Protect or Hide .Net webservices calls and response in Fiddler

3 posts, 0 answers
  1. Mohammed
    Mohammed avatar
    2 posts
    Member since:
    Aug 2015

    Posted 03 Aug 2015 Link to this post

    In .Net web-service hosting the IIS and used for the desktop  application while login the app the person track and see all the input calls to service and response back into app.

    Then analysis the issue and go through google and got solutions. to make HTTPS or ssl in webservice url.also encrypt and decrypt also doing both client and server side.

    after that i check with fiddler they also tracking the web services call and responses .even they can able to break and run the app using this.

    I was tired and make the protect the webservice calls. and unable to achive the what i need.

    I also attached screenshot below for your reference.

    Guys plz help me...if any otherway to protect the service calls in Fiddler. 

  2. Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 03 Aug 2015 Link to this post

    Hi, Mohammed--

    If you're asking: "How can I prevent a fully-trusted user of my application/PC from tampering with traffic using Fiddler", the answer is essentially that it's not possible to do that, due to how computers work. Serverside code needs to be aware that the client may have tampered with the values and take appropriate precautions.

    See http://stackoverflow.com/questions/15245718/why-make-use-of-https-when-fiddler-can-decrypt-it for some discussion of this topic.

    Regards,
    Eric Lawrence
    Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  3. Mohammed
    Mohammed avatar
    2 posts
    Member since:
    Aug 2015

    Posted 04 Aug 2015 in reply to Eric Lawrence Link to this post

    Thanks Eric ..

    for the quick reply. 

    Yes I accept your point ..actually we are using the .Net webservice and client is Kony mobile framework which one of the cross platform to develope the ios,andriod,windows and desktop. so webservice provide the services for the all apps which developed by the kony.

    We are already security followed in server side like implement the https and encrypt and decrypt the response using AES algorthim.but the they are tracking the response and inputs calls from the service using fiddler.

    client also same encrypt and decrypt there.but fiddler can able to break the HTTPS and even they are breaking the response .

    If any other way to hide the response never shown in fiddler..kindly reply.. 

     

     

     

     

     

     

Back to Top