Hello,
In FiddlerScript I am setting x-no-decrypt, and I want to kill the connection after a single request has been sent and its response received. The app that I'm proxying traffic for will then reconnect to re-establish its connection, and, this time round, I don't want to set x-no-decrypt.
How do I do this?
The background is that I'm security auditing an app where the code looks like this:
// connect to HTTPS server
// GET /hello
// check the HTTPS certificate of the server and if it isn't this hard-coded one then throw an exception
// POST /login?username=foo&password=bar
I suspect, and want to demonstrably prove, that the networking library that the app is using will try to be helpful and reconnect the HTTPS connection if it is dropped after the response from the GET is successfully received and before the POST is made. This essentially means that the server certificate check against a hard-coded one is useless, and I want to prove this using Fiddler.
Thanks!
David
In FiddlerScript I am setting x-no-decrypt, and I want to kill the connection after a single request has been sent and its response received. The app that I'm proxying traffic for will then reconnect to re-establish its connection, and, this time round, I don't want to set x-no-decrypt.
How do I do this?
The background is that I'm security auditing an app where the code looks like this:
// connect to HTTPS server
// GET /hello
// check the HTTPS certificate of the server and if it isn't this hard-coded one then throw an exception
// POST /login?username=foo&password=bar
I suspect, and want to demonstrably prove, that the networking library that the app is using will try to be helpful and reconnect the HTTPS connection if it is dropped after the response from the GET is successfully received and before the POST is made. This essentially means that the server certificate check against a hard-coded one is useless, and I want to prove this using Fiddler.
Thanks!
David