Merge pull request #74 from telerik/niliev/warnings

docs: add article about the security dialogs

Author: NickIliev

images/security-dialogs-reset.png

@@ -1,11 +1,10 @@
 ---
-title: 403 Error connecting to localhost
+title: Error 403 connecting to localhost
 slug: 403IIS
 publish: true
-position: 7
+position: 70
 ---
 
-403 Error connecting to localhost
-=================================
+# Error 403 Connecting to localhost
 
 When connecting to http://localhost on a WindowsXP version of IIS, you may see many **HTTP/403** errors.  This is caused by WindowsXP's 10 connection limit.  To reduce the incidence of this problem, ensure that **"Reuse Connections to Servers"** is checked in the **Tools | Fiddler Classic Options | Connections** dialog.

images/security-dialogs.png

@@ -2,15 +2,20 @@
 title: "Unable to bind to port [Localhost: 8888]"
 slug: BindToPortLocalhost8888
 publish: true
-position: 8
+position: 80
 ---
 
-Microsoft ISA Firewall client may cause Fiddler Classic to detach.
-When starting Fiddler Classic under nonadmin account (ordinary User) you may see an error message:
 
-	Unable to bind to port [Localhost: 8888]. This is usually due to another running copy of Fiddler Classic.
-	(An attempt was made to access a socket in a way forbidden by its access permissions)
+# Unable to bind to port Localhost:8888
+
+Microsoft ISA Firewall client may cause Fiddler Classic to detach. When starting Fiddler Classic under nonadmin account (ordinary User) you may see an error message:
+
+```
+Unable to bind to port [Localhost: 8888]. This is usually due to another running copy of Fiddler Classic.
+(An attempt was made to access a socket in a way forbidden by its access permissions)
+```
 
 **Fix:**
-Close Fiddler.
-Using REGEDIT, add a new STRING under **HKCU\Software\Microsoft\Fiddler2** named **ExclusivePort** with value **False**
+- Close the Fiddler Classic application.
+- Open **REGEDIT**
+- Add a new STRING under **HKCU\Software\Microsoft\Fiddler2** named **ExclusivePort** with value **False**.

troubleshoot-fiddler/403iis.md

@@ -2,11 +2,10 @@
 title: Certificate Errors and .NET security exceptions
 slug: CertErrors
 publish: true
-position: 2
+position: 20
 ---
 
-Problem: Certificate errors or .NET security exceptions while capturing traffic
--------------------------------------------------------------------------------
+# Certificate errors or .NET security exceptions while capturing traffic
 
 Solution: 
 ---------

troubleshoot-fiddler/bindtoportlocalhost8888.md

@@ -2,23 +2,27 @@
 title: Configuration system failed to initialize
 slug: ConfigurationSystemError
 publish: true
-position: 4
+position: 40
 ---
 
-#### Fiddler Classic crashes on startup complaining about the "Configuration System":
+# Fiddler Classic crashes on startup complaining about the "Configuration System"
 
+This folowing error message indicates that one of the .NET Framework's configuration files is corrupt. The most common fix for this is to trigger the Windows OS update and install all available .NET Framework updates. If that doesn't work, try re-installing the .NET Framework. If that doesn't work, try editing the file specified in the error message to correct whatever the error message is complaining about.
 
-		Sorry, you may have found a bug...
+```
+Sorry, you may have found a bug...
 
-		Fiddler has encountered an unexpected problem. If you believe this is a bug in Fiddler, please copy this message by hitting CTRL+C, and submit a bug report using the Help | Send Feedback menu.
-		Configuration system failed to initialize
-		Source: System.Configuration
-		at System.Configuration.ConfigurationManager.PrepareConfigSystem()
-		at System.Configuration.ConfigurationManager.GetSection(String sectionName)
+Fiddler has encountered an unexpected problem. If you believe this is a bug in Fiddler, please copy this message by hitting CTRL+C, and submit a bug report using the Help | Send Feedback menu.
+Configuration system failed to initialize
+Source: System.Configuration
+at System.Configuration.ConfigurationManager.PrepareConfigSystem()
+at System.Configuration.ConfigurationManager.GetSection(String sectionName)
 
-		System.Configuration.ConfigurationErrorsException: Unrecognized configuration section system.serviceModel. (c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config line 134)
-		or
+System.Configuration.ConfigurationErrorsException: Unrecognized configuration section system.serviceModel. (c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config line 134)
+```
 
