a/mcp-server/prompt-library.md b/mcp-server/prompt-library.md index 3b95e065..1a39c761 100644 --- a/mcp-server/prompt-library.md +++ b/mcp-server/prompt-library.md @@ -30,106 +30,90 @@ All prompts in this library target the [MCP Server]({%slug fiddler-mcp-server%}) This section provides examples of general questions related to Kendo UI for Angular. -``` Use Browser Capturing Mode -#fiddler Start capturing HTTP traffic in Fiddler using Chrome ``` -```ts +#fiddler Start capturing HTTP traffic in Fiddler using Chrome ``` -``` Use Terminal Capturing Mode -#fiddler Start capturing HTTP traffic in Fiddler using a Terminal + ``` -```ts +#fiddler Start capturing HTTP traffic in Fiddler using a Terminal ``` -``` Set Reverse Proxy -#fiddler Аdd a reverse proxy, listening on {clientPort} and forwarding traffic to {remoteHost} + ``` -```ts +#fiddler Аdd a reverse proxy, listening on {clientPort} and forwarding traffic to {remoteHost} ``` -``` Unset Reverse Proxy -#fiddler Disable the reverse proxy + ``` -```ts +#fiddler Disable the reverse proxy ``` -``` Add a localhost filter -#fiddler apply a filter to capture traffic that contains localhost + ``` -```ts +#fiddler apply a filter to capture traffic that contains localhost ``` -``` Add a specific filter -#fiddler apply a filter to capture traffic that contains {keyword} + ``` -```ts +#fiddler apply a filter to capture traffic that contains {keyword} ``` -``` Add a specific filter -#fiddler apply a filter to capture traffic that contains {keyword} + ``` -```ts +#fiddler apply a filter to capture traffic that contains {keyword} ``` -``` Show filtered sessions -#fiddler show filtered sessions + ``` -```ts +#fiddler show filtered sessions ``` -``` Clear All Filters -#fiddler clear all filters + ``` -```ts +#fiddler clear all filters ``` + ## Common Usage Prompts -``` Analyze the Captured Traffic -#fiddler Analyze the captured HTTP traffic ``` -```ts +#fiddler Analyze the captured HTTP traffic ``` -``` Analyze Specific Session -#fiddler Analyze session with ID 188 + ``` -```ts +#fiddler Analyze session with ID 188 ``` -``` Check for Sanitization -#fiddler Does the filtered sessions contain sanitized data + ``` -```ts +#fiddler Does the filtered sessions contain sanitized data ``` -``` Conduct Security Analysis -#fiddler Analyze the captured sessions for leaked sensitive data + ``` -```ts +#fiddler Analyze the captured sessions for leaked sensitive data ``` -``` Conduct Security Analysis (2) -#fiddler analyze the captured sessions and suggest security optimizations + ``` -```ts +#fiddler analyze the captured sessions and suggest security optimizations ``` -``` Conduct Performance Analysis -#fiddler analyze the captured sessions and suggest performance optimizations + ``` -```ts +#fiddler analyze the captured sessions and suggest performance optimizations ``` -``` Generate Statistical Report -#fiddler extract statistical data and timings from the traffic related to docs.telerik.com + ``` -```ts +#fiddler extract statistical data and timings from the traffic related to docs.telerik.com ``` + ## See Also * [Fiddler Everywhere MCP Server Overview]({%slug fiddler-mcp-server%}) \ No newline at end of file From 21d6ce7503d26600d0f3ed36cc59b281c6fcd758 Mon Sep 17 00:00:00 2001 From: Nick Iliev Date: Tue, 7 Oct 2025 15:15:57 +0300 Subject: [PATCH 09/18] docs: custom prompts --- mcp-server/prompt-library.md | 92 ++++++++++++++++++++++++++++++++---- 1 file changed, 84 insertions(+), 8 deletions(-) diff --git a/mcp-server/prompt-library.md b/mcp-server/prompt-library.md index 1a39c761..76d66e56 100644 --- a/mcp-server/prompt-library.md +++ b/mcp-server/prompt-library.md @@ -12,11 +12,75 @@ Welcome to the Fiddler Everywhere Prompt Library. The prompts provided here are intended and optimized for use with the Fiddler Everywhere [MCP Server]({%slug fiddler-mcp-server%}). They can help you kick start and empower your HTTP traffic inspection, debugging, and even coding processes. ->tip [Go straight to the prompts ⬇️](#general-prompts) +>tip Get familiar with the [built-in prompts](#built-in-mcp-prompts) or go straight to the [custom prompts ⬇️](#custom-prompts) -## How to Use the Prompts +## Built-in MCP Prompts -All prompts in this library target the [MCP Server]({%slug fiddler-mcp-server%}) via the `#fiddler` handle. Ensure that you have [installed and enabled the MCP Server]({%slug fiddler-mcp-server%}#installation) before attempting to run the prompts. +The Fiddler Everywhere MCP server comes with a set of predefined system prompts. To invoke the built-in prompts start your AI-powered IDE in agent mode and then type `/mcp.fiddler.`. This will list all available built-in prompts that can be invoked. + +```sh +/mcp.fiddler.initiate-login # A prompt to perform log in to Fiddler. +``` + +```sh +/mcp.fiddler.open-trust-root-certificate-dialog # A prompt to open the Trust Root Certificate system dialog. +``` + +```sh +/mcp.fiddler.clear-sessions # A prompt to clear all currently captured sessions in Fiddler. +``` + +```sh +/mcp.fiddler.get-session-details # A prompt to get detailed information about a specific session in Fiddler. Asks user for the ID of the session to retrieve details for. +``` + +```sh +/mcp.fiddler.start-capture-with-terminal # A prompt to start a new Terminal instance with Fiddler proxy settings applied. +``` + +```sh +/mcp.fiddler.add-reverse-proxy-port # A prompt to add a reverse proxy port in Fiddler. +``` + +```sh +/mcp.fiddler.get-status # A prompt to get the current status of Fiddler. Asks user for the client port to listen on. A number between 1025 and 65535 (required) and for the remote host to forward traffic to (required) + +``` + +```sh +/mcp.fiddler.disable-reverse-proxy # A prompt to disable the reverse proxy in Fiddler. +``` + +```sh +/mcp.fiddler.start-capture-with-chrome # A prompt to start a new Chrome instance with Fiddler proxy settings applied. +``` + +```sh +/mcp.fiddler.get-sessions-count # A prompt to get the number of currently captured sessions in Fiddler. +``` + +```sh +/mcp.fiddler.get-sessions # A prompt to get the currently captured sessions in Fiddler with filters applied. +``` + +```sh +/mcp.fiddler.is-user-logged-in # A prompt to check if the user is logged in to Fiddler. +``` + +```sh +/mcp.fiddler.remove-reverse-proxy-port # A prompt to remove a reverse proxy port in Fiddler. Asks user for clientPort (the reverse proxy is listening on) +``` + +```sh +/mcp.fiddler.enable-reverse-proxy # A prompt to enable the reverse proxy in Fiddler. +``` + + +## Custom Prompts + +Just as any other MCP, the Fiddler Everywhere MCP server can be used through common language to create your own custom prompts. All custom prompts in the below sample prompt library target the [MCP Server]({%slug fiddler-mcp-server%}) via the `#fiddler` handle. Ensure that you have [installed and enabled the MCP Server]({%slug fiddler-mcp-server%}#installation) before attempting to run the prompts. + +### How to Use the Custom Prompts 1. Browse the prompt library to find a prompt that suits your needs. 