Reputation: 351
Prevent Application from Fiddler Interception
How I can prevent my HTTPS site from Fiddler interception? As Fiddler can even intercept HTTPS traffic.
Upvotes: 0
Views: 363
Answers (2)
Reputation: 7271
Short answer: there's not a lot you can do.
Long answer: Fiddler intercepts SSL traffic by creating a certificate that looks like the site you are talking to. To do this, the user of Fiddler must install a trusted certificate authority. Once this CA is installed on the Fiddler proxy is able to create "trusted" SSL certificates that look like they come from any site.
If you do not have control over the client infrastructure then there is nothing you can do. If you do, you can prevent people from installing trusted certificate authorities.
Some of the larger sites (www.google.com) are able to implement certificate pinning, but this requires specific application support and is unlikely to work for you.
Upvotes: 0
Reputation: 1038770
There's not much you could do from the website to prevent this from happening. Fiddler runs on the client and if the user has sufficient privileges to run it, this is out of your control as a web developer.
Upvotes: 4
Related Questions
- c# application do not send requests without fiddler
- how to disable the fiddler capturing my web application
- Getting Fiddler to capture remote traffic
- Hide Http(s) traffic made by my application from Fiddler
- Use Fiddler on localhost only
- Https interception by Fiddler
- Seeing web traffic from my C# app in Fiddler
- Capturing traffic by fiddler in .net 4.5
- sniffing and tampering requests and responses of web sites, how prevent?
- Communication security: Fiddler intercepts my talks. How can I secure my app?