Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have several WCF services that each except several parameters. The service uses transport security over https. If fiddler is sniffing on the computer it can see all parameters sent to the service. Is there a way to protect the data?
Yes there is a way: you will not trust Fiddler certificate.
Fiddler works like HTTPS proxy so your client is not connecting with HTTPS to the service but to the Fiddler and Fiddler makes a new HTTPS connection to the service. Because of that Fiddler has all content decrypted.
To allow this scenario your service must trust Fiddler certificate (self-signed) because otherwise your service would refuse the connection to the Fiddler. Once you allowed Fiddler to install its certificate to your certification store it can capture and decrypt messages.