2. Copy the prompt text (including the `#fiddler` handle). @@ -25,7 +89,7 @@ All prompts in this library target the [MCP Server]({%slug fiddler-mcp-server%}) >warning Always double-check the code and solutions proposed by any AI-powered tool before applying them to your project. -## General Prompts +### General Prompts This section provides examples of general questions related to Kendo UI for Angular. @@ -76,7 +140,7 @@ This section provides examples of general questions related to Kendo UI for Angu -## Common Usage Prompts +### Common Usage Prompts ``` @@ -100,19 +164,31 @@ This section provides examples of general questions related to Kendo UI for Angu ``` -#fiddler analyze the captured sessions and suggest security optimizations +#fiddler Analyze the captured sessions and suggest security optimizations +``` + + +``` +#fiddler Analyze the captured sessions and suggest performance optimizations ``` ``` -#fiddler analyze the captured sessions and suggest performance optimizations +#fiddler Extract statistical data and timings from the traffic related to docs.telerik.com ``` ``` -#fiddler extract statistical data and timings from the traffic related to docs.telerik.com +#fiddler Create a rule to match all sessions from telerik.com and replace "Fiddler" with "Foodler" in the response bodies. ``` +``` +#fiddler Delete all rules created from the MCP +``` + +``` +#fiddler Analyze the captured session related to the Fiddler documentation site and create a comprehensive report that covers site purposes, used technologies, security highlights, and possible technical and performance optimizations +``` ## See Also From b155dd548f1448e4f314d2b18215951d6f6c41cd Mon Sep 17 00:00:00 2001 From: Nick Iliev Date: Tue, 7 Oct 2025 15:24:12 +0300 Subject: [PATCH 10/18] reoder prompts --- mcp-server/prompt-library.md | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/mcp-server/prompt-library.md b/mcp-server/prompt-library.md index 76d66e56..f9973175 100644 --- a/mcp-server/prompt-library.md +++ b/mcp-server/prompt-library.md @@ -23,15 +23,16 @@ The Fiddler Everywhere MCP server comes with a set of predefined system prompts. ``` ```sh -/mcp.fiddler.open-trust-root-certificate-dialog # A prompt to open the Trust Root Certificate system dialog. +/mcp.fiddler.is-user-logged-in # A prompt to check if the user is logged in to Fiddler. ``` ```sh -/mcp.fiddler.clear-sessions # A prompt to clear all currently captured sessions in Fiddler. +/mcp.fiddler.get-status # A prompt to get the current status of Fiddler. + ``` ```sh -/mcp.fiddler.get-session-details # A prompt to get detailed information about a specific session in Fiddler. Asks user for the ID of the session to retrieve details for. +/mcp.fiddler.open-trust-root-certificate-dialog # A prompt to open the Trust Root Certificate system dialog. ``` ```sh @@ -39,32 +40,28 @@ The Fiddler Everywhere MCP server comes with a set of predefined system prompts. ``` ```sh -/mcp.fiddler.add-reverse-proxy-port # A prompt to add a reverse proxy port in Fiddler. +/mcp.fiddler.start-capture-with-chrome # A prompt to start a new Chrome instance with Fiddler proxy settings applied. ``` -```sh -/mcp.fiddler.get-status # A prompt to get the current status of Fiddler. Asks user for the client port to listen on. A number between 1025 and 65535 (required) and for the remote host to forward traffic to (required) - -``` ```sh -/mcp.fiddler.disable-reverse-proxy # A prompt to disable the reverse proxy in Fiddler. +/mcp.fiddler.get-sessions-count # A prompt to get the number of currently captured sessions in Fiddler. ``` ```sh -/mcp.fiddler.start-capture-with-chrome # A prompt to start a new Chrome instance with Fiddler proxy settings applied. +/mcp.fiddler.get-sessions # A prompt to get the currently captured sessions in Fiddler with filters applied. ``` ```sh -/mcp.fiddler.get-sessions-count # A prompt to get the number of currently captured sessions in Fiddler. +/mcp.fiddler.get-session-details # A prompt to get detailed information about a specific session in Fiddler. Asks user for the ID of the session to retrieve details for. ``` ```sh -/mcp.fiddler.get-sessions # A prompt to get the currently captured sessions in Fiddler with filters applied. +/mcp.fiddler.clear-sessions # A prompt to clear all currently captured sessions in Fiddler. ``` ```sh -/mcp.fiddler.is-user-logged-in # A prompt to check if the user is logged in to Fiddler. +/mcp.fiddler.add-reverse-proxy-port # A prompt to add a reverse proxy in Fiddler. Asks user for the client port to listen on. A number between 1025 and 65535 (required) and for the remote host to forward traffic to (required) ``` ```sh @@ -75,6 +72,9 @@ The Fiddler Everywhere MCP server comes with a set of predefined system prompts. /mcp.fiddler.enable-reverse-proxy # A prompt to enable the reverse proxy in Fiddler. ``` +```sh +/mcp.fiddler.disable-reverse-proxy # A prompt to disable the reverse proxy in Fiddler. +``` ## Custom Prompts From 5dc29bfde9b2615697686e6772046a6b7b638568 Mon Sep 17 00:00:00 2001 From: Nick Iliev Date: Tue, 7 Oct 2025 15:39:23 +0300 Subject: [PATCH 11/18] remove statement related to `Add Server` in VSCode' --- mcp-server/installation.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/mcp-server/installation.md b/mcp-server/installation.md index 794b4b93..c9d45661 100644 --- a/mcp-server/installation.md +++ b/mcp-server/installation.md @@ -57,8 +57,6 @@ To enable the Fiddler Everywhere MCP server in Visual Studio Code, follow these } ``` 4. Start the Fiddler Everywhere MCP server in Visual Studio Code. - -Alternatively, use the **Add Server** option in Visual Studio Code and manually add the Fiddler Everywhere MCP server. ### Cursor From df7340df7e905003a87a98d584cdb3575ed0304a Mon Sep 17 00:00:00 2001 From: Nick Iliev Date: Wed, 8 Oct 2025 09:07:55 +0300 Subject: [PATCH 12/18] remove duplicated rule --- mcp-server/prompt-library.md | 5 ----- 1 file changed, 5 deletions(-) diff --git a/mcp-server/prompt-library.md b/mcp-server/prompt-library.md index f9973175..3efcd8d0 100644 --- a/mcp-server/prompt-library.md +++ b/mcp-server/prompt-library.md @@ -124,11 +124,6 @@ This section provides examples of general questions related to Kendo UI for Angu ``` -``` -#fiddler apply a filter to capture traffic that contains {keyword} -``` - - ``` #fiddler show filtered sessions ``` From 3a873891e66a2c2a59f8da422141f223b98a8bf9 Mon Sep 17 00:00:00 2001 From: Nick Iliev Date: Wed, 8 Oct 2025 10:04:47 +0300 Subject: [PATCH 13/18] docs: sanitization + updated mcp article --- ...{installation.md => fiddler-mcp-server.md} | 2 +- mcp-server/prompt-library.md | 311 ++++++++++++++++-- security/sanitization.md | 79 +++++ security/security-highlights.md | 57 ++-- 4 files changed, 397 insertions(+), 52 deletions(-) rename mcp-server/{installation.md => fiddler-mcp-server.md} (97%) create mode 100644 security/sanitization.md diff --git a/mcp-server/installation.md b/mcp-server/fiddler-mcp-server.md similarity index 97% rename from mcp-server/installation.md rename to mcp-server/fiddler-mcp-server.md index c9d45661..d04a8ed9 100644 --- a/mcp-server/installation.md +++ b/mcp-server/fiddler-mcp-server.md @@ -1,7 +1,7 @@ --- title: Fiddler MCP Server page_title: Fiddler MCP Server -description: "Installing and using the Fiddler Everywhere MCP server to interact with AI tools." +description: "Learn how to install, configure, and use the Fiddler Everywhere MCP server to integrate captured HTTPS traffic analysis with AI-powered IDEs and development tools." slug: fiddler-mcp-server publish: true position: 1 diff --git a/mcp-server/prompt-library.md b/mcp-server/prompt-library.md index 3efcd8d0..a4a305e8 100644 --- a/mcp-server/prompt-library.md +++ b/mcp-server/prompt-library.md @@ -1,80 +1,112 @@ --- title: Prompt Library page_title: Fiddler Everywhere AI Prompt Library -description: Explore a sample collection of prompts that you can use with the Fiddler Everywhere MCP server +description: "Explore built-in and custom AI prompts for the Fiddler Everywhere MCP server to analyze HTTP traffic, debug applications, optimize performance, and enhance your development workflow." slug: fiddler_ai_prompt_library position: 10 --- # Fiddler Everywhere Prompt Library -Welcome to the Fiddler Everywhere Prompt Library. +Welcome to the Fiddler Everywhere Prompt Library—your comprehensive resource for AI-powered HTTP traffic analysis and debugging. -The prompts provided here are intended and optimized for use with the Fiddler Everywhere [MCP Server]({%slug fiddler-mcp-server%}). They can help you kick start and empower your HTTP traffic inspection, debugging, and even coding processes. +This library provides ready-to-use prompts optimized for the Fiddler Everywhere [MCP Server]({%slug fiddler-mcp-server%}). Whether you're performing web debugging, security analysis, performance optimization, or data extraction, these prompts will help you maximize productivity by leveraging AI assistance with your captured HTTPS traffic. ->tip Get familiar with the [built-in prompts](#built-in-mcp-prompts) or go straight to the [custom prompts ⬇️](#custom-prompts) +>tip Start with the [built-in prompts](#built-in-mcp-prompts) for quick actions, or explore [custom prompts](#custom-prompts) for advanced scenarios. ## Built-in MCP Prompts -The Fiddler Everywhere MCP server comes with a set of predefined system prompts. To invoke the built-in prompts start your AI-powered IDE in agent mode and then type `/mcp.fiddler.