Re: How can I configure Fiddler so only HttpRequests with a Proxy username&password are allowed?

[EricLaw]

Can you tell me more about the scenario that you're using Fiddler for?

 

If you click Rules > Require Proxy Authentication, you will find that Fiddler demands a username and password for all clients. However, you'll also see that the credential prompt shows the username and password to the user (since this was for testing, not security).

To mimic this in script, you'd return a HTTP/407 with a Proxy-Authenticate header for any request that lacked a Proxy-Authorization header with the correct credentials.

oResponse.headers.HTTPResponseCode = 407;
oResponse.headers.HTTPResponseStatus = "407 Proxy Auth Required";
oResponse.headers.Add("Connection", "close");
oResponse.headers.Add("Proxy-Authenticate", "Basic realm=\"FiddlerProxy\"");
oResponse.headers.Add("Content-Type", "text/html");

Alternatively, in newer versions of Fiddler, you can change the credentials expected by Fiddler by setting the preference fiddler.proxy.creds to the base64 encoded username:password string. The default value is MToX which is the base64 encoded version of the string 1:1. You can compute the base64 value you need using the Tools > TextWizard feature in Fiddler.

To update the preference, click into the QuickExec box below Fiddler's Web Sessions list and type prefs set fiddler.proxy.creds YOURBASE64StringHere and hit Enter.