-		System.Configuration.ConfigurationErrorsException: Unrecognized configuration section runtime. (C:\Program Files (x86)\Fiddler2\Fiddler.exe.Config line 2)
+or
 
-This error message indicates that one of the .NET Framework's configuration files is corrupt. The most common fix for this is to visit WindowsUpdate and install all available .NET Framework updates. If that doesn't work, try re-installing the .NET Framework. If that doesn't work, try editing the file specified in the error message to correct whatever the error message is complaining about.
+```
+System.Configuration.ConfigurationErrorsException: Unrecognized configuration section runtime. (C:\Program Files (x86)\Fiddler2\Fiddler.exe.Config line 2)
+```

troubleshoot-fiddler/certerrors.md

@@ -2,14 +2,13 @@
 title: Fiddler exits unexpectedly on startup
 slug: CrashOnStartup
 publish: true
-position: 5
+position: 50
 ---
 
-#### Fiddler Classic Crashes on Startup with an unhelpful message box
+# Fiddler Classic Crashes on Startup with an unhelpful message box
 
 If you see this message box when starting Fiddler:
 
 ![fiddlercrash](../images/fiddlercrash.png)  
 
-
 ...it generally means that your .NET Framework installation is corrupt.  If you uninstall and reinstall the .NET 2.0 Framework, the problem is usually resolved.

troubleshoot-fiddler/configurationsystemerror.md

@@ -2,10 +2,11 @@
 title: No authentication when capturing traffic to local IIS server
 slug: NoLocalAuth
 publish: true
-position: 3
+position: 30
 ---
 
-#### Fiddler's "Automatic Authentication" feature doesn't work when server and client are on the same machine?
+# Fiddler's "Automatic Authentication" feature doesn't work when server and client are on the same machine?
+
 If IIS and the client are on the same machine, then a feature called "Loopback protection" is causing the authentication request to fail because your computer recognizes that it is authenticating to itself, and it is unexpected (due to the proxy).
 
 You'll need to set **DisableLoopbackCheck=1** as described here: [http://support.microsoft.com/kb/926642](http://support.microsoft.com/kb/926642)

troubleshoot-fiddler/crashonstartup.md

@@ -2,18 +2,20 @@
 title: Out-of-Memory exception
 slug: OutOfMemory
 publish: true
-position: 1
+position: 10
 ---
 
-#### Fiddler Classic throws an out-of-memory exception
+# Fiddler Classic throws an out-of-memory exception
 
 Sometimes, Fiddler Classic may show a dialog containing the following text:
 
-	  Exception of type 'System.OutOfMemoryException' was thrown.
-		 at System.IO.MemoryStream.set_Capacity(Int32 value)
-		 at System.IO.MemoryStream.EnsureCapacity(Int32 value)
-		 at System.IO.MemoryStream.Write(Byte[] buffer, Int32 offset, Int32 count)
-		 at Fiddler.Session.Execute(Object objThreadstate)
+```
+Exception of type 'System.OutOfMemoryException' was thrown.
+at System.IO.MemoryStream.set_Capacity(Int32 value)
+at System.IO.MemoryStream.EnsureCapacity(Int32 value)
+at System.IO.MemoryStream.Write(Byte[] buffer, Int32 offset, Int32 count)
+at Fiddler.Session.Execute(Object objThreadstate)
+```
 
 Fiddler Classic works by storing the entire request and response in memory.  If you are performing a huge download (hundreds of megabytes) it's possible that Fiddler Classic cannot find a free memory block large enough to hold the entire contiguous response, and hence you'll run into this "out of memory" problem.  It's also possible that if you have thousands of sessions in the Fiddler Classic session list, even a relatively small memory block will not be available to store a response a few megabytes in size. You can reduce the incidence of this problem by clearing the **Web Sessions** list (CTRL+X) or configuring it to automatically trim to the most recent two hundred sessions (Click the Filters tab, and click the "Keep only the most recent sessions" option at the bottom).
 