`. This will list all available built-in prompts that can be invoked. +The Fiddler Everywhere MCP server includes predefined system prompts for common operations. These built-in prompts provide quick access to Fiddler's core functionality directly from your AI-powered IDE. + +### How to Use Built-in Prompts + +1. Start your AI-powered IDE in **agent mode**. +2. Type `/mcp.fiddler.` to display all available built-in prompts. +3. Select the desired prompt or continue typing to autocomplete. + +### Available Built-in Prompts + +#### Authentication and Status ```sh -/mcp.fiddler.initiate-login # A prompt to perform log in to Fiddler. +/mcp.fiddler.initiate-login ``` +Initiates the login process to authenticate with Fiddler Everywhere. ```sh -/mcp.fiddler.is-user-logged-in # A prompt to check if the user is logged in to Fiddler. +/mcp.fiddler.is-user-logged-in ``` +Checks the current authentication status to verify if the user is logged in to Fiddler Everywhere. ```sh -/mcp.fiddler.get-status # A prompt to get the current status of Fiddler. - +/mcp.fiddler.get-status ``` +Retrieves the current operational status of Fiddler Everywhere, including capturing state and connection information. + +#### Certificate Management ```sh -/mcp.fiddler.open-trust-root-certificate-dialog # A prompt to open the Trust Root Certificate system dialog. +/mcp.fiddler.open-trust-root-certificate-dialog ``` +Opens the system dialog for trusting the Fiddler root certificate, required for HTTPS traffic decryption. + +#### Traffic Capturing ```sh -/mcp.fiddler.start-capture-with-terminal # A prompt to start a new Terminal instance with Fiddler proxy settings applied. +/mcp.fiddler.start-capture-with-terminal ``` +Starts a new Terminal instance with Fiddler proxy settings automatically configured for capturing command-line traffic. ```sh -/mcp.fiddler.start-capture-with-chrome # A prompt to start a new Chrome instance with Fiddler proxy settings applied. +/mcp.fiddler.start-capture-with-chrome ``` +Launches a new Chrome browser instance with Fiddler proxy settings pre-configured for capturing web traffic. +#### Session Management ```sh -/mcp.fiddler.get-sessions-count # A prompt to get the number of currently captured sessions in Fiddler. +/mcp.fiddler.get-sessions-count ``` +Returns the total number of currently captured sessions in Fiddler Everywhere. ```sh -/mcp.fiddler.get-sessions # A prompt to get the currently captured sessions in Fiddler with filters applied. +/mcp.fiddler.get-sessions ``` +Retrieves the currently captured sessions with optional filters applied for targeted analysis. ```sh -/mcp.fiddler.get-session-details # A prompt to get detailed information about a specific session in Fiddler. Asks user for the ID of the session to retrieve details for. +/mcp.fiddler.get-session-details ``` +Fetches detailed information about a specific session. You will be prompted to provide the session ID. ```sh -/mcp.fiddler.clear-sessions # A prompt to clear all currently captured sessions in Fiddler. +/mcp.fiddler.clear-sessions ``` +Clears all currently captured sessions from Fiddler Everywhere. + +#### Reverse Proxy Operations ```sh -/mcp.fiddler.add-reverse-proxy-port # A prompt to add a reverse proxy in Fiddler. Asks user for the client port to listen on. A number between 1025 and 65535 (required) and for the remote host to forward traffic to (required) +/mcp.fiddler.add-reverse-proxy-port ``` +Configures a reverse proxy in Fiddler. You will be prompted for: +- Client port to listen on (1025-65535) +- Remote host to forward traffic to ```sh -/mcp.fiddler.remove-reverse-proxy-port # A prompt to remove a reverse proxy port in Fiddler. Asks user for clientPort (the reverse proxy is listening on) +/mcp.fiddler.remove-reverse-proxy-port ``` +Removes a previously configured reverse proxy port. You will be prompted for the client port number. ```sh -/mcp.fiddler.enable-reverse-proxy # A prompt to enable the reverse proxy in Fiddler. +/mcp.fiddler.enable-reverse-proxy ``` +Activates the reverse proxy functionality in Fiddler Everywhere. ```sh -/mcp.fiddler.disable-reverse-proxy # A prompt to disable the reverse proxy in Fiddler. +/mcp.fiddler.disable-reverse-proxy ``` +Deactivates the reverse proxy functionality in Fiddler Everywhere. ## Custom Prompts @@ -182,7 +214,244 @@ This section provides examples of general questions related to Kendo UI for Angu ``` ``` -#fiddler Analyze the captured session related to the Fiddler documentation site and create a comprehensive report that covers site purposes, used technologies, security highlights, and possible technical and performance optimizations +## Custom Prompts + +Beyond the built-in prompts, you can use natural language to create custom prompts tailored to your specific debugging and analysis needs. The Fiddler Everywhere MCP server understands conversational queries and can perform complex operations based on your instructions. + +All custom prompts in this library use the `#fiddler` handle to target the [MCP Server]({%slug fiddler-mcp-server%}). Ensure you have [installed and enabled the MCP Server]({%slug fiddler-mcp-server%}#installation) before using these prompts. + +### How to Use Custom Prompts + +1. **Browse** the prompt library to find a prompt that matches your use case. +2. **Copy** the prompt text, including the `#fiddler` handle. +3. **Customize** (optional) the prompt for your specific scenario, replacing placeholders like `{keyword}`, `{clientPort}`, or `{remoteHost}` with actual values. +4. **Run** the prompt in your AI-powered IDE's agent mode. + +>warning Always review and validate the code, configurations, and solutions proposed by AI-powered tools before applying them to your production environment. + +### Capture and Session Management + +Start capturing traffic and manage your sessions with these essential prompts: + +``` +#fiddler Start capturing HTTP traffic in Fiddler using Chrome +``` + +``` +#fiddler Start capturing HTTP traffic in Fiddler using a Terminal +``` + +``` +#fiddler Add a reverse proxy, listening on {clientPort} and forwarding traffic to {remoteHost} +``` + +``` +#fiddler Disable the reverse proxy +``` + +``` +#fiddler Apply a filter to capture traffic that contains localhost +``` + +``` +#fiddler Apply a filter to capture traffic that contains {keyword} +``` + +``` +#fiddler Show filtered sessions +``` + +``` +#fiddler Clear all filters +``` + +``` +#fiddler Clear all captured sessions +``` + +### Traffic Analysis + +Analyze captured HTTP traffic to understand application behavior and identify issues: + +``` +#fiddler Analyze the captured HTTP traffic +``` + +``` +#fiddler Analyze session with ID {sessionId} +``` + +``` +#fiddler Summarize all API calls made to {domain} +``` + +``` +#fiddler Show me all failed requests (status codes 4xx and 5xx) +``` + +``` +#fiddler List all sessions with response times greater than 2 seconds +``` + +``` +#fiddler Extract all unique domains