Configure Fiddler to Authenticate to CBT-Protected Server

  1. Click Rules > Customize Rules.

  2. Scroll to the OnPeekAtResponseHeaders function.

  3. Add the following code:

    static function OnPeekAtResponseHeaders(oSession: Session) 
    {         
        // To avoid problems with Channel-Binding-Tokens, this block allows Fiddler 
        // itself to respond to Authentication challenges from HTTPS Intranet sites. 
        if (oSession.isHTTPS && 
            (oSession.responseCode == 401) && 
            // Only permit auto-auth for local apps (e.g. not devices or remote PCs) 
            (oSession.LocalProcessID > 0) && 
            // Only permit auth to sites we trust 
            (Utilities.isPlainHostName(oSession.hostname) 
          // Replace telerik.com with whatever servers Fiddler should release credentials to.
            || oSession.host.EndsWith("telerik.com"))  
            ) 
        { 
            // To use creds other than your Windows login credentials, 
            // set X-AutoAuth to "domain\\username:password" 
            // Replace default with specific credentials in this format:
          // domain\\username:password. 
            oSession["X-AutoAuth"] = "(default)";    
            oSession["ui-backcolor"] = "pink"; 
        } 
    
    
    //... function continues
    
    • Replace "telerik.com" with whatever servers Fiddler should release credentials to. By default, Fiddler will release credentials to any intranet sites (sites without a dot in the hostname).

    • Replace "default" with specific credentials in this format:

      domain\username:password

    • If you specify "(default)", Fiddler will attempt to use the login credentials of whatever user-account that it is running under.