Reputation: 4607
Isn't HTTPS supposed to encrypt network traffic?
I have succeeded in publishing a website in HTTPS through IIS using this tutorial:
http://www.iis.net/learn/manage/configuring-security/how-to-set-up-ssl-on-iis
Now, even though the digital certificate is not valid since it was issued by my computer, the website supposedly uses HTTPS. However, after I log-into an account, I am still able to see the form data entered using Google Chrome developer tools.
Why is this happening? Isn't HTTPS supposed to encrypt network traffic? How can I solve this problem please?
Upvotes: 1
Views: 563
Answers (2)
Reputation: 15948
It gets encrypted by the secure sockets layer (SSL) before it enters the transport layer. What you see in f12 tool in a browser is what gets sent to the SSL layer. The traffic that gets sent over the wire is captured by tools like fiddler and wireshark.
Upvotes: 0
Reputation: 480
The browser is likely doing some work for you in decrypting it. Try using a tool like Fiddler (http://www.fiddler2.com/fiddler2/) to grab network traffic outside the browser environment. Fiddler also allows you to decrypt HTTPS traffic, but it's not enabled by default.
Upvotes: 3
Related Questions
- How to use HTTPS in an ASP.Net Application
- Request.URL always returns http even though SSL is enabled
- Make website run on HTTPS only
- HTTPS in IIS 5.1
- How do I implement HTTPS in an ASP.NET Project?
- Using HTTPS with IIS and ASP.NET
- How to set up SSL?HTTPs in asp.net
- https and encryption
- Unsecured & secured HTTP
- ASP.NET and HTTPS