from the captured traffic +``` + +### Security Analysis + +Identify security vulnerabilities and sensitive data exposure: + +``` +#fiddler Does the filtered sessions contain sanitized data +``` + +``` +#fiddler Analyze the captured sessions for leaked sensitive data +``` + +``` +#fiddler Analyze the captured sessions and suggest security optimizations +``` + +``` +#fiddler Check for insecure HTTP connections in the captured traffic +``` + +``` +#fiddler Identify sessions with weak or missing security headers +``` + +``` +#fiddler Find all sessions containing authentication tokens or API keys +``` + +### Performance Analysis + +Optimize application performance by analyzing timing and resource usage: + +``` +#fiddler Analyze the captured sessions and suggest performance optimizations +``` + +``` +#fiddler Extract statistical data and timings from the traffic related to {domain} +``` + +``` +#fiddler Identify the slowest API endpoints in the captured traffic +``` + +``` +#fiddler Show me all sessions with large response bodies (>1MB) +``` + +``` +#fiddler Analyze caching efficiency for the captured sessions +``` + +``` +#fiddler Calculate the total bandwidth consumed by the captured traffic +``` + +### Rules and Automation + +Create and manage rules to modify traffic behavior: + +``` +#fiddler Create a rule to match all sessions from {domain} and replace "{oldText}" with "{newText}" in the response bodies +``` + +``` +#fiddler Delete all rules created from the MCP +``` + +``` +#fiddler Create a rule to add a custom header "X-Debug-Mode: true" to all requests to {domain} +``` + +``` +#fiddler Create a rule to simulate a slow network by adding a 2-second delay to all responses +``` + +### Comprehensive Reporting + +Generate detailed reports combining multiple analysis aspects: + +``` +#fiddler Analyze the captured session related to {domain} and create a comprehensive report that covers site purposes, used technologies, security highlights, and possible technical and performance optimizations +``` + +``` +#fiddler Create a detailed API documentation based on the captured REST API calls to {domain} +``` + +``` +#fiddler Generate a security audit report for all sessions captured from {domain} +``` + +``` +#fiddler Create a performance benchmark report showing response times, payload sizes, and optimization recommendations +``` + +### Debugging and Troubleshooting + +Use these prompts to diagnose and resolve issues: + +``` +#fiddler Help me debug why my application can't connect to {endpoint} +``` + +``` +#fiddler Explain the CORS errors in the captured traffic +``` + +``` +#fiddler Show me the request/response chain for session ID {sessionId} +``` + +``` +#fiddler Compare the headers between session {sessionId1} and session {sessionId2} +``` + +``` +#fiddler Find all redirect chains in the captured traffic +``` + +### Data Extraction + +Extract specific information from captured traffic for further analysis: + +``` +#fiddler Extract all GraphQL queries from the captured sessions +``` + +``` +#fiddler List all WebSocket connections and their messages +``` + +``` +#fiddler Export all POST request bodies from sessions to {domain} +``` + +``` +#fiddler Extract all JSON responses from the captured API calls +``` + +## Tips for Creating Effective Custom Prompts + +When crafting your own custom prompts, consider these best practices: + +- **Be specific**: Include domain names, session IDs, or specific criteria to narrow down the analysis. +- **Use filters**: Apply filters before complex analysis to reduce processing time and improve accuracy. +- **Combine operations**: Ask for multiple related tasks in a single prompt (e.g., "analyze and create a report"). +- **Leverage context**: Reference previous prompts or analyses to build on earlier work. +- **Iterate**: Start with broad questions and refine based on the results. + +## See Also + +* [Fiddler Everywhere MCP Server Overview]({%slug fiddler-mcp-server%}) +* [Security Highlights]({%slug fe-security-highlights%}) +* [Data Sanitization]({%slug fe-sanitization%}) ``` ## See Also diff --git a/security/sanitization.md b/security/sanitization.md new file mode 100644 index 00000000..bb6aa766 --- /dev/null +++ b/security/sanitization.md @@ -0,0 +1,79 @@ +--- +title: Data Sanitization +description: "Configure data sanitization in Fiddler Everywhere to automatically remove sensitive information from captured HTTPS traffic before saving, exporting, or sharing with the MCP server." +slug: fe-sanitization +position: 40 +--- + +# Data Sanitization + +The Fiddler Everywhere application provides data sanitization capabilities to automatically remove sensitive information from captured HTTPS traffic. This feature helps protect confidential data before performing actions such as saving sessions, exporting snapshots, or passing information to the Fiddler Everywhere MCP server. + +Data sanitization is configurable through the **Settings > Sanitization** section. By default, the sanitization process is enabled only for MCP output. + +>important Fiddler Everywhere attempts to sanitize HTTP traffic, but complete removal of sensitive data is not guaranteed. Unstructured, encrypted, compressed, obfuscated, or binary data may bypass the sanitization process. Each user is responsible for verifying the sanitization results and preventing unintended disclosure of sensitive information. + +## Configuring Sanitization + +The **Sanitization** settings screen provides comprehensive options to control how and when your captured traffic data is sanitized. + +## Configuring Sanitization + +The **Sanitization** settings screen provides comprehensive options to control how and when your captured traffic data is sanitized. + +### Mask Value + +- **Mask** - Specifies the string value used to replace sanitized data. The default mask is typically `***SANITIZED***`, but you can customize it to any value that suits your needs. + +### When to Sanitize + +Control when sanitization occurs by enabling or disabling sanitization for specific actions: + +- **On Save** - Automatically sanitizes session snapshots before any save operation in Fiddler Everywhere. Enable this option to ensure saved sessions never contain sensitive data locally. +- **On Export** - Automatically sanitizes session snapshots before any export operation in Fiddler Everywhere. Enable this option when sharing exported files with team members or external parties. +- **On MCP Output** - Automatically sanitizes session snapshots before data is sent to the Fiddler Everywhere MCP server. This option is **enabled by default** to protect sensitive information from being processed by AI models. + +>tip Enable all three sanitization options if you regularly work with highly sensitive data or need to comply with strict data protection policies. + +### Parts of the Session to Sanitize + +Specify which components of the HTTP traffic should be sanitized. Sanitization applies both default rules and custom rules configured in the **Additional Settings** section: + +- **Sanitize URL** - Masks sensitive parameters and path segments in request URLs (e.g., API keys, tokens, user IDs). +- **Sanitize Headers** - Masks sensitive HTTP headers such as `Authorization`, `Cookie`, `X-API-Key`, and other custom headers containing credentials or tokens. +- **Sanitize Cookies** - Masks cookie values that may contain session identifiers, authentication tokens, or user-specific data. +- **Sanitize Request Body** - Masks sensitive data within HTTP request bodies, such as passwords, credit card numbers, personal information, or proprietary data. +- **Sanitize Response Body** - Masks sensitive data within HTTP response bodies, including user data, API responses containing secrets, or any confidential information returned by servers. +- **Strip Request Body** - Completely