This is a migrated thread and some comments may be shown as answers.

Protect or Hide .Net webservices calls and response in Fiddler

2 Answers 598 Views
Fiddler Classic
This is a migrated thread and some comments may be shown as answers.
Mohammed
Top achievements
Rank 1
Mohammed asked on 03 Aug 2015, 02:03 PM

In .Net web-service hosting the IIS and used for the desktop  application while login the app the person track and see all the input calls to service and response back into app.

Then analysis the issue and go through google and got solutions. to make HTTPS or ssl in webservice url.also encrypt and decrypt also doing both client and server side.

after that i check with fiddler they also tracking the web services call and responses .even they can able to break and run the app using this.

I was tired and make the protect the webservice calls. and unable to achive the what i need.

I also attached screenshot below for your reference.

Guys plz help me...if any otherway to protect the service calls in Fiddler. 

2 Answers, 1 is accepted

Sort by
0
Eric Lawrence
Telerik team
answered on 03 Aug 2015, 09:04 PM
Hi, Mohammed--

If you're asking: "How can I prevent a fully-trusted user of my application/PC from tampering with traffic using Fiddler", the answer is essentially that it's not possible to do that, due to how computers work. Serverside code needs to be aware that the client may have tampered with the values and take appropriate precautions.

See http://stackoverflow.com/questions/15245718/why-make-use-of-https-when-fiddler-can-decrypt-it for some discussion of this topic.

Regards,
Eric Lawrence
Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
0
Mohammed
Top achievements
Rank 1
answered on 04 Aug 2015, 05:43 AM

Thanks Eric ..

for the quick reply. 

Yes I accept your point ..actually we are using the .Net webservice and client is Kony mobile framework which one of the cross platform to develope the ios,andriod,windows and desktop. so webservice provide the services for the all apps which developed by the kony.

We are already security followed in server side like implement the https and encrypt and decrypt the response using AES algorthim.but the they are tracking the response and inputs calls from the service using fiddler.

client also same encrypt and decrypt there.but fiddler can able to break the HTTPS and even they are breaking the response .

If any other way to hide the response never shown in fiddler..kindly reply.. 

 

 

 

 

 

 

Tags
Fiddler Classic
Asked by
Mohammed
Top achievements
Rank 1
Answers by
Eric Lawrence
Telerik team
Mohammed
Top achievements
Rank 1
Share this question
or