Reputation: 119
how to disable the fiddler capturing my web application
i don't want to fiddler capturing my web application activity . i want to make my application more secure like banking site .while using internet banking site the fiddler cannot able to capturing the details. how can i make it by using C#.net in asp.net web application.
Upvotes: 2
Views: 2040
Answers (2)
Reputation: 41
Request.Proxy = New WebProxy()
This blocks the fiddler to set itself as a proxy.
Upvotes: 0
Reputation: 23436
Fiddler can also capture HTTPS traffic if the user accepts the root authority certificate it installs when you enable 'Decrypt HTTPS traffic' in Fiddler Options.
Fiddler acts as a standard HTTP proxy. There is no way you can prevent Fiddler from intercepting and decrypting the traffic if the user chooses so, although Certificate Pinning can make things a bit harder on the Fiddler user.
You could of course use some kind of symmetric encryption to encrypt the payload of your requests, but you'd need to store the key somewhere on the client, making it vulnerable to attackers. See here for more info on JavaScript encryption.
Upvotes: 2
Related Questions
- How do I remedy "The breakpoint will not currently be hit. No symbols have been loaded for this document." warning?
- Deep cloning objects
- How to avoid reverse engineering of an APK file
- Change the selected value of a drop-down list with jQuery
- How can I save application settings in a Windows Forms application?
- Secure hash and salt for PHP passwords
- ASP.NET Web Site or ASP.NET Web Application?
- Why not inherit from List<T>?
- What does a lock statement do under the hood?
- How should I ethically approach user password storage for later plaintext retrieval?