removes all HTTP request bodies from sessions. Use this option when request bodies consistently contain highly sensitive data that should not be stored at all. +- **Strip Response Body** - Completely removes all HTTP response bodies from sessions. Use this option when response bodies consistently contain highly sensitive data that should not be stored at all. + +>important The difference between "Sanitize" and "Strip" options: Sanitization replaces sensitive values with the mask string while preserving the structure of the data. Stripping completely removes the entire body content, which may affect your ability to debug or analyze the traffic later. + +### Additional Settings + +Enhance the sanitization process by defining custom rules to target specific sensitive data patterns: + +- **Additional Headers** - Add custom HTTP header names that should always be sanitized, beyond the default headers. Useful for application-specific authentication headers or proprietary security tokens. +- **Keywords** - Specify keywords or phrases that should be masked wherever they appear in URLs, headers, or bodies. Examples include company names, project codenames, or specific sensitive terms. +- **Regular Expression Patterns** - Define regex patterns to match and sanitize complex data formats such as: + - Credit card numbers: `\b\d{4}[\s-]?\d{4}[\s-]?\d{4}[\s-]?\d{4}\b` + - Email addresses: `\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b` + - Social security numbers, phone numbers, or other sensitive identifiers + +>tip Test your custom sanitization rules with sample traffic to ensure they correctly identify and mask sensitive data without over-sanitizing useful debugging information. + +## Best Practices + +When using data sanitization in Fiddler Everywhere, consider the following best practices: + +- **Always verify sanitization results** - Review sanitized sessions before sharing to confirm that all sensitive data has been properly masked. +- **Enable MCP sanitization by default** - Keep the "On MCP Output" option enabled to prevent inadvertent exposure of sensitive data to AI models. +- **Use appropriate sanitization scope** - Balance security needs with debugging requirements. Over-sanitization may hinder troubleshooting efforts. +- **Combine with password protection** - Use sanitization in conjunction with [password-protected sessions]({%slug fe-security-highlights%}#saving-traffic) for multiple layers of security. +- **Document custom rules** - Maintain documentation of custom sanitization rules, especially regex patterns, for team collaboration and compliance audits. +- **Regular rule review** - Periodically review and update sanitization rules as your application evolves and new sensitive data types are introduced. + +## See Also + +- [Security Highlights]({%slug fe-security-highlights%}) +- [Using the Fiddler MCP Server]({%slug fiddler-mcp-server%}) \ No newline at end of file diff --git a/security/security-highlights.md b/security/security-highlights.md index 29fc7399..f9a2608b 100644 --- a/security/security-highlights.md +++ b/security/security-highlights.md @@ -1,6 +1,6 @@ --- title: Security Highlights -description: "Security considerations when using Fiddler Everywhere as a proxy." +description: "Learn about essential security considerations, best practices, and safeguards when using Fiddler Everywhere as a proxy, including data protection, sanitization, and MCP server security." slug: fe-security-highlights publish: true position: 30 @@ -11,23 +11,15 @@ position: 30 While using Fiddler Everywhere, consider the following security indicators and highlights: - With the initial state for [the system capturing option]({%slug capture-traffic-get-started%}#system-capturing), Fiddler Everywhere will capture only non-secure HTTP traffic. This traffic is not encrypted and can expose sensitive information like visited URLs, internal API endpoints, etc. - - With the initial state for [the independent browser capturing option]({%slug capture-traffic-get-started%}#browser-capturing), Fiddler Everywhere will capture both non-secure HTTP and secure HTTPS traffic. The Fiddler Everywhere application will decrypt the HTTPS traffic. - - Fiddler Everywhere generates a unique root CA (certificate authority). Avoid sharing this certificate with anyone as it can pose a significant security threat (for example, anyone with access to that certificate can decrypt your HTTPS traffic). - - When HTTPS capturing is enabled, the captured data will contain readable, usually decrypted information. Share that data with trusted parties only and carefully consider what the requests and responses include. - +- Fiddler Everywhere provides [data sanitization]({%slug fe-sanitization%}) capabilities to help remove sensitive information before saving, exporting, or passing data to the MCP server. However, complete removal of sensitive data is not guaranteed as unstructured, encrypted, compressed, obfuscated, or binary data may bypass sanitization. Users are responsible for verifying the sanitization results. - All users accessing the Fiddler Everywhere application or saved sessions can also access the captured data. - -- Fiddler enables to usage of password protection to prevent unauthorized access to saved sessions stored locally or in the cloud. Fiddler stores all saved sessions as SAZ files and, using the password protection option adds 256-bit AES encryption. Anyone with access to the SAZ file can open unprotected saves. - +- Fiddler enables the usage of password protection to prevent unauthorized access to saved sessions stored locally or in the cloud. Fiddler stores all saved sessions as SAZ files, and using the password protection option adds 256-bit AES encryption. Anyone with access to the SAZ file can open unprotected saves. - Fiddler Everywhere will not store your data in the cloud if you do not use sharing or cloud capabilities. Once you sign in, everything is stored locally (your credentials are verified in the cloud). The only way to get captured data in the cloud is to upload it explicitly through user interaction from the **Snapshots** collections, **Requests** collections, or **rules** or share it with collaborators. - - Sessions uploaded to the Fiddler Everywhere cloud space are encrypted when password protection is enabled. All uploaded sessions are stored in the cloud as [Fiddler archives]({%slug fiddler-saz-format%}). - -- Fiddler Everywhere can be installed per machine on Windows OS (macOS and Linux installation is only per user). In that case, each Fiddler user logs into the application with their credentials, and the generated data is accessible to the other users. - +- Fiddler Everywhere can be installed per machine on Windows OS (macOS and Linux installation is only per user). In that case, each Fiddler user logs into the application with their credentials, and the generated data is accessible to the other users on the same machine. - Fiddler Everywhere is [SOC 2 compliant](#soc-compliance). ## Application Analytics @@ -40,50 +32,55 @@ Fiddler Everywhere provides options for securely saving and sharing captured tra ### Saving Traffic -Once Fiddler Everywhere captures the traffic, you have the option to [save the sessions for later usage]({%slug web-sessions-list%}#saving). Consider the following security highlights before saving sessions. +Once Fiddler Everywhere captures the traffic, you have the option to [save the sessions for later usage]({%slug web-sessions-list%}#saving). Consider the following security highlights before saving sessions: - All saved sessions are stored locally on the Fiddler Everywhere host machine as SAZ files (Fiddler Sessions Archive ZIP). The absolute path is different and depends on the used OS and the unique ID of the currently logged user: - * Windows path ```curl %userprofile%\.fiddler\\Snapshots ``` - * macOS path ```curl ~/.fiddler//Snapshots ``` - * Linux path ```curl ~/.fiddler//Snapshots ``` +- Use [data sanitization]({%slug fe-sanitization%}) to automatically remove sensitive information from sessions before saving. You can configure sanitization rules in **Settings > Sanitization** to mask or strip sensitive data from URLs, headers, cookies, and request/response bodies. +- The `.fiddler` folder will continue to exist even when the Fiddler Everywhere application is uninstalled. Any previously saved sessions will be available on the host machine until explicitly removed. Explicitly removing the `.fiddler` folder removes all previously saved sessions (the SAZ files in the Snapshots GUID folders). Consider keeping them in the Fiddler cloud as a backup option before clearing the folder. +- Other users can open any unprotected SAZ file at any time by gaining access to the SAZ file. Consider using password protection for your captured traffic to add 256-bit AES encryption to the saved SAZ files and prevent unauthorized access to sensitive data. -- The `fiddler` folder will continue to exist even when the Fiddler Everywhere application is uninstalled. Any previously saved sessions will be available on the host machine until explicitly removed. Explicitly removing the `.fiddler` folder removes all previously saved sessions (the SAZ files in the Snapshots `GUID` folders). Consider keeping them in the Fiddler cloud as a backup option before clearing the folder. - -- Other users can open any unprotected SAZ file at any time by getting access to the SAZ file. Consider using password protection for your captured traffic to add 256-bit AES encryption to the saved SAZ files and prevent unauthorized access to sensitive data. - - Fiddler Everywhere provides the following options to add password protection for your sessions: + Fiddler Everywhere provides the following options to add password protection for your sessions: * Setting a password when saving the session. - * Setting a password for already saved sessions. - -- Sessions saved in the cloud will continue locally through the `.fiddler` folder until explicitly removed. Removing the SAZ files from the `./fiddler` folder will remove their presence in the Fiddler Everywhere UI. - -- The only way to recover a deleted session from the **Snapshots** tree or a deleted SAZ file from the `.fiddler` folder is to download their cloud copy. Consider using the Fiddler Everywhere clouds saving option as a backup option. - -- Sessions are stored in Fiddler Everywhere cloud space as SAZ files. Consider protecting sensitive data by adding password protection for all cloud saves, which adds 256-bit AES encryption. +- Sessions saved in the cloud will remain locally in the `.fiddler` folder until explicitly removed. Removing the SAZ files from the `.fiddler` folder will remove their presence in the Fiddler Everywhere UI. +- The only way to recover a deleted session from the **Snapshots** tree or a deleted SAZ file from the `.fiddler` folder is to download their cloud copy. Consider using the Fiddler Everywhere cloud saving option as a backup. +- Sessions are stored in the Fiddler Everywhere cloud space as SAZ files. Consider protecting sensitive data by adding password protection for all cloud saves, which adds 256-bit AES encryption. ### Sharing Traffic Fiddler Everywhere comes with [collaboration in mind]({%slug fiddler-sharing%}) and provides sharing functionalities. Consider the following security highlights when sharing sessions: -A session is saved before sharing. Thus, you should consider the [saving-related security highlights](#saving-traffic). +- A session is saved before sharing. Thus, you should consider the [saving-related security highlights](#saving-traffic). +- Enable [data sanitization]({%slug fe-sanitization%}) before sharing sessions to automatically remove sensitive information. This is especially important when sharing with external collaborators or using the Fiddler MCP server integration. +- Sharing an unprotected session can expose your sensitive data to unauthorized third parties. Always consider adding password protection to your sessions before sharing them. + +## Using the Fiddler MCP Server + +Fiddler Everywhere provides an [MCP (Model Context Protocol) server]({%slug fiddler-mcp-server%}) that enables integration with AI-powered IDEs and tools for analyzing captured HTTPS traffic. Consider the following security highlights when using the MCP server: -Sharing an unprotected session can expose your sensitive data to unauthorized third parties. Always consider adding password protection to your sessions before sharing them. +- The MCP server runs locally on your machine (default port `8868`) and provides captured traffic data to connected AI tools and IDEs. Any application with access to your API key can retrieve your captured traffic data. +- Protect your MCP server API key. This key grants access to all captured traffic data. Do not share the API key or commit it to version control systems. Regenerate the API key immediately if you suspect it has been compromised. +- By default, [data sanitization]({%slug fe-sanitization%}) is enabled for MCP output to help prevent exposure of sensitive information to AI models. Verify that **Settings > Sanitization > On MCP Output** is enabled before using the MCP server. +- Be aware that captured traffic data sent to the MCP server will be processed by AI models (such as those provided by your IDE). Review your AI provider's data handling and privacy policies to understand how your data may be used, stored, or retained. +- The MCP server provides access to all captured sessions available in Fiddler Everywhere. Consider clearing old or unnecessary sessions before enabling the MCP server to limit data exposure. +- Only enable the MCP server when actively using it. Stop the server when not in use to minimize the window of potential unauthorized access. +- When using the MCP server on shared or multi-user machines, be particularly cautious as other users may attempt to access the MCP endpoint if they discover your API key. +- Enterprise administrators can completely disable the MCP server for licensed users through the `DisableMCP` managed application policy. This policy can be applied via registry settings on Windows or device management solutions on macOS. For more information, refer to the [MCP Access Policies]({%slug fiddler-mcp-server%}#mcp-access-policies) documentation. ## SOC Compliance From baa9a0a03394c4dc99641db07952930bffe27c2b Mon Sep 17 00:00:00 2001 From: Nick Iliev Date: Wed, 8 Oct 2025 10:11:11 +0300 Subject: [PATCH 14/18] fix markdown --- mcp-server/prompt-library.md | 106 ----------------------------------- 1 file changed, 106 deletions(-) diff --git a/mcp-server/prompt-library.md b/mcp-server/prompt-library.md index a4a305e8..50ffa049 100644 --- a/mcp-server/prompt-library.md +++ b/mcp-server/prompt-library.md @@ -110,112 +110,6 @@ Deactivates the reverse proxy functionality in Fiddler Everywhere. ## Custom Prompts -Just as any other MCP, the Fiddler Everywhere MCP server can be used through common language to create your own custom prompts. All custom prompts in the below sample prompt library target the [MCP Server]({%slug fiddler-mcp-server%}) via the `#fiddler` handle. Ensure that you have [installed and enabled the MCP Server]({%slug fiddler-mcp-server%}#installation) before attempting to run the prompts. - -### How to Use the Custom Prompts - -1. Browse the prompt library to find a prompt that suits your needs. -2. Copy the prompt text (including the `#fiddler` handle). -3. (Optional) Customize the prompt as needed for your specific use case but keep the `#fiddler` handle. -4. Run the prompt against the [MCP Server]({%slug