A server responds differently to the same request sent from a browser and Fiddler

Question

Opening an URL in an incognito tab of Chrome => the server responds with HTTP 200 OK code and a HTML page.
Replaying the same exact request using Fiddler => the server responds with HTTP 301 redirection to the same URL.
Closing the incognito tab, opening a new one, opening the same URL again => HTTP 200 OK code again...

I've verified that the request being sent from the browser is exactly the same every time you open that URL (well it can't be different because it's just opening an URL in an incognito tab)

How can the server distinguish the same request sent from a browser and from Fiddler? First time I see such issue and I don't have any idea on how to dig deeper here...

The request looks like this:

GET <url> HTTP/1.1
Host: <host>
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding: gzip, deflate, sdch, br
Accept-Language: en-US,en;q=0.8

may be it is because of cookies – Arpit Solanki Jan 08 '17 at 04:41 — Arpit Solanki, Jan 08 '17 at 04:41
The request is exactly the same and there are no cookies – mephisto123 Jan 08 '17 at 04:45 — mephisto123, Jan 08 '17 at 04:45

score 0 · Accepted Answer · edited May 23 '17 at 11:46

It seems this server has dropped the TLSv1.0 support and .NET Framework uses it by default.

There is a detailed answer on how to set the default SSL cipher to TLSv1.2 here: Are there .NET implementation of TLS 1.2?

By the way, it IS possible to enable TLSv1.2 support in .NET 4.0 apps using a registry trick described in one of the answers to that question. That is if the installed IE supports it of course.

A server responds differently to the same request sent from a browser and Fiddler

1 Answers1