@@ -23,6 +25,7 @@ Developers can learn more about this here: [https://blogs.msdn.com/ericlippert/a
 
 If you're on a 32-bit machine, you can avoid out-of-memory errors when downloading huge files by adding the following code inside the **OnPeekAtResponseHeaders** function inside Rules > Customize Rules. The line in red will cause Fiddler Classic not to keep a copy of the large file:
 
+```js
 	// This block enables streaming for files larger than 5mb
 	if (oSession.oResponse.headers.Exists("Content-Length"))
 	{
@@ -37,23 +40,25 @@ If you're on a 32-bit machine, you can avoid out-of-memory errors when downloadi
 		}
 	  }
 	}
+```
 
 If you're using [FiddlerCore](http://fiddler2.com/core) or writing a Fiddler Classic Extension, you can use code like this:
-
-           Fiddler.FiddlerApplication.ResponseHeadersAvailable += delegate(Fiddler.Session oS)
-           {
-              // This block enables streaming for files larger than 5mb
-                if (oS.oResponse.headers.Exists("Content-Length"))
-                {
-                    int iLen = 0;
-                    if (int.TryParse(oS.oResponse["Content-Length"], out iLen))
-                    {
-                        // File larger than 5mb? Don't save its content
-                        if (iLen > 5000000)
-                        {
-                            oS.bBufferResponse = false;
-                            oS["log-drop-response-body"] = "save memory";
-                        }
-                    }
-                }
-            };
+```js
+Fiddler.FiddlerApplication.ResponseHeadersAvailable += delegate(Fiddler.Session oS)
+{
+	// This block enables streaming for files larger than 5mb
+	if (oS.oResponse.headers.Exists("Content-Length"))
+	{
+		int iLen = 0;
+		if (int.TryParse(oS.oResponse["Content-Length"], out iLen))
+		{
+			// File larger than 5mb? Don't save its content
+			if (iLen > 5000000)
+			{
+				oS.bBufferResponse = false;
+				oS["log-drop-response-body"] = "save memory";
+			}
+		}
+	}
+};
+```

troubleshoot-fiddler/nolocalauth.md

@@ -0,0 +1,45 @@
+---
+title: Security Warnings and Consent Dialog
+description: Learn about the security warning that Fiddler can trigger upon different user interactions.
+slug: fc-security-warnings
+publish: true
+position: 5
+---
+
+# Security Warnings and Consent Dialogs in Fiddler Classic
+
+The Fiddler Classic application loads a list of add-ons and extensions on startup or upon user actions (for example, open diff tool in inspectors). Additionally, users can download or create extensions or change the default tools' settings. To guarantee that harmless third-party tools are not loaded, the application automatically checks them, informs the user, and asks for consent to operate. The security dialog has three applicable options as follows:
+
+**Do not allow**: The action will be terminated immediately when chosen. The consent dialog will re-appear upon consecutive interactions of the same type.
+
+**Allow**: When chosen, the action is executed immediately. The consent dialog will appear upon consecutive interactions of the same type.
+
+**Always Allow**: When chosen, the action is executed immediately. The consent dialog will not appear in the future.
+
+![security dialogs in Fiddler Classic](../images/security-dialogs.png)
+
+The consent dialogs in Fiddler Classic are triggered upon the following actions or user interactions:
+
+- During application startup, when the application loads unknown plugins.
+- During application startup, when the application loads unknown inspectors.
+- During application startup, when the application loads unknown transcoders.
+- During application startup, when the application loads unknown extensions.
+- When the user clicks on a menu item that was created.
+- When the user tries to select an app to open a file (session response, autoresponder rule response).
+- When the user tries to edit an autoresponder rule response with the default editor for that file type.
+- When the user tries to compare two sessions with the configured external compare tool in the app settings.
+- When the user tries to edit the FiddlerScript rules with the configured external editor (when different from our FSE), it is also set in app settings.
+- When the user chooses to save a session response and open the file directly (or start it if it is executable).
+- When the user executes a custom context menu action from the image response inspector.
+- When the user tries to open an image with an external editor from the image response inspector.
+- When the user sets a custom tool for some Fiddler functionality such as, such as custom makecert.exe or brotli.exe,
+- When the user chooses to open a session url with a specific browser (browsers are detected using heuristics, so it is not sure that they are installed).
+- During capturing, if the user has specified a custom certificate maker assembly.
+
+## Reset All Consent Dialogs
+
+All consent dialogs in Fiddler Classic can be explicitly reset through the **Tools > Options > Extensions > Reset Allow Security Exceptions**
+
+![Reset security dialogs in Fiddler Classic](../images/security-dialogs-reset.png)
+
+