fiddler-mcp-server%}). - ->warning Always double-check the code and solutions proposed by any AI-powered tool before applying them to your project. - -### General Prompts - -This section provides examples of general questions related to Kendo UI for Angular. - - -``` -#fiddler Start capturing HTTP traffic in Fiddler using Chrome -``` - - -``` -#fiddler Start capturing HTTP traffic in Fiddler using a Terminal -``` - - -``` -#fiddler Аdd a reverse proxy, listening on {clientPort} and forwarding traffic to {remoteHost} -``` - - -``` -#fiddler Disable the reverse proxy -``` - - -``` -#fiddler apply a filter to capture traffic that contains localhost -``` - - -``` -#fiddler apply a filter to capture traffic that contains {keyword} -``` - - -``` -#fiddler show filtered sessions -``` - - -``` -#fiddler clear all filters -``` - - - -### Common Usage Prompts - - -``` -#fiddler Analyze the captured HTTP traffic -``` - - -``` -#fiddler Analyze session with ID 188 -``` - - -``` -#fiddler Does the filtered sessions contain sanitized data -``` - - -``` -#fiddler Analyze the captured sessions for leaked sensitive data -``` - - -``` -#fiddler Analyze the captured sessions and suggest security optimizations -``` - - -``` -#fiddler Analyze the captured sessions and suggest performance optimizations -``` - - -``` -#fiddler Extract statistical data and timings from the traffic related to docs.telerik.com -``` - - -``` -#fiddler Create a rule to match all sessions from telerik.com and replace "Fiddler" with "Foodler" in the response bodies. -``` - -``` -#fiddler Delete all rules created from the MCP -``` - -``` -## Custom Prompts - Beyond the built-in prompts, you can use natural language to create custom prompts tailored to your specific debugging and analysis needs. The Fiddler Everywhere MCP server understands conversational queries and can perform complex operations based on your instructions. All custom prompts in this library use the `#fiddler` handle to target the [MCP Server]({%slug fiddler-mcp-server%}). Ensure you have [installed and enabled the MCP Server]({%slug fiddler-mcp-server%}#installation) before using these prompts. From e04889237b819ebbf88ad5fcbb8b7c94845815f3 Mon Sep 17 00:00:00 2001 From: Nick Iliev Date: Wed, 8 Oct 2025 10:13:20 +0300 Subject: [PATCH 15/18] fix duplicated title' --- security/sanitization.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/security/sanitization.md b/security/sanitization.md index bb6aa766..9bb09b70 100644 --- a/security/sanitization.md +++ b/security/sanitization.md @@ -17,10 +17,6 @@ Data sanitization is configurable through the **Settings > Sanitization** sectio The **Sanitization** settings screen provides comprehensive options to control how and when your captured traffic data is sanitized. -## Configuring Sanitization - -The **Sanitization** settings screen provides comprehensive options to control how and when your captured traffic data is sanitized. - ### Mask Value - **Mask** - Specifies the string value used to replace sanitized data. The default mask is typically `***SANITIZED***`, but you can customize it to any value that suits your needs. From 042dd47593afaf6b8ddad4927b25860e74053c35 Mon Sep 17 00:00:00 2001 From: Nick Iliev Date: Wed, 8 Oct 2025 10:31:58 +0300 Subject: [PATCH 16/18] fix see also link --- mcp-server/prompt-library.md | 11 +---------- security/sanitization.md | 4 ++-- 2 files changed, 3 insertions(+), 12 deletions(-) diff --git a/mcp-server/prompt-library.md b/mcp-server/prompt-library.md index 50ffa049..c6c98821 100644 --- a/mcp-server/prompt-library.md +++ b/mcp-server/prompt-library.md @@ -263,10 +263,6 @@ Create and manage rules to modify traffic behavior: #fiddler Create a rule to add a custom header "X-Debug-Mode: true" to all requests to {domain} ``` -``` -#fiddler Create a rule to simulate a slow network by adding a 2-second delay to all responses -``` - ### Comprehensive Reporting Generate detailed reports combining multiple analysis aspects: @@ -345,9 +341,4 @@ When crafting your own custom prompts, consider these best practices: * [Fiddler Everywhere MCP Server Overview]({%slug fiddler-mcp-server%}) * [Security Highlights]({%slug fe-security-highlights%}) -* [Data Sanitization]({%slug fe-sanitization%}) -``` - -## See Also - -* [Fiddler Everywhere MCP Server Overview]({%slug fiddler-mcp-server%}) \ No newline at end of file +* [Data Sanitization]({%slug fe-sanitization%}) \ No newline at end of file diff --git a/security/sanitization.md b/security/sanitization.md index 9bb09b70..cf96b1ca 100644 --- a/security/sanitization.md +++ b/security/sanitization.md @@ -11,7 +11,7 @@ The Fiddler Everywhere application provides data sanitization capabilities to au Data sanitization is configurable through the **Settings > Sanitization** section. By default, the sanitization process is enabled only for MCP output. ->important Fiddler Everywhere attempts to sanitize HTTP traffic, but complete removal of sensitive data is not guaranteed. Unstructured, encrypted, compressed, obfuscated, or binary data may bypass the sanitization process. Each user is responsible for verifying the sanitization results and preventing unintended disclosure of sensitive information. +>important Fiddler Everywhere attempts to sanitize HTTP(S) traffic, but complete removal of sensitive data is not guaranteed. Unstructured, encrypted, compressed, obfuscated, or binary data may bypass the sanitization process. Each user is responsible for verifying the sanitization results and preventing unintended disclosure of sensitive information. ## Configuring Sanitization @@ -33,7 +33,7 @@ Control when sanitization occurs by enabling or disabling sanitization for speci ### Parts of the Session to Sanitize -Specify which components of the HTTP traffic should be sanitized. Sanitization applies both default rules and custom rules configured in the **Additional Settings** section: +Specify which components of the HTTP(S) traffic should be sanitized. Sanitization applies both default rules and custom rules configured in the **Additional Settings** section: - **Sanitize URL** - Masks sensitive parameters and path segments in request URLs (e.g., API keys, tokens, user IDs). - **Sanitize Headers** - Masks sensitive HTTP headers such as `Authorization`, `Cookie`, `X-API-Key`, and other custom headers containing credentials or tokens. From cdf4deb49b67dc569446baeca7427c9405afbf8c Mon Sep 17 00:00:00 2001 From: Nick Iliev Date: Wed, 8 Oct 2025 15:05:43 +0300 Subject: [PATCH 17/18] add sanitization policies --- security/sanitization.md | 80 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 78 insertions(+), 2 deletions(-) diff --git a/security/sanitization.md b/security/sanitization.md index cf96b1ca..d08a2462 100644 --- a/security/sanitization.md +++ b/security/sanitization.md @@ -25,7 +25,7 @@ The **Sanitization** settings screen provides comprehensive options to control h Control when sanitization occurs by enabling or disabling sanitization for specific actions: -- **On Save** - Automatically sanitizes session snapshots before any save operation in Fiddler Everywhere. Enable this option to ensure saved sessions never contain sensitive data locally. +- **On Save** - Automatically sanitizes session snapshots before any save operation in Fiddler Everywhere. Enable this option to ensure saved sessions does not contain sensitive data locally. - **On Export** - Automatically sanitizes session snapshots before any export operation in Fiddler Everywhere. Enable this option when sharing exported files with team members or external parties. - **On MCP Output** - Automatically sanitizes session snapshots before data is sent to the Fiddler Everywhere MCP server. This option is **enabled by default** to protect sensitive information from being processed by AI models. @@ -49,7 +49,7 @@ Specify which components of the HTTP(S) traffic should be sanitized. Sanitizatio Enhance the sanitization process by defining custom rules to target specific sensitive data patterns: -- **Additional Headers** - Add custom HTTP header names that should always be sanitized, beyond the default headers. Useful for application-specific authentication headers or proprietary security tokens. +- **Headers** - Add custom HTTP header names that should always be sanitized, beyond the default headers. Useful for application-specific authentication headers or proprietary security tokens. - **Keywords** - Specify keywords or phrases that should be masked wherever they appear in URLs, headers, or bodies. Examples include company names, project codenames, or specific sensitive terms. - **Regular Expression Patterns** - Define regex patterns to match and sanitize complex data formats such as: - Credit card numbers: `\b\d{4}[\s-]?