Reputation: 2724
Why can I see information travelling through HTTPS with Fiddler?
I was trying to make a website that require the user to log in to do something, but I want to know the advantage and disadvantage from HTTP and HTTPS first.
I was using a program called Fiddler that allowed you to logs all HTTP(s) traffic between your computer and the Internet
if I try to log in with the program on, I could see the username and the password that I used to log in to the website, even if it's HTTP or HTTPS using fiddler
so what's the use of HTTPS compared with HTTP?
This is what I am thinking.
The browser is supposed to enscrypt the password using the server's public key right? Then the server will descript it with the private key.
But fiddler doesn't know the server's private key. So how can it sees the plain password?
Am I wrong?
Upvotes: 1
Views: 802
Answers (1)
Reputation: 111369
In HTTPS communication is sent over an encrypted channel, while HTTP is sent in plain-text. Most importantly his means that a 3rd party can't read information sent between the server and the browser just by sniffing network traffic, but it has other uses as well, such as ensuring that the server is who it says it is and you are who you say you are with certificates.
Fiddler2 is only able to decipher the traffic with the user's cooperation: the certificates Fiddler presents to the client are only trusted by the browser if you configure your Operating System to trust Fiddler's root certificate.
Upvotes: 2
Related Questions
- Fiddler is not showing HTTPS traffic
- Fiddler fail to access HTTPS page
- Fiddler Web Debugger - why can't I "debug" https requests?
- HTTPS->HTTP via Fiddler
- How does Fiddler work with HTTPS
- HTTPS traffic from SharePoint in Fiddler not available
- Https interception by Fiddler
- Can someone view the data going over https using fiddler?
- Track http reference on https site using fiddler
- Explanation for CONNECT observations using Fiddler for url https://www.fiddler2.com/fiddler2/version.asp