\d{4}[\s-]?\d{4}[\s-]?\d{4}\b` @@ -69,6 +69,82 @@ When using data sanitization in Fiddler Everywhere, consider the following best - **Document custom rules** - Maintain documentation of custom sanitization rules, especially regex patterns, for team collaboration and compliance audits. - **Regular rule review** - Periodically review and update sanitization rules as your application evolves and new sensitive data types are introduced. + +## Sanitization Policies + +Fiddler Everywhere Enterprise provides managed application policies that enable IT administrators to centrally control sanitization settings across their organization. The `DefaultSanitizationSettings` and `DisableSanitizationSettingsUpdate` policies allow administrators to enforce consistent data protection standards and prevent users from modifying sanitization configurations. + +### Policy Configuration Keys + +The following policies are available for managing sanitization behavior: + +- **DefaultSanitizationSettings** - Defines the default sanitization configuration applied when users launch Fiddler Everywhere. This policy allows administrators to pre-configure sanitization options including the mask value, which traffic components to sanitize, when to sanitize, and custom sanitization rules. + +- **DisableSanitizationSettingsUpdate** - When enabled, this policy locks the sanitization settings and prevents end users from modifying the configuration through the Fiddler Everywhere user interface. This ensures compliance with organizational data protection policies. + +### Windows Configuration + +IT teams managing Windows systems can apply sanitization policies using Group Policy, registry scripts, or endpoint management tools. Set the following registry values under: + +``` +HKEY_CURRENT_USER\SOFTWARE\Policies\Progress\Fiddler Everywhere +``` + +| Key Name | Value Type | Description | Example Value | +|:---------|:-----------|:------------|:--------------| +| `DefaultSanitizationSettings` | REG_SZ (string) | JSON object defining default sanitization configuration. All properties are optional; omitted properties use Fiddler Everywhere defaults. | See JSON structure below | +| `DisableSanitizationSettingsUpdate` | REG_DWORD | Locks sanitization settings to prevent user modifications. Set to `1` to enable, `0` to disable. | `0x00000001` (1) | + +#### DefaultSanitizationSettings JSON Structure + +The `DefaultSanitizationSettings` value accepts a JSON object with the following optional properties: + +```json +{ + "mask": "***SANITIZED***", + "sanitizeUrl": true, + "sanitizeHeaders": true, + "sanitizeCookies": true, + "sanitizeRequestBody": true, + "sanitizeResponseBody": true, + "stripRequestBody": false, + "stripResponseBody": false, + "sanitizeOnSave": false, + "sanitizeOnExport": false, + "sanitizeMcpOutput": true, + "additionalHeaders": ["X-Custom-Auth", "X-Internal-Token"], + "additionalKeywords": ["confidential", "proprietary"], + "additionalRegexes": ["\\b\\d{3}-\\d{2}-\\d{4}\\b"] +} +``` + +**Property Descriptions:** + +- `mask` - String value used to replace sanitized data (default: `"***SANITIZED***"`) +- `sanitizeUrl`, `sanitizeHeaders`, `sanitizeCookies`, `sanitizeRequestBody`, `sanitizeResponseBody` - Boolean values controlling which traffic components are sanitized +- `stripRequestBody`, `stripResponseBody` - Boolean values controlling whether to completely remove body content +- `sanitizeOnSave`, `sanitizeOnExport`, `sanitizeMcpOutput` - Boolean values controlling when sanitization occurs +- `additionalHeaders` - Array of custom header names to sanitize (can be `null` or omitted) +- `additionalKeywords` - Array of keywords to mask throughout traffic (can be `null` or omitted) +- `additionalRegexes` - Array of regular expression patterns for advanced sanitization (can be `null` or omitted) + +>tip When setting registry values programmatically, ensure the JSON string is properly escaped. For manual registry editing, paste the JSON as a single-line string value. + +### macOS Configuration + +IT teams managing macOS systems can apply sanitization policies using Mobile Device Management (MDM) solutions such as Jamf Pro, Microsoft Intune, or Apple's Profile Manager. Configure the following managed preferences: + +| Key Name | Value Type | Description | Example Value | +|:---------|:-----------|:------------|:--------------| +| `DefaultSanitizationSettings` | String | JSON object defining default sanitization configuration. All properties are optional; omitted properties use Fiddler Everywhere defaults. | See JSON structure above | +| `DisableSanitizationSettingsUpdate` | Integer | Locks sanitization settings to prevent user modifications. Set to `1` to enable, `0` to disable. | `1` | + +The JSON structure and property descriptions for `DefaultSanitizationSettings` are identical to the Windows configuration described above. + +>important Managed preferences on macOS require proper MDM enrollment and configuration profile deployment. Test policy application in a non-production environment before enterprise-wide rollout. + +For comprehensive information on deploying managed application configurations, refer to the [Managed Application Policies]({%slug fe-restrict-policies%}) article. + ## See Also - [Security Highlights]({%slug fe-security-highlights%}) From 0e71779bba222aefc86a987b867c463811d82400 Mon Sep 17 00:00:00 2001 From: Nick Iliev Date: Thu, 9 Oct 2025 13:37:19 +0300 Subject: [PATCH 18/18] update the DefaultSanitizationSettings --- security/sanitization.md | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/security/sanitization.md b/security/sanitization.md index d08a2462..60da2e45 100644 --- a/security/sanitization.md +++ b/security/sanitization.md @@ -100,21 +100,21 @@ HKEY_CURRENT_USER\SOFTWARE\Policies\Progress\Fiddler Everywhere The `DefaultSanitizationSettings` value accepts a JSON object with the following optional properties: ```json -{ - "mask": "***SANITIZED***", - "sanitizeUrl": true, - "sanitizeHeaders": true, - "sanitizeCookies": true, - "sanitizeRequestBody": true, - "sanitizeResponseBody": true, - "stripRequestBody": false, - "stripResponseBody": false, - "sanitizeOnSave": false, - "sanitizeOnExport": false, - "sanitizeMcpOutput": true, - "additionalHeaders": ["X-Custom-Auth", "X-Internal-Token"], - "additionalKeywords": ["confidential", "proprietary"], - "additionalRegexes": ["\\b\\d{3}-\\d{2}-\\d{4}\\b"] +{ + "mask": "***SANITIZED***", + "sanitizeUrl": true, + "sanitizeHeaders": true, + "sanitizeCookies": true, + "sanitizeRequestBody": true, + "sanitizeResponseBody": true, + "stripRequestBody": false, + "stripResponseBody": false, + "sanitizeOnSave": false, + "sanitizeOnExport": false, + "sanitizeMcpOutput": true, + "additionalHeaders": "X-Custom-Auth, X-Internal-Token, X-My-Test-Header", + "additionalKeywords": "confidential, proprietary, test", + "additionalRegexes": "\\b\\d{3}-\\d{2}-\\d{4}